> Tous les forums > Forum Sécurité
 virus Net-Worm.Win32.Kido
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
Anonyme
  Posté le 14/07/2009 @ 23:38 
Aller en bas de la page 
Nouvel astucien

Bonsoir tout le monde,

Message pour le Groupe Sécurité,

j'ai recu quatres rapports en mp d'un astucien " sssscooter " qui est méchamment infecté..pour x raisons, par exemple: IE6 et kaspersky 7 alors que l'on est 8 et 9 (donc un systeme trés perméable)

et le russe a réusssi a faire le mênage

virus Net-Worm.Win32.Kido.ih Le fichier: H:\Autorun.inf

je vous poste les rapport RSIT et malwarebytes et sur lequel le demandeur n'a rien supprimer encore, des indésirables dans la restoration systeme, et d'autres ailleur..

maintenant il faut que vous sachiez que si j'ai bien vu ce n'est pas une version officielle de Windows, version modifiée...

a vous de voir si je me trompe ou pas et si vous désirez accepter ce demandeur

@+



Modifié par Anonyme le 15/07/2009 10:47
Publicité
Anonyme
 Posté le 14/07/2009 à 23:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

premiere partie RSIT

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrator at 2009-07-14 19:25:41

Microsoft Windows XP Professional Service Pack 2

System drive C: has 25 GB (85%) free of 30 GB

Total RAM: 958 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:25:49, on 14/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\LClock\LClock.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\Program Files\Yahoo!\Messenger\yupdater.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\DAP\DAP.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

D:\mobile quran\RSIT.exe

C:\Program Files\trend micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [LClock] C:\WINDOWS\LClock\LClock.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')

O4 - .DEFAULT User Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (User 'Default user')

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--

End of file - 8539 bytes

Anonyme
 Posté le 14/07/2009 à 23:44 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-13 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-09 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-07 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-07-09 140888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-09 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LClock"=C:\WINDOWS\LClock\LClock.exe [2005-11-25 65536]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]

"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2007-06-11 176128]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-13 39408]

"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-19 3084288]

"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2009-07-09 2754048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

C:\Program Files\DAP\DAP.EXE [2009-07-09 2754048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4300 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAR.EXE [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2008-01-21 7114752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [2009-07-09 1443432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareCease.exe]

C:\Program Files\Spyware Cease\SpywareCease.exe [2009-05-18 6242608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-07 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]

C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-08-19 3084288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]

[]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]

C:\WINDOWS\system32\LogonDll.dll [2007-10-25 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoSMHelp"=1

"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"

"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"

"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ Library"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be9da96c-6ad1-11de-95ad-806d6172696f}]

shell\AutoRun\command - G:\autorun.exe

======List of files/folders created in the last 3 months======

2009-07-14 18:56:51 ----D---- C:\Program Files\trend micro

2009-07-14 18:56:50 ----D---- C:\rsit

2009-07-14 18:55:46 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2009-07-14 18:55:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-07-14 18:55:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-14 16:57:57 ----A---- C:\WINDOWS\NeroDigital.ini

2009-07-14 16:57:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic

2009-07-14 16:00:01 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM

2009-07-14 01:34:48 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-07-09 18:57:49 ----D---- C:\Documents and Settings\Administrator\Application Data\ICQ

2009-07-09 18:54:58 ----D---- C:\Program Files\ICQ6.5

2009-07-09 18:06:57 ----D---- C:\Program Files\PConPoint

2009-07-09 16:37:40 ----D---- C:\Documents and Settings\Administrator\Application Data\SpeedBit

2009-07-09 16:37:11 ----D---- C:\Program Files\SpeedOptimizer

2009-07-09 16:31:55 ----D---- C:\Program Files\SpeedBit Video Accelerator

2009-07-09 16:31:10 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe

2009-07-09 16:03:21 ----D---- C:\Program Files\SpeedBit Video Downloader

2009-07-09 14:52:19 ----D---- C:\Program Files\Foxit Software

2009-07-09 14:26:27 ----D---- C:\VundoFix Backups

2009-07-09 14:26:27 ----A---- C:\VundoFix.txt

2009-07-09 12:33:27 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia

2009-07-07 15:22:35 ----D---- C:\Program Files\Error Repair Professional

2009-07-07 15:21:28 ----D---- C:\Program Files\Skype

2009-07-07 15:21:26 ----D---- C:\Program Files\Common Files\Skype

2009-07-07 13:39:26 ----A---- C:\WINDOWS\system32\LogonDll.dll

2009-07-07 13:39:21 ----D---- C:\Program Files\Faronics

2009-07-07 12:59:00 ----D---- C:\Program Files\Spyware Cease

2009-07-07 10:55:56 ----D---- C:\Program Files\NeroInstall.bak

2009-07-07 10:53:59 ----D---- C:\Documents and Settings\Administrator\Application Data\Nero

2009-07-07 10:52:58 ----A---- C:\WINDOWS\system32\MsiExec.exe.log

2009-07-07 10:50:05 ----D---- C:\Program Files\Nero

2009-07-07 10:50:05 ----D---- C:\Program Files\Common Files\Nero

2009-07-07 10:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\Nero

2009-07-07 10:48:08 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2009-07-07 10:48:07 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2009-07-07 10:48:05 ----D---- C:\WINDOWS\system32\DirectX

2009-07-07 10:37:51 ----D---- C:\WINDOWS\pss

2009-07-07 10:32:29 ----SHD---- C:\RECYCLER

2009-07-07 10:30:09 ----D---- C:\Documents and Settings\All Users\Application Data\UDL

2009-07-07 10:26:15 ----A---- C:\WINDOWS\system32\PICSDK2.dll

2009-07-07 10:26:15 ----A---- C:\WINDOWS\system32\PICSDK.ini

2009-07-07 10:26:15 ----A---- C:\WINDOWS\system32\PICSDK.dll

2009-07-07 10:26:15 ----A---- C:\WINDOWS\system32\PICEntry.dll

2009-07-07 10:26:15 ----A---- C:\WINDOWS\system32\EpPicPrt.dll

2009-07-07 10:26:14 ----A---- C:\WINDOWS\system32\EPPicMgr.dll

2009-07-07 10:26:12 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield

2009-07-07 10:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON

2009-07-07 10:25:31 ----A---- C:\WINDOWS\system32\E_DCINST.DLL

2009-07-07 10:25:30 ----A---- C:\WINDOWS\system32\E_FLBCAR.DLL

2009-07-07 10:25:30 ----A---- C:\WINDOWS\system32\E_FD4BCAR.DLL

2009-07-07 10:24:11 ----D---- C:\Program Files\epson

2009-07-07 10:24:10 ----A---- C:\WINDOWS\system32\eswiaml.dll

2009-07-07 10:24:10 ----A---- C:\WINDOWS\system32\eswia7e.dll

2009-07-07 10:24:10 ----A---- C:\WINDOWS\system32\esint7e.dll

2009-07-07 10:23:49 ----A---- C:\WINDOWS\CDE CX4300ERUk.ini

2009-07-07 10:20:39 ----A---- C:\WINDOWS\ODBC.INI

2009-07-07 10:18:22 ----D---- C:\Program Files\Common Files\DESIGNER

2009-07-07 10:18:12 ----D---- C:\WINDOWS\SHELLNEW

2009-07-07 10:17:42 ----D---- C:\Program Files\Microsoft.NET

2009-07-07 10:17:42 ----D---- C:\Program Files\Microsoft Office

2009-07-07 10:16:12 ----RHD---- C:\MSOCache

2009-07-07 10:02:28 ----A---- C:\WINDOWS\system32\h323log.txt

2009-07-07 10:00:57 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-07-07 10:00:55 ----A---- C:\WINDOWS\system32\ksuser.dll

2009-07-07 09:59:17 ----A---- C:\WINDOWS\system32\usbui.dll

2009-07-07 09:58:37 ----D---- C:\WINDOWS\cwcdata

2009-07-07 09:56:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-07-07 09:56:56 ----SHD---- C:\WINDOWS\Installer

2009-07-07 09:56:56 ----D---- C:\Program Files\Common Files\ODBC

2009-07-07 09:56:56 ----A---- C:\WINDOWS\ODBCINST.INI

2009-07-07 09:56:53 ----D---- C:\Program Files\Common Files\SpeechEngines

2009-07-07 09:56:52 ----RD---- C:\Program Files

2009-07-07 09:56:52 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-07-07 09:56:52 ----D---- C:\Program Files\Common Files

2009-07-07 09:56:51 ----RA---- C:\WINDOWS\system32\kbdarmw.dll

2009-07-07 09:56:51 ----RA---- C:\WINDOWS\system32\kbdarme.dll

2009-07-07 09:56:51 ----A---- C:\WINDOWS\system32\Thawbrkr.dll

2009-07-07 09:56:48 ----RA---- C:\WINDOWS\system32\kbdurdu.dll

2009-07-07 09:56:48 ----RA---- C:\WINDOWS\system32\kbdfa.dll

2009-07-07 09:56:48 ----RA---- C:\WINDOWS\system32\kbda3.dll

2009-07-07 09:56:48 ----RA---- C:\WINDOWS\system32\kbda2.dll

2009-07-07 09:56:48 ----RA---- C:\WINDOWS\system32\kbda1.dll

2009-07-07 09:56:48 ----A---- C:\WINDOWS\system32\kbdusa.dll

2009-07-07 09:56:36 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-07-07 09:56:36 ----A---- C:\WINDOWS\system32\irclass.dll

2009-07-07 09:56:36 ----A---- C:\WINDOWS\system32\dgsetup.dll

2009-07-07 09:56:36 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2009-07-07 09:56:35 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2009-07-07 09:56:34 ----N---- C:\WINDOWS\system32\CONFIG.TMP

2009-07-07 09:56:34 ----A---- C:\WINDOWS\TASKMAN.EXE

2009-07-07 09:56:33 ----A---- C:\WINDOWS\system32\batt.dll

2009-07-07 09:56:33 ----A---- C:\WINDOWS\NOTEPAD.EXE

2009-07-07 09:56:32 ----A---- C:\WINDOWS\system32\storprop.dll

2009-07-07 09:56:24 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini

2009-07-07 09:54:18 ----RA---- C:\WINDOWS\SET8.tmp

2009-07-07 09:54:16 ----RA---- C:\WINDOWS\SET4.tmp

2009-07-07 09:54:15 ----RA---- C:\WINDOWS\SET3.tmp

2009-07-07 09:54:10 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-07 09:54:10 ----D---- C:\WINDOWS\system32\CatRoot

2009-07-07 09:54:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-07-07 09:53:48 ----D---- C:\Documents and Settings

2009-07-07 09:53:47 ----SHD---- C:\System Volume Information

2009-07-07 09:53:43 ----D---- C:\Program Files\Kaspersky Lab

2009-07-07 09:53:43 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-07-07 09:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-07-07 09:53:05 ----SH---- C:\boot.ini

2009-07-07 09:52:14 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-07-07 09:52:09 ----D---- C:\Program Files\MSN Messenger

2009-07-07 09:49:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Google

2009-07-07 09:49:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-07-07 09:49:09 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedBit

2009-07-07 09:49:06 ----A---- C:\WINDOWS\system32\wbhelp2.dll

2009-07-07 09:49:03 ----D---- C:\Program Files\DAP

2009-07-07 09:48:45 ----RSD---- C:\WINDOWS\Fonts

2009-07-07 09:48:45 ----RD---- C:\WINDOWS\Web

2009-07-07 09:48:45 ----HD---- C:\WINDOWS\inf

2009-07-07 09:48:45 ----D---- C:\WINDOWS\WinSxS

2009-07-07 09:48:45 ----D---- C:\WINDOWS\twain_32

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Temp

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\wins

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\wbem

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\usmt

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\spool

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\ShellExt

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\Setup

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\ras

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\PreInstall

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\OpenExpert

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\npp

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\mui

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\inetsrv

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\IME

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\icsxml

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\ias

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\export

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\drivers

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\dhcp

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\config

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\3com_dmi

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\3076

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\2052

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1054

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1042

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1041

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1037

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1033

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1031

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1028

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32\1025

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system32

2009-07-07 09:48:45 ----D---- C:\WINDOWS\system

2009-07-07 09:48:45 ----D---- C:\WINDOWS\SoftwareDistribution

2009-07-07 09:48:45 ----D---- C:\WINDOWS\security

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Resources

2009-07-07 09:48:45 ----D---- C:\WINDOWS\repair

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Provisioning

2009-07-07 09:48:45 ----D---- C:\WINDOWS\PeerNet

2009-07-07 09:48:45 ----D---- C:\WINDOWS\pchealth

2009-07-07 09:48:45 ----D---- C:\WINDOWS\OEMDIR

2009-07-07 09:48:45 ----D---- C:\WINDOWS\mui

2009-07-07 09:48:45 ----D---- C:\WINDOWS\msapps

2009-07-07 09:48:45 ----D---- C:\WINDOWS\msagent

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Media

2009-07-07 09:48:45 ----D---- C:\WINDOWS\LClock

2009-07-07 09:48:45 ----D---- C:\WINDOWS\java

2009-07-07 09:48:45 ----D---- C:\WINDOWS\ime

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Help

2009-07-07 09:48:45 ----D---- C:\WINDOWS\ehome

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Driver Cache

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Debug

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Cursors

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Connection Wizard

2009-07-07 09:48:45 ----D---- C:\WINDOWS\Config

2009-07-07 09:48:45 ----D---- C:\WINDOWS\AppPatch

2009-07-07 09:48:45 ----D---- C:\WINDOWS\addonsql

2009-07-07 09:48:45 ----D---- C:\WINDOWS\addins

2009-07-07 09:48:45 ----D---- C:\WINDOWS

2009-07-07 09:47:29 ----D---- C:\Program Files\SuperCopier2

2009-07-07 09:44:16 ----D---- C:\Program Files\Yahoo!

2009-07-07 09:44:15 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype

2009-07-07 09:44:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2009-07-07 09:44:10 ----D---- C:\Program Files\Google

2009-07-07 09:44:01 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

2009-07-07 09:43:39 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-07-07 09:43:11 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun

2009-07-07 09:42:52 ----A---- C:\WINDOWS\system32\unrar.dll

2009-07-07 09:42:50 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2009-07-07 09:42:48 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2009-07-07 09:42:48 ----A---- C:\WINDOWS\system32\dpl100.dll

2009-07-07 09:42:48 ----A---- C:\WINDOWS\system32\divx.dll

2009-07-07 09:42:47 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2009-07-07 09:42:47 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2009-07-07 09:42:46 ----D---- C:\Program Files\K-Lite Codec Pack

2009-07-07 09:42:46 ----A---- C:\WINDOWS\system32\msvcr71.dll

2009-07-07 09:39:27 ----RA---- C:\WINDOWS\system32\vuins32.dll

2009-07-07 09:37:55 ----RA---- C:\WINDOWS\system32\VTTimer.exe

2009-07-07 09:37:55 ----RA---- C:\WINDOWS\system32\VModes.exe

2009-07-07 09:37:55 ----RA---- C:\WINDOWS\system32\S3Trayp.exe

2009-07-07 09:37:55 ----RA---- C:\WINDOWS\system32\S3iset32.dll

2009-07-07 09:37:55 ----RA---- C:\WINDOWS\system32\S3Cfg3d.dll

2009-07-07 09:37:54 ----RA---- C:\WINDOWS\system32\S3ovrlay.dll

2009-07-07 09:37:54 ----RA---- C:\WINDOWS\system32\S3minset.exe

2009-07-07 09:37:54 ----RA---- C:\WINDOWS\system32\S3Info2.dll

2009-07-07 09:37:53 ----RA---- C:\WINDOWS\system32\S3Gamma2.dll

2009-07-07 09:37:53 ----RA---- C:\WINDOWS\system32\S3Disply.dll

2009-07-07 09:37:50 ----RA---- C:\WINDOWS\system32\s3gIGPgl.dll

2009-07-07 09:37:49 ----RA---- C:\WINDOWS\system32\s3ginv.dll

2009-07-07 09:37:49 ----RA---- C:\WINDOWS\system32\S3gIGP.dll

2009-07-07 09:37:43 ----D---- C:\Program Files\S3

2009-07-07 09:36:32 ----HD---- C:\Program Files\InstallShield Installation Information

2009-07-07 09:34:30 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-07-07 09:34:16 ----D---- C:\Program Files\VIA

2009-07-07 09:34:15 ----N---- C:\WINDOWS\system32\difxapi.dll

2009-07-07 09:33:33 ----D---- C:\WINDOWS\system32\Tools

2009-07-07 09:33:25 ----D---- C:\Program Files\Common Files\InstallShield

2009-07-07 09:23:26 ----A---- C:\WINDOWS\system32\chtbrkr.dll

2009-07-07 09:23:26 ----A---- C:\WINDOWS\system32\chsbrkr.dll

2009-07-07 09:23:25 ----A---- C:\WINDOWS\system32\korwbrkr.dll

2009-07-07 09:23:24 ----A---- C:\WINDOWS\system32\msir3jp.dll

2009-07-07 09:23:01 ----A---- C:\WINDOWS\system32\kbd101a.dll

2009-07-07 09:23:01 ----A---- C:\WINDOWS\system32\c_g18030.dll

2009-07-07 09:22:45 ----A---- C:\WINDOWS\system32\kbdnecNT.dll

2009-07-07 09:22:45 ----A---- C:\WINDOWS\system32\kbdnecAT.dll

2009-07-07 09:22:45 ----A---- C:\WINDOWS\system32\kbdnec95.dll

2009-07-07 09:22:45 ----A---- C:\WINDOWS\system32\kbdlk41j.dll

2009-07-07 09:22:45 ----A---- C:\WINDOWS\system32\kbdlk41a.dll

2009-07-07 09:22:45 ----A---- C:\WINDOWS\system32\f3ahvoas.dll

2009-07-07 09:22:44 ----A---- C:\WINDOWS\system32\kbdibm02.dll

2009-07-07 09:22:44 ----A---- C:\WINDOWS\system32\kbdax2.dll

2009-07-07 09:22:44 ----A---- C:\WINDOWS\system32\kbd106n.dll

2009-07-07 09:22:44 ----A---- C:\WINDOWS\system32\kbd101.dll

2009-07-07 09:22:17 ----A---- C:\WINDOWS\system32\c_is2022.dll

2009-07-07 09:22:13 ----A---- C:\WINDOWS\system32\uniime.dll

2009-07-07 09:22:04 ----A---- C:\WINDOWS\system32\imjp81k.dll

2009-07-07 09:22:00 ----A---- C:\WINDOWS\system32\kbdjpn.dll

2009-07-07 09:22:00 ----A---- C:\WINDOWS\system32\kbd106.dll

2009-07-07 09:22:00 ----A---- C:\WINDOWS\system32\kbd103.dll

2009-07-07 09:22:00 ----A---- C:\WINDOWS\system32\kbd101c.dll

2009-07-07 09:22:00 ----A---- C:\WINDOWS\system32\kbd101b.dll

2009-07-07 09:15:08 ----D---- C:\Documents and Settings\Administrator\Application Data\Rainlendar

2009-07-07 09:14:58 ----A---- C:\WINDOWS\system32\wmpns.dll

2009-07-07 09:14:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities

2009-07-07 09:14:55 ----HD---- C:\Program Files\Uninstall Information

2009-07-07 09:12:11 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini

2009-07-07 09:12:09 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2009-07-07 09:12:09 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla

2009-07-07 09:11:55 ----SD---- C:\WINDOWS\system32\Microsoft

2009-07-07 09:11:55 ----D---- C:\WINDOWS\Prefetch

2009-07-07 09:10:23 ----D---- C:\Program Files\WinRAR

2009-07-07 09:10:22 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-07-07 09:10:19 ----D---- C:\Program Files\µTorrent

2009-07-07 09:10:18 ----D---- C:\Program Files\Rainlendar

2009-07-07 09:10:15 ----D---- C:\Program Files\CPU-Z

2009-07-07 09:10:09 ----A---- C:\WINDOWS\UninstallFirefox.exe

2009-07-07 09:10:06 ----D---- C:\Program Files\Alex Feinman

2009-07-07 09:10:04 ----D---- C:\Program Files\Mozilla Firefox

2009-07-07 09:09:57 ----D---- C:\Program Files\7-Zip

2009-07-07 09:09:54 ----A---- C:\WINDOWS\system32\javaws.exe

2009-07-07 09:09:54 ----A---- C:\WINDOWS\system32\javaw.exe

2009-07-07 09:09:54 ----A---- C:\WINDOWS\system32\java.exe

2009-07-07 09:09:33 ----D---- C:\Program Files\Java

2009-07-07 09:09:32 ----D---- C:\Program Files\Common Files\Java

2009-07-07 09:08:36 ----RSD---- C:\WINDOWS\assembly

2009-07-07 09:08:36 ----D---- C:\WINDOWS\Microsoft.NET

2009-07-07 09:08:35 ----D---- C:\WINDOWS\system32\URTTemp

2009-07-07 09:07:50 ----A---- C:\WINDOWS\control.ini

2009-07-07 09:07:50 ----A---- C:\AUTOEXEC.BAT

2009-07-07 09:07:34 ----A---- C:\WINDOWS\system32\mapi32.dll

2009-07-07 09:06:27 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-07-07 09:06:27 ----RD---- C:\WINDOWS\Offline Web Pages

2009-07-07 09:06:27 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-07-07 09:06:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-07-07 09:06:15 ----HD---- C:\Program Files\WindowsUpdate

2009-07-07 09:06:12 ----D---- C:\Program Files\Online Services

2009-07-07 09:05:57 ----A---- C:\WINDOWS\system32\desktop.ini

2009-07-07 09:05:57 ----A---- C:\WINDOWS\system32\atrace.dll

2009-07-07 09:05:57 ----A---- C:\WINDOWS\desktop.ini

2009-07-07 09:05:53 ----D---- C:\Program Files\Common Files\Services

2009-07-07 09:05:53 ----A---- C:\WINDOWS\system32\acctres.dll

2009-07-07 09:05:51 ----SD---- C:\WINDOWS\Tasks

2009-07-07 09:05:51 ----A---- C:\WINDOWS\system32\icfgnt5.dll

2009-07-07 09:05:50 ----D---- C:\Program Files\Common Files\MSSoap

2009-07-07 09:05:47 ----D---- C:\WINDOWS\srchasst

2009-07-07 09:05:46 ----D---- C:\WINDOWS\system32\Macromed

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wups.dll

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wucltui.dll

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wuauserv.dll

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wuaueng.dll

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wuauclt.exe

2009-07-07 09:05:43 ----A---- C:\WINDOWS\system32\wuapi.dll

2009-07-07 09:05:42 ----A---- C:\WINDOWS\system32\safrslv.dll

2009-07-07 09:05:42 ----A---- C:\WINDOWS\system32\safrdm.dll

2009-07-07 09:05:42 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2009-07-07 09:05:42 ----A---- C:\WINDOWS\system32\qmgr.dll

2009-07-07 09:05:42 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2009-07-07 09:05:42 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2009-07-07 09:05:41 ----A---- C:\WINDOWS\system32\safrcdlg.dll

2009-07-07 09:05:41 ----A---- C:\WINDOWS\system32\racpldlg.dll

2009-07-07 09:05:38 ----D---- C:\WINDOWS\system32\Restore

2009-07-07 09:05:38 ----A---- C:\WINDOWS\system32\srsvc.dll

2009-07-07 09:05:38 ----A---- C:\WINDOWS\system32\srrstr.dll

2009-07-07 09:05:38 ----A---- C:\WINDOWS\system32\srclient.dll

2009-07-07 09:05:38 ----A---- C:\WINDOWS\system32\msoert2.dll

2009-07-07 09:05:38 ----A---- C:\WINDOWS\system32\fltMc.exe

2009-07-07 09:05:38 ----A---- C:\WINDOWS\system32\fltlib.dll

2009-07-07 09:05:37 ----A---- C:\WINDOWS\system32\msoeacct.dll

2009-07-07 09:05:37 ----A---- C:\WINDOWS\system32\inetres.dll

2009-07-07 09:05:36 ----A---- C:\WINDOWS\system32\inetcomm.dll

2009-07-07 09:05:35 ----D---- C:\Program Files\Outlook Express

2009-07-07 09:05:35 ----A---- C:\WINDOWS\system32\schedsvc.dll

2009-07-07 09:05:35 ----A---- C:\WINDOWS\system32\mstinit.exe

2009-07-07 09:05:34 ----A---- C:\WINDOWS\system32\mstask.dll

2009-07-07 09:05:34 ----A---- C:\WINDOWS\system32\isign32.dll

2009-07-07 09:05:34 ----A---- C:\WINDOWS\system32\inetcfg.dll

2009-07-07 09:05:34 ----A---- C:\WINDOWS\system32\icwphbk.dll

2009-07-07 09:05:34 ----A---- C:\WINDOWS\system32\icwdial.dll

2009-07-07 09:05:29 ----D---- C:\Program Files\Common Files\System

2009-07-07 09:05:28 ----D---- C:\Program Files\Internet Explorer

2009-07-07 09:04:48 ----D---- C:\Program Files\ComPlus Applications

2009-07-07 09:04:46 ----A---- C:\WINDOWS\vbaddin.ini

2009-07-07 09:04:46 ----A---- C:\WINDOWS\vb.ini

2009-07-07 09:04:42 ----D---- C:\WINDOWS\Registration

2009-07-07 09:04:28 ----D---- C:\Program Files\Windows Media Connect 2

2009-07-07 09:04:27 ----D---- C:\Program Files\Unlocker

2009-07-07 09:04:26 ----D---- C:\Program Files\Foxit

2009-07-07 09:04:23 ----D---- C:\Program Files\CCleaner

2009-07-07 09:04:22 ----D---- C:\Program Files\Windows Media Player

2009-07-07 09:04:20 ----A---- C:\WINDOWS\system32\write.exe

2009-07-07 09:04:15 ----A---- C:\WINDOWS\system32\winchat.exe

2009-07-07 09:04:15 ----A---- C:\WINDOWS\system32\sndvol32.exe

2009-07-07 09:04:15 ----A---- C:\WINDOWS\system32\hticons.dll

2009-07-07 09:04:15 ----A---- C:\WINDOWS\system32\avwav.dll

2009-07-07 09:04:15 ----A---- C:\WINDOWS\system32\avtapi.dll

2009-07-07 09:04:15 ----A---- C:\WINDOWS\system32\avmeter.dll

2009-07-07 09:04:10 ----A---- C:\WINDOWS\system32\getuname.dll

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\tslabels.ini

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\tskill.exe

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\tscon.exe

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\reset.exe

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\charmap.exe

2009-07-07 09:04:09 ----A---- C:\WINDOWS\system32\calc.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\shadow.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\rwinsta.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\regini.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\qwinsta.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\qappsrv.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\msg.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\logoff.exe

2009-07-07 09:04:08 ----A---- C:\WINDOWS\system32\cdmodem.dll

2009-07-07 09:04:07 ----A---- C:\WINDOWS\system32\stclient.dll

2009-07-07 09:04:07 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2009-07-07 09:04:07 ----A---- C:\WINDOWS\system32\mtxex.dll

2009-07-07 09:04:07 ----A---- C:\WINDOWS\system32\mtxdm.dll

2009-07-07 09:04:07 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2009-07-07 09:04:07 ----A---- C:\WINDOWS\system32\comrepl.dll

2009-07-07 09:04:07 ----A---- C:\WINDOWS\system32\comaddin.dll

2009-07-07 09:04:06 ----A---- C:\WINDOWS\system32\comsnap.dll

2009-07-07 09:04:02 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2009-07-07 09:04:01 ----D---- C:\Program Files\Windows NT

2009-07-07 09:04:01 ----A---- C:\WINDOWS\system32\sndrec32.exe

2009-07-07 09:04:01 ----A---- C:\WINDOWS\system32\mplay32.exe

2009-07-07 09:04:01 ----A---- C:\WINDOWS\system32\hypertrm.dll

2009-07-07 09:04:01 ----A---- C:\WINDOWS\system32\accwiz.exe

2009-07-07 09:04:00 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2009-07-07 09:04:00 ----A---- C:\WINDOWS\system32\mspaint.exe

2009-07-07 09:04:00 ----A---- C:\WINDOWS\system32\clipbrd.exe

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\tscupgrd.exe

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\termsrv.dll

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\sessmgr.exe

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\remotepg.dll

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\rdshost.exe

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\rdchost.dll

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\mstscax.dll

2009-07-07 09:03:59 ----A---- C:\WINDOWS\system32\mstsc.exe

2009-07-07 09:03:58 ----D---- C:\WINDOWS\system32\MsDtc

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\rdpclip.exe

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\qprocess.exe

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\mtxoci.dll

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\icaapi.dll

2009-07-07 09:03:58 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2009-07-07 09:03:57 ----A---- C:\WINDOWS\system32\xolehlp.dll

2009-07-07 09:03:57 ----A---- C:\WINDOWS\system32\msdtctm.dll

2009-07-07 09:03:57 ----A---- C:\WINDOWS\system32\msdtclog.dll

2009-07-07 09:03:57 ----A---- C:\WINDOWS\system32\msdtc.exe

2009-07-07 09:03:56 ----D---- C:\WINDOWS\system32\Com

2009-07-07 09:03:56 ----A---- C:\WINDOWS\system32\comsvcs.dll

2009-07-07 09:03:56 ----A---- C:\WINDOWS\system32\colbact.dll

2009-07-07 09:03:56 ----A---- C:\WINDOWS\system32\clbcatex.dll

2009-07-07 09:03:56 ----A---- C:\WINDOWS\system32\catsrvut.dll

2009-07-07 09:03:56 ----A---- C:\WINDOWS\system32\catsrvps.dll

2009-07-07 09:03:56 ----A---- C:\WINDOWS\system32\catsrv.dll

2009-07-07 09:03:55 ----A---- C:\WINDOWS\system32\comuid.dll

2009-07-07 09:03:55 ----A---- C:\WINDOWS\system32\clbcatq.dll

2009-07-07 09:03:50 ----A---- C:\WINDOWS\system32\servdeps.dll

2009-07-07 09:03:50 ----A---- C:\WINDOWS\system32\mmfutil.dll

2009-07-07 09:03:50 ----A---- C:\WINDOWS\system32\licwmi.dll

2009-07-07 09:03:50 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 3 months======

2009-07-14 01:50:23 ----A---- C:\WINDOWS\win.ini

2009-07-14 01:50:23 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2005-10-15 36096]

R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

R3 cwcspud;Crystal SoundFusion(tm) Driver; C:\WINDOWS\system32\drivers\cwcspud.sys [2001-08-17 111872]

R3 cwcwdm;Crystal SoundFusion(tm) WDM Driver; C:\WINDOWS\system32\drivers\cwcwdm.sys [2001-08-17 93952]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-10-13 138752]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-11 714240]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-23 27008]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2005-10-15 57856]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2007-10-16 208384]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-10-15 31744]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]

S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2008-02-08 227856]

R2 DF5Serv;DF5Serv; C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe [2007-10-25 430080]

R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-07 152984]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe [2009-07-09 300656]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-13 182768]

S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2005-09-02 163840]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-11-24 38912]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

Anonyme
 Posté le 15/07/2009 à 00:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:17, on 14/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\LClock\LClock.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\Program Files\Yahoo!\Messenger\yupdater.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\DAP\DAP.EXE

D:\mobile quran\mbam-setup.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-06498.tmp\mbam-setup.tmp

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

D:\mobile quran\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [LClock] C:\WINDOWS\LClock\LClock.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')

O4 - .DEFAULT User Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (User 'Default user')

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--

End of file - 8632 bytes

Rapport Malwarebytes

Malwarebytes' Anti-Malware 1.39

Version de la base de données: 2428

Windows 5.1.2600 Service Pack 2

14/07/2009 19:36:21

mbam-log-2009-07-14 (19-36-05).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)

Eléments examinés: 124213

Temps écoulé: 31 minute(s), 10 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 5

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 4

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 28

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware cease_is1 (Rogue.SpywareCease) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Spyware Cease (Rogue.SpywareCease) -> No action taken.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):

C:\Program Files\Spyware Cease (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\update (Rogue.SpywareCease) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Cease (Rogue.SpywareCease) -> No action taken.

Fichier(s) infecté(s):

c:\program files\spyware cease\update\SpywareCease_Setup.exe (Rogue.SpywareCease) -> No action taken.

c:\system volume information\_restore{446b645f-87df-4557-b079-fbd568e8efa9}\RP12\A0000267.exe (Rogue.SpywareCease) -> No action taken.

c:\WINDOWS\system32\FlushCode.exe (Trojan.Downloader) -> No action taken.

c:\WINDOWS\system32\drivers\RKHit.sys (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\AutoUpdate.exe (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\DefendLog.txt (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\hrdb.hrl (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\ls.dat (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\LSR.lsr (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\md5.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\mtools.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\networkdll.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\opfile.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\rgp.tmp (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\RkHitApi.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\SFL.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\spkdll.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\SpywareCease.chm (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\SpywareCease.exe (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\SpywareCease.url (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\swdb.ssk (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\unins000.dat (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\unins000.exe (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\zlib1.dll (Rogue.SpywareCease) -> No action taken.

c:\program files\spyware cease\update\Update.ini (Rogue.SpywareCease) -> No action taken.

c:\documents and settings\all users\start menu\Programs\spyware cease\Spyware Cease on the Web.lnk (Rogue.SpywareCease) -> No action taken.

c:\documents and settings\all users\start menu\Programs\spyware cease\Spyware Cease.lnk (Rogue.SpywareCease) -> No action taken.

c:\documents and settings\all users\start menu\Programs\spyware cease\Uninstall Spyware Cease.lnk (Rogue.SpywareCease) -> No action taken.

rapport kaspersky (version obsoléte,

découvert : application présentant un risque potentiel Hidden install Le processus: C:\Documents and Settings\Administrator\Local Settings\Temp\fox17.tmp\Foxit Reader Setup.exe

supprimé : virus Net-Worm.Win32.Kido.ih Le fichier: H:\Autorun.inf

supprimé : virus Virus.Win32.Sality.aa Le fichier: \\P06\SharedDocs\camfrog.exe

découvert : application présentant un risque potentiel Hidden install Le processus: C:\Program Files\Yahoo!\Messenger\yupdater.exe

découvert : application présentant un risque potentiel Invader Le processus: C:\WINDOWS\system32\svchost.exe

découvert : application présentant un risque potentiel not-a-virus:RiskTool.Win32.Reboot.g Le fichier: C:\System Volume Information\_restore{446B645F-87DF-4557-B079-FBD568E8EFA9}\RP10\A0000191.exe

découvert : application présentant un risque potentiel not-a-virus:RiskTool.Win32.HideWindows Le fichier: C:\System Volume Information\_restore{446B645F-87DF-4557-B079-FBD568E8EFA9}\RP12\A0000233.exe

découvert : application présentant un risque potentiel not-a-virus:RiskTool.Win32.PsKill.au Le fichier: C:\System Volume Information\_restore{446B645F-87DF-4557-B079-FBD568E8EFA9}\RP12\A0009402.exe

découvert : logiciel publicitaire not-a-virus:AdWare.Win32.Dm.wf Le fichier: C:\System Volume Information\_restore{446B645F-87DF-4557-B079-FBD568E8EFA9}\RP12\A0000231.exe

Voila....

vous avez les 4 rapports envoyés en MP....je n'ai pas encore les qualifications recquises sur un ver tel que Kido....

les petites bebetes... passe encore, mais si le ver est toujours là, cela sera trop lourd pour moi, soyons raisonnable et ne brulons pas les étapes

je vous remercie d'avance pour le demandeur, je vais le prévenir en mp, je suis le sujet, et peut: etre présent seulement pour kaspersky si besoin



Modifié par Anonyme le 15/07/2009 00:02
Fill
 Posté le 15/07/2009 à 00:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Salut,

On commence par traiter les disques amovibles. Insère tes clés USB, disque dur externe.

Utilise Findykill option 1 en t'aidant de ce tuto.

Edite le rapport.

Fill

Anonyme
 Posté le 15/07/2009 à 01:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

bonsoir et merci Fill,

j'ai contacté en mp le demandeur pour lui communiquer le lien de ce topic,

Si j'ai recu ces rapports en mp, c'est surement que cette procédure a été appliquée, et le demandeur a trouver plus simple (a tort) de contacter l'auteur du tutoriel,

comme c'est moi qui ai ouvert ce topic, tu me donneras le top pour le fermer a la fin et eventuellement que je change le titre au besoin

bonne nuit Fill



Modifié par Anonyme le 15/07/2009 01:20
Anonyme
 Posté le 15/07/2009 à 11:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Bonjour tout le monde,

Fill

je viens de recevoir ceci....

---- Message original ----
bonsoir australien :) jespere que vous avez trouver une solution pour moi , sachent que tous mes pc sont infectee par ce virus dans un cyber cafe et les clients reclame ou est le son est disparut .... etude bien mes rapport mr australien et merci beaucoup de maidez ton ami sssscooter

j'ai répondu

re, voici le lien du topic sur lequel vous devrez aller pour de l'aide cliquez dessus le lien,


https://forum.pcastuces.com/sujet.asp?f=25&s=49255



Mais je vient de me rendre compte de ceci, le demandeur est déja pris en charge.....doublons

tu me diras s'il faut que je cloture ce sujet ou que le demandeur cloture l'autre

Cordialement



Modifié par Anonyme le 15/07/2009 11:08
Fill
 Posté le 15/07/2009 à 11:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Salut,

OK. J'avais examiné un peu rapidement le rapport, et je n'avais au départ pas vu que le XP était exotique, même si, après relecture, tu l'avais indiqué

Vu la nature de l'OS, faillible, je ne suis pas sûr qu'il y ait une solution, car la faille risque de ne pas pouvoir être corrigée. Pas terrible comme politique pour un cybercafé.

Fill

Anonyme
 Posté le 15/07/2009 à 11:17 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Ok.....je suis content car je pense pareil que toi......

Vu la nature de l'OS, faillible, je ne suis pas sûr qu'il y ait une solution, car la faille risque de ne pas pouvoir être corrigée. Pas terrible comme politique pour un cybercafé.

bon je vais indiquez a Chrifleur le lien de ce topic qui prendra sa décision quand a la suite, et nous verrons bien les réponses du demandeurs...

je fermerez celui ci car c'est moi qui l'ai ouvert.....(un peu rapidement, j'aurais du consulter le profil du demandeur en premier, j'aurais vu ses sujets postés)

merci encore

L'australien alias le kangourou



Modifié par Anonyme le 15/07/2009 11:18
Publicité
chrifleur
 Posté le 15/07/2009 à 21:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Fill a écrit :

Vu la nature de l'OS, faillible, je ne suis pas sûr qu'il y ait une solution, car la faille risque de ne pas pouvoir être corrigée. Pas terrible comme politique pour un cybercafé.

+1

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
virus worm.win32.autorun.bhci
virus Worm.Win32.Carrier.fk
Net-Worm.Win32.Kido.ih detecte par ZoneAlarm
Infecter par le virus worm.win32.autorun.nuu
virus Worm.Win32.autorun.pqr / trojan.Win32.Vaklik
AU SECOURS virus ou pas : worm.win32.netbooter2
probleme virus "win32.worm.bagle"
Virus WIN32/IRCBot.worm Trojan
infecté par le virus "Email-Worm.Win32.Bagle.ii'"
virus Email-worm.win32.baqle.hq
Plus de sujets relatifs à virus Net-Worm.Win32.Kido
 > Tous les forums > Forum Sécurité