Trojan.Generic Help :S

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

Trojan.Generic Help :S

Messagepar Vamos » 26 Mar 2010 10:47

bonjour voici mon problème, ...

J'ai hier téléchargé un logiciel (Burning board) sachant pas qu'il était payant je mets sur le net
"Télécharger Burninrg board" je vois un truc je télécharge, je reçois l'application aucun droit de démarrage (hors qu'il devait le demander ... selon l'icône) le temps d'essayer de supprimer ce "logiciel" qui devrais être un script il s'est enclenché "bordel" total ...

Je fit donc une analyse Spyware Doctore il me détecte 6 Truc dangereux.
Je téléchargea un logiciel Spybot & Destroy qi me supprimera les cookies etc. le problème
Est le suivant; Internet explorer nefonctionne plus (Vzd / Vzp / Vzc) 3 trojan ont été supprimé mais
il en reste et 2 reviennent tout le temps...

Il y aurais fichier du Win32 le suivant; 1 fichier infecté a été détecté !
-----------------------------------

C:\Windows\System32\sshnas21.dll - Trojan.FakeAV.Agent.I
--> Processus rundll32.exe (208)

---
Puis avec SpyBot search and Destroy [DoubleClick] Et [Statcounte] mon pc commence ä buger

et dans le processus je vois un Winlogon.exe qui me semble, pas normal et certaines choses ont changé dans le disque C :(

Help s.v.p

(Wndows seven 4 Go ram il a 1 semaine l'ordinateur en personne)
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 26 Mar 2010 10:52

Bonjour, c'est en désinfection qu'il faut voir ça, je transfère le sujet.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Falkra » 26 Mar 2010 10:53

Oublie Spybot et Spyware Doctor, ils sont obsolètes et inefficaces dans ces situations.
On va utiliser des outils plus performants. Ne supprime rien pour le moment.


Désactive TeaTimer dans spybot dès maintenant, ça peut empêcher la désinfection. ;)
A faire en passant par les options de Spybot: il faut aller dans le menu "Mode"=> coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" .

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. ;-)
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 26 Mar 2010 10:59

log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Vamos at 2010-03-26 10:25:52
Microsoft Windows 7 Professionnel
System drive C: has 240 GB (79%) free of 305 GB
Total RAM: 3583 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:09, on 26.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vamos\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Vamos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/%7BF ... C981EE4%7D
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{FF8BA809-851E-4D11-B6C4-F57E2C981EE4}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vamos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Windows\system32\sshnas21.dll,BackupReadW
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
End of file - 8643 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3011667035-269395239-3036896157-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3011667035-269395239-3036896157-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2010-03-09 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2009-03-31 5748736]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-14 98304]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"SWPROguard"=C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe [2010-03-11 586376]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-01-18 1286608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Google Update"=C:\Users\Vamos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 135664]
"Steam"=c:\program files\valve\steam\steam.exe [2010-03-16 1217872]
"Canaveral"=C:\Windows\system32\sshnas21.dll [2010-03-25 198144]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Users\Vamos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b699769a-2be5-11df-80fb-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-26 10:13:23 ----D---- C:\rsit
2010-03-26 10:13:23 ----D---- C:\Program Files\trend micro
2010-03-25 21:53:11 ----D---- C:\Users\Vamos\AppData\Roaming\QuickScan
2010-03-25 18:27:14 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-25 18:27:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-25 16:47:48 ----D---- C:\Users\Vamos\AppData\Roaming\Common Toolkit Suite
2010-03-25 16:47:41 ----D---- C:\ProgramData\clp
2010-03-25 16:47:33 ----D---- C:\ProgramData\Common Toolkit Suite
2010-03-25 16:47:33 ----D---- C:\Program Files\Fighters
2010-03-25 16:47:33 ----D---- C:\Program Files\Common Files\Common Toolkit Suite
2010-03-25 16:47:03 ----HDC---- C:\ProgramData\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-03-25 16:46:32 ----D---- C:\Users\Vamos\AppData\Roaming\Fighters
2010-03-25 12:09:41 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-25 12:09:41 ----A---- C:\Windows\PCTBDRes.dll
2010-03-25 12:09:41 ----A---- C:\Windows\PCTBDCore.dll.old
2010-03-25 12:09:41 ----A---- C:\Windows\PCTBDCore.dll
2010-03-25 12:09:41 ----A---- C:\Windows\BDTSupport.dll.old
2010-03-25 12:09:41 ----A---- C:\Windows\BDTSupport.dll
2010-03-25 12:07:14 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-25 12:07:13 ----D---- C:\Users\Vamos\AppData\Roaming\PC Tools
2010-03-25 12:07:13 ----D---- C:\ProgramData\PC Tools
2010-03-25 12:07:13 ----D---- C:\Program Files\Spyware Doctor
2010-03-25 12:06:55 ----AD---- C:\ProgramData\TEMP
2010-03-25 11:49:53 ----A---- C:\Windows\system32\sshnas21.dll
2010-03-24 21:46:40 ----D---- C:\Program Files\No-IP
2010-03-23 11:59:34 ----D---- C:\Program Files\CR-TEKnologies
2010-03-18 20:19:23 ----D---- C:\ProgramData\Sony
2010-03-18 20:19:17 ----D---- C:\Program Files\Sony
2010-03-18 19:41:23 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-03-18 19:40:57 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-03-18 19:31:37 ----D---- C:\Program Files\Movie Maker 2.6
2010-03-18 18:05:15 ----D---- C:\Program Files\VirtualDJ
2010-03-17 23:00:12 ----A---- C:\Windows\system32\msonpmon.dll
2010-03-17 15:14:17 ----D---- C:\Program Files\HyCam2
2010-03-16 20:26:40 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-03-16 19:59:10 ----D---- C:\Program Files\Eidos
2010-03-16 19:45:52 ----D---- C:\Program Files\SpeedFan
2010-03-16 17:59:59 ----D---- C:\Windows\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP
2010-03-16 17:53:08 ----D---- C:\Program Files\Common Files\Steam
2010-03-16 17:47:14 ----D---- C:\Program Files\Valve
2010-03-15 19:40:52 ----D---- C:\Users\Vamos\AppData\Roaming\TS3Client
2010-03-15 19:39:45 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-03-15 14:56:48 ----D---- C:\Fraps
2010-03-15 13:40:24 ----D---- C:\ProgramData\Office Genuine Advantage
2010-03-15 13:13:27 ----A---- C:\Windows\system32\MRT.exe
2010-03-15 13:13:08 ----D---- C:\Program Files\MSXML 4.0
2010-03-14 14:16:03 ----D---- C:\ProgramData\Age of Empires 3
2010-03-14 14:14:48 ----D---- C:\Program Files\Common Files\Microsoft Games
2010-03-14 14:14:42 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-03-14 14:14:41 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-03-14 14:06:01 ----D---- C:\Program Files\Microsoft Games
2010-03-11 22:38:28 ----D---- C:\Program Files\QS
2010-03-11 22:38:23 ----D---- C:\Users\Vamos\AppData\Roaming\TeamViewer
2010-03-10 22:33:11 ----D---- C:\Program Files\WinSCP
2010-03-10 22:27:52 ----A---- C:\Windows\system32\libmysql_d.dll
2010-03-10 22:27:49 ----D---- C:\Program Files\PremiumSoft
2010-03-10 21:08:26 ----D---- C:\Program Files\Hamachi
2010-03-10 21:06:40 ----HD---- C:\ProgramData\CanonBJ
2010-03-10 21:06:04 ----A---- C:\Windows\system32\CNMLM9E.DLL
2010-03-10 20:07:16 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-10 20:04:10 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-10 19:59:15 ----D---- C:\Windows\system32\appmgmt
2010-03-10 17:08:21 ----D---- C:\Users\Vamos\AppData\Roaming\Hamachi
2010-03-10 17:00:24 ----D---- C:\Program Files\Common Files\PC SOFT
2010-03-10 16:42:38 ----D---- C:\ProgramData\COMODO
2010-03-10 16:37:45 ----D---- C:\ProgramData\Comodo Downloader
2010-03-10 16:17:59 ----D---- C:\Program Files\Microsoft Virtual PC
2010-03-10 15:39:33 ----D---- C:\Program Files\Landwirtschafts-Simulator 2009 Demo
2010-03-10 14:39:28 ----D---- C:\Program Files\Legend of MT2
2010-03-10 14:13:05 ----D---- C:\Users\Vamos\AppData\Roaming\Mozilla
2010-03-10 14:12:58 ----D---- C:\Users\Vamos\AppData\Roaming\LimeWire
2010-03-10 14:09:57 ----D---- C:\ProgramData\Sun
2010-03-10 14:09:56 ----D---- C:\Program Files\Common Files\Java
2010-03-10 14:09:49 ----A---- C:\Windows\system32\javaws.exe
2010-03-10 14:09:49 ----A---- C:\Windows\system32\javaw.exe
2010-03-10 14:09:49 ----A---- C:\Windows\system32\java.exe
2010-03-10 14:09:49 ----A---- C:\Windows\system32\deploytk.dll
2010-03-10 14:09:43 ----D---- C:\Program Files\Java
2010-03-10 14:09:23 ----D---- C:\Program Files\LimeWire
2010-03-10 14:01:51 ----D---- C:\Users\Vamos\AppData\Roaming\WinRAR
2010-03-10 13:54:25 ----D---- C:\Program Files\WinRAR
2010-03-10 13:45:48 ----D---- C:\Program Files\Ask.com
2010-03-10 13:44:33 ----D---- C:\Users\Vamos\AppData\Roaming\uTorrent
2010-03-10 12:29:42 ----D---- C:\Program Files\Windows Virtual PC
2010-03-10 12:28:48 ----A---- C:\Windows\system32\vpchbuspipe.dll
2010-03-10 12:28:45 ----A---- C:\Windows\system32\VPCWizard.exe
2010-03-10 12:28:45 ----A---- C:\Windows\system32\VPCSettings.exe
2010-03-10 12:28:45 ----A---- C:\Windows\system32\VMWindow.exe
2010-03-10 12:28:45 ----A---- C:\Windows\system32\vmsal.exe
2010-03-10 12:28:45 ----A---- C:\Windows\system32\VMCPropertyHandler.dll
2010-03-10 12:28:43 ----A---- C:\Windows\system32\vpc.exe
2010-03-10 12:05:34 ----A---- C:\Windows\system32\msasn1.dll
2010-03-10 12:05:33 ----A---- C:\Windows\system32\wmp.dll
2010-03-10 12:05:33 ----A---- C:\Windows\system32\winresume.exe
2010-03-10 12:05:33 ----A---- C:\Windows\system32\winload.exe
2010-03-10 12:05:33 ----A---- C:\Windows\system32\CertEnroll.dll
2010-03-10 12:05:32 ----A---- C:\Windows\system32\wmploc.DLL
2010-03-10 12:05:20 ----A---- C:\Windows\system32\jscript.dll
2010-03-10 12:05:16 ----A---- C:\Windows\system32\t2embed.dll
2010-03-10 12:05:16 ----A---- C:\Windows\system32\fontsub.dll
2010-03-10 12:05:16 ----A---- C:\Windows\system32\atmfd.dll
2010-03-10 12:05:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-10 12:05:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-10 12:05:15 ----A---- C:\Windows\system32\kernel32.dll
2010-03-10 12:05:15 ----A---- C:\Windows\system32\apphelp.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\tsbyuv.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\quartz.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\msyuv.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\msvidc32.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\msrle32.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\mciavi32.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\iyuv_32.dll
2010-03-10 12:05:14 ----A---- C:\Windows\system32\avifil32.dll
2010-03-10 12:05:13 ----A---- C:\Windows\system32\mshtml.dll
2010-03-10 12:05:13 ----A---- C:\Windows\system32\ieframe.dll
2010-03-10 12:05:12 ----A---- C:\Windows\system32\wininet.dll
2010-03-10 12:05:12 ----A---- C:\Windows\system32\urlmon.dll
2010-03-10 12:05:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-10 12:05:12 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-10 12:05:06 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-10 12:05:06 ----A---- C:\Windows\system32\msdri.dll
2010-03-10 12:05:06 ----A---- C:\Windows\system32\CPFilters.dll
2010-03-10 12:05:02 ----A---- C:\Windows\system32\tzres.dll
2010-03-10 12:04:59 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-10 12:04:59 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-03-10 12:04:59 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-10 12:04:59 ----A---- C:\Windows\system32\secproc.dll
2010-03-10 12:04:59 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-10 12:04:59 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-10 12:04:59 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-10 12:04:59 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-10 12:04:55 ----A---- C:\Windows\system32\winlogon.exe
2010-03-10 12:04:55 ----A---- C:\Windows\explorer.exe
2010-03-10 08:27:47 ----D---- C:\ProgramData\Adobe
2010-03-10 08:27:44 ----D---- C:\Program Files\Common Files\Adobe
2010-03-10 08:27:44 ----D---- C:\Program Files\Adobe
2010-03-10 02:45:04 ----D---- C:\Windows\SoftwareDistribution
2010-03-09 21:12:06 ----D---- C:\Program Files\LogMeIn Hamachi
2010-03-09 21:09:23 ----D---- C:\wamp
2010-03-09 21:07:17 ----D---- C:\Users\Vamos\AppData\Roaming\Notepad++
2010-03-09 21:07:17 ----D---- C:\Program Files\Notepad++
2010-03-09 19:11:49 ----D---- C:\PFiles
2010-03-09 19:05:30 ----D---- C:\Users\Vamos\AppData\Roaming\Macromedia
2010-03-09 19:05:30 ----D---- C:\Users\Vamos\AppData\Roaming\Adobe
2010-03-09 19:04:59 ----D---- C:\Windows\system32\Macromed
2010-03-09 18:54:47 ----D---- C:\Program Files\Microsoft
2010-03-09 18:54:26 ----D---- C:\Program Files\Windows Live SkyDrive
2010-03-09 18:54:09 ----D---- C:\Program Files\Windows Live
2010-03-09 18:51:53 ----D---- C:\ProgramData\Kaspersky Lab
2010-03-09 18:51:53 ----D---- C:\Program Files\Kaspersky Lab
2010-03-09 18:50:53 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-03-09 18:50:50 ----D---- C:\Program Files\Common Files\Windows Live
2010-03-09 18:47:31 ----D---- C:\Users\Vamos\AppData\Roaming\ATI
2010-03-09 18:47:12 ----SD---- C:\Users\Vamos\AppData\Roaming\Microsoft
2010-03-09 18:47:12 ----D---- C:\Users\Vamos\AppData\Roaming\Identities

======List of files/folders modified in the last 1 months======

2010-03-26 10:25:56 ----D---- C:\Windows\Temp
2010-03-26 10:24:49 ----D---- C:\Windows\system32\config
2010-03-26 10:14:36 ----SHD---- C:\System Volume Information
2010-03-26 10:13:23 ----RD---- C:\Program Files
2010-03-26 10:11:07 ----D---- C:\Windows\system32\catroot2
2010-03-25 19:13:23 ----D---- C:\Windows\Tasks
2010-03-25 19:13:23 ----D---- C:\Windows\system32\Tasks
2010-03-25 19:13:23 ----D---- C:\Windows
2010-03-25 18:27:14 ----HD---- C:\ProgramData
2010-03-25 16:47:37 ----D---- C:\Windows\system32\drivers
2010-03-25 16:47:36 ----D---- C:\Windows\system32\catroot
2010-03-25 16:47:35 ----SHD---- C:\Windows\Installer
2010-03-25 16:47:33 ----D---- C:\Program Files\Common Files
2010-03-25 11:49:53 ----D---- C:\Windows\System32
2010-03-24 23:10:23 ----D---- C:\Program Files\Internet Explorer
2010-03-24 23:10:22 ----D---- C:\Windows\winsxs
2010-03-23 11:59:38 ----D---- C:\Windows\Prefetch
2010-03-19 11:51:07 ----D---- C:\Windows\system32\LogFiles
2010-03-19 10:37:15 ----D---- C:\ProgramData\Microsoft Help
2010-03-18 23:27:23 ----D---- C:\Windows\inf
2010-03-18 23:27:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-18 20:20:06 ----RSD---- C:\Windows\assembly
2010-03-18 18:05:22 ----RSD---- C:\Windows\Fonts
2010-03-17 22:58:34 ----D---- C:\Program Files\Common Files\microsoft shared
2010-03-16 19:59:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-15 13:14:16 ----D---- C:\Windows\system32\zh-TW
2010-03-15 13:14:16 ----D---- C:\Windows\system32\zh-HK
2010-03-15 13:14:16 ----D---- C:\Windows\system32\tr-TR
2010-03-15 13:14:16 ----D---- C:\Windows\system32\sv-SE
2010-03-15 13:14:16 ----D---- C:\Windows\system32\pt-BR
2010-03-15 13:14:16 ----D---- C:\Windows\system32\nl-NL
2010-03-15 13:14:16 ----D---- C:\Windows\system32\nb-NO
2010-03-15 13:14:16 ----D---- C:\Windows\system32\ko-KR
2010-03-15 13:14:16 ----D---- C:\Windows\system32\it-IT
2010-03-15 13:14:16 ----D---- C:\Windows\system32\he-IL
2010-03-15 13:14:16 ----D---- C:\Windows\system32\fr-FR
2010-03-15 13:14:16 ----D---- C:\Windows\system32\fi-FI
2010-03-15 13:14:16 ----D---- C:\Windows\system32\es-ES
2010-03-15 13:14:16 ----D---- C:\Windows\system32\en-US
2010-03-15 13:14:16 ----D---- C:\Windows\system32\el-GR
2010-03-15 13:14:16 ----D---- C:\Windows\system32\de-DE
2010-03-15 13:14:16 ----D---- C:\Windows\system32\da-DK
2010-03-15 13:14:16 ----D---- C:\Windows\system32\ar-SA
2010-03-15 13:13:28 ----D---- C:\Windows\debug
2010-03-14 14:14:41 ----D---- C:\Windows\Microsoft.NET
2010-03-14 03:24:30 ----D---- C:\Windows\system32\wdi
2010-03-13 17:49:43 ----D---- C:\Windows\rescache
2010-03-13 17:32:10 ----D---- C:\Windows\DigitalLocker
2010-03-13 17:32:09 ----D---- C:\Windows\system32\winrm
2010-03-13 17:32:07 ----D---- C:\Windows\system32\slmgr
2010-03-13 17:32:06 ----D---- C:\Windows\system32\WCN
2010-03-13 17:32:06 ----D---- C:\Windows\system32\MUI
2010-03-13 17:32:00 ----D---- C:\Windows\servicing
2010-03-13 17:32:00 ----D---- C:\Windows\PolicyDefinitions
2010-03-13 17:32:00 ----D---- C:\Windows\IME
2010-03-13 17:32:00 ----D---- C:\Windows\ehome
2010-03-13 17:32:00 ----D---- C:\Program Files\Windows Sidebar
2010-03-13 17:32:00 ----D---- C:\Program Files\Windows Photo Viewer
2010-03-13 17:32:00 ----D---- C:\Program Files\Windows Mail
2010-03-13 17:32:00 ----D---- C:\Program Files\Windows Defender
2010-03-13 17:32:00 ----D---- C:\Program Files\DVD Maker
2010-03-13 17:32:00 ----D---- C:\Program Files\Common Files\System
2010-03-13 17:31:59 ----D---- C:\Windows\system32\sysprep
2010-03-13 17:31:59 ----D---- C:\Windows\system32\Setup
2010-03-13 17:31:59 ----D---- C:\Windows\system32\oobe
2010-03-13 17:31:59 ----D---- C:\Windows\system32\migwiz
2010-03-13 17:31:59 ----D---- C:\Windows\system32\migration
2010-03-13 17:31:59 ----D---- C:\Windows\system32\Boot
2010-03-13 17:31:56 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2010-03-13 17:31:55 ----D---- C:\Windows\system32\wbem
2010-03-13 17:31:55 ----D---- C:\Windows\system32\com
2010-03-13 17:31:55 ----D---- C:\Windows\AppPatch
2010-03-13 15:04:38 ----D---- C:\Windows\system32\Dism
2010-03-13 15:02:19 ----D---- C:\Program Files\Windows Media Player
2010-03-13 15:02:19 ----D---- C:\Program Files\Windows Journal
2010-03-13 15:02:02 ----D---- C:\Windows\system32\XPSViewer
2010-03-13 15:00:14 ----D---- C:\Windows\Logs
2010-03-13 03:13:26 ----D---- C:\Program Files\Microsoft Works
2010-03-13 03:12:15 ----A---- C:\Windows\win.ini
2010-03-10 21:06:20 ----D---- C:\Windows\system32\DriverStore
2010-03-10 21:06:11 ----RSD---- C:\Windows\Media
2010-03-10 21:06:05 ----D---- C:\Windows\twain_32
2010-03-10 12:40:48 ----D---- C:\Windows\Downloaded Program Files
2010-03-10 12:29:45 ----D---- C:\Windows\system32\ro-RO
2010-03-10 12:29:45 ----D---- C:\Windows\system32\pt-PT
2010-03-10 12:29:45 ----D---- C:\Windows\system32\ja-JP
2010-03-10 12:29:45 ----D---- C:\Windows\system32\cs-CZ
2010-03-10 12:29:44 ----D---- C:\Windows\system32\th-TH
2010-03-10 12:29:44 ----D---- C:\Windows\system32\pl-PL
2010-03-10 12:29:44 ----D---- C:\Windows\system32\hu-HU
2010-03-10 12:29:43 ----D---- C:\Windows\system32\zh-CN
2010-03-10 12:29:43 ----D---- C:\Windows\system32\ru-RU
2010-03-09 19:00:34 ----D---- C:\Windows\system32\NDF
2010-03-09 18:50:33 ----SD---- C:\ProgramData\Microsoft
2010-03-09 18:50:26 ----D---- C:\Windows\system32\restore
2010-03-09 18:47:19 ----SHD---- C:\$Recycle.Bin
2010-03-09 18:47:12 ----RD---- C:\Users
2010-03-09 18:46:07 ----D---- C:\Windows\Panther
2010-03-09 18:46:06 ----SHD---- C:\Recovery
2010-03-09 18:46:06 ----D---- C:\Windows\system32\Recovery






Edit: Il peu pas faire l'autre =/ error line 1 etc .. =(
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 26 Mar 2010 11:06

Une toolbar pourrie (Ask) et quelques saletés, en effet.
Désactive TeaTimer, il semble encore actif là.

Télécharge Malwarebytes' Anti-Malware (MBAM)
Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.
Si tu l'as déjà, passe au point 2 directement (mise à jour).

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation, puis démarre MBAM.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. ;-)
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

NB : Si MBAM te demande à redémarrer, fais-le.
Pour récupérer le rapport de MBAM si tu as redémarré un peu vite, démarre MBAM et va dans l'onglet log/rapports, tu pourras double cliquer dessus (ils sont datés) pour le poster.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 26 Mar 2010 11:13

Daccord je fais tout ça je te redis la suite ici en (Edit) ä toute ä l'heure et merci beaucoup.

Edit 1: j'en suis ä 7 éléments infecté

Voila :

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3915
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.03.2010 11:17:38
mbam-log-2010-03-26 (11-17-38).txt

Type de recherche: Examen rapide
Eléments examinés: 108609
Temps écoulé: 2 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.


---

Il me dit que certains sont pas supprimables comme le sshnas21.dll


Je reboot
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Vamos » 26 Mar 2010 11:24

Désolé du double post m'enfin... reboot succès (l'ordi est resté écran noir 2 minutes) mais la value "carnval "est delete du sshans21.dll d'après mon pc donc je fais quoi pour être sur?

winlogon.exe c'est un trojan? (toujours dans les processus windows)

---
Edit: j'ai refais une analyse rapide MBAM il dit que auucne infection etc.
Rapport plus bas... encore un truc déjà, Merci !!! et Ma version d'essaie kaspersky se termine d'ici quel ques jours, est-ce que avast(Gratuit) est suffisamment bon? ou dois-je acheter kaspersky?


Voici le Rapport (Analyse rapide) après la désinfection (je peu virer ses anti spyware etc.? (pas MBAM)) car ils sont pas bien comme cité plus haut (...)

_
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3915
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.03.2010 11:57:57
mbam-log-2010-03-26 (11-57-57).txt

Type de recherche: Examen rapide
Eléments examinés: 108509
Temps écoulé: 2 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

_
Merci à vous

Dans la quarantaine se trouve 6 fichiers infecté, je les supprimes?

Internet explorer re-fonctionne
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Vamos » 26 Mar 2010 18:19

J'ai fait une analyse kaspersky il trouve des (HiddenObject.multi.generic) dans C:\Windows\temp\cchC9D8.tmp et D7.tmp que faire? =/
pour en finir svp
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 26 Mar 2010 23:05

winlogon.exe c'est un trojan? (toujours dans les processus windows)
Non, c'est un fichier de windows, suivant l'emplacement.

Rapport plus bas... encore un truc déjà, Merci !!! et Ma version d'essaie kaspersky se termine d'ici quel ques jours, est-ce que avast(Gratuit) est suffisamment bon? ou dois-je acheter kaspersky?
Attends, on va terminer tout ça avant d'installer quoi que ce soit. ;)

Dans la quarantaine se trouve 6 fichiers infecté, je les supprimes?
Non, je te l'aurais dit. ;) En cas de faux positifs, il faut pouvoir restaurer, laisse la quarantaine comme elle est.

Poste un nouveau rapport RSIT stp.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 28 Mar 2010 12:17

bonjour, le voici

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vamos at 2010-03-28 13:15:38
Microsoft Windows 7 Professionnel
System drive C: has 240 GB (79%) free of 305 GB
Total RAM: 3583 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:10, on 28.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Vamos\Documents\Downloads\RSIT.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\Vamos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{FF8BA809-851E-4D11-B6C4-F57E2C981EE4}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vamos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 8352 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3011667035-269395239-3036896157-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3011667035-269395239-3036896157-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2010-03-09 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2009-03-31 5748736]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-14 98304]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"SWPROguard"=C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe [2010-03-11 586376]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Steam"=c:\program files\valve\steam\steam.exe [2010-03-16 1217872]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Google Update"=C:\Users\Vamos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 136176]

C:\Users\Vamos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b699769a-2be5-11df-80fb-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe
shell\directx\command - D:\DirectX9\dxsetup.exe
shell\setup\command - D:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-26 12:12:37 ----D---- C:\Users\Vamos\AppData\Roaming\Malwarebytes
2010-03-26 12:12:32 ----D---- C:\ProgramData\Malwarebytes
2010-03-26 12:12:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-26 11:13:23 ----D---- C:\rsit
2010-03-26 11:13:23 ----D---- C:\Program Files\trend micro
2010-03-25 22:53:11 ----D---- C:\Users\Vamos\AppData\Roaming\QuickScan
2010-03-25 19:27:14 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-25 19:27:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-25 17:47:48 ----D---- C:\Users\Vamos\AppData\Roaming\Common Toolkit Suite
2010-03-25 17:47:41 ----D---- C:\ProgramData\clp
2010-03-25 17:47:33 ----D---- C:\ProgramData\Common Toolkit Suite
2010-03-25 17:47:33 ----D---- C:\Program Files\Fighters
2010-03-25 17:47:33 ----D---- C:\Program Files\Common Files\Common Toolkit Suite
2010-03-25 17:47:03 ----HDC---- C:\ProgramData\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-03-25 17:46:32 ----D---- C:\Users\Vamos\AppData\Roaming\Fighters
2010-03-25 13:09:41 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-25 13:09:41 ----A---- C:\Windows\PCTBDRes.dll
2010-03-25 13:09:41 ----A---- C:\Windows\PCTBDCore.dll.old
2010-03-25 13:09:41 ----A---- C:\Windows\PCTBDCore.dll
2010-03-25 13:09:41 ----A---- C:\Windows\BDTSupport.dll.old
2010-03-25 13:09:41 ----A---- C:\Windows\BDTSupport.dll
2010-03-25 13:07:14 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-25 13:07:13 ----D---- C:\Users\Vamos\AppData\Roaming\PC Tools
2010-03-25 13:07:13 ----D---- C:\ProgramData\PC Tools
2010-03-25 13:07:13 ----D---- C:\Program Files\Spyware Doctor
2010-03-25 13:06:55 ----AD---- C:\ProgramData\TEMP
2010-03-24 22:46:40 ----D---- C:\Program Files\No-IP
2010-03-23 12:59:34 ----D---- C:\Program Files\CR-TEKnologies
2010-03-18 21:19:23 ----D---- C:\ProgramData\Sony
2010-03-18 21:19:17 ----D---- C:\Program Files\Sony
2010-03-18 20:41:23 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-03-18 20:40:57 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-03-18 20:31:37 ----D---- C:\Program Files\Movie Maker 2.6
2010-03-18 19:05:15 ----D---- C:\Program Files\VirtualDJ
2010-03-18 00:00:12 ----A---- C:\Windows\system32\msonpmon.dll
2010-03-17 16:14:17 ----D---- C:\Program Files\HyCam2
2010-03-16 21:26:40 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-03-16 20:59:10 ----D---- C:\Program Files\Eidos
2010-03-16 20:45:52 ----D---- C:\Program Files\SpeedFan
2010-03-16 18:59:59 ----D---- C:\Windows\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP
2010-03-16 18:53:08 ----D---- C:\Program Files\Common Files\Steam
2010-03-16 18:47:14 ----D---- C:\Program Files\Valve
2010-03-15 20:40:52 ----D---- C:\Users\Vamos\AppData\Roaming\TS3Client
2010-03-15 20:39:45 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-03-15 15:56:48 ----D---- C:\Fraps
2010-03-15 14:40:24 ----D---- C:\ProgramData\Office Genuine Advantage
2010-03-15 14:13:27 ----A---- C:\Windows\system32\MRT.exe
2010-03-15 14:13:08 ----D---- C:\Program Files\MSXML 4.0
2010-03-14 15:16:03 ----D---- C:\ProgramData\Age of Empires 3
2010-03-14 15:14:48 ----D---- C:\Program Files\Common Files\Microsoft Games
2010-03-14 15:14:42 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-03-14 15:14:41 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-03-14 15:06:01 ----D---- C:\Program Files\Microsoft Games
2010-03-11 23:38:28 ----D---- C:\Program Files\QS
2010-03-11 23:38:23 ----D---- C:\Users\Vamos\AppData\Roaming\TeamViewer
2010-03-10 23:33:11 ----D---- C:\Program Files\WinSCP
2010-03-10 23:27:52 ----A---- C:\Windows\system32\libmysql_d.dll
2010-03-10 23:27:49 ----D---- C:\Program Files\PremiumSoft
2010-03-10 22:08:26 ----D---- C:\Program Files\Hamachi
2010-03-10 22:06:40 ----HD---- C:\ProgramData\CanonBJ
2010-03-10 22:06:04 ----A---- C:\Windows\system32\CNMLM9E.DLL
2010-03-10 21:07:16 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-10 21:04:10 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-10 20:59:15 ----D---- C:\Windows\system32\appmgmt
2010-03-10 18:08:21 ----D---- C:\Users\Vamos\AppData\Roaming\Hamachi
2010-03-10 18:00:24 ----D---- C:\Program Files\Common Files\PC SOFT
2010-03-10 17:42:38 ----D---- C:\ProgramData\COMODO
2010-03-10 17:37:45 ----D---- C:\ProgramData\Comodo Downloader
2010-03-10 17:17:59 ----D---- C:\Program Files\Microsoft Virtual PC
2010-03-10 16:39:33 ----D---- C:\Program Files\Landwirtschafts-Simulator 2009 Demo
2010-03-10 15:39:28 ----D---- C:\Program Files\Legend of MT2
2010-03-10 15:13:05 ----D---- C:\Users\Vamos\AppData\Roaming\Mozilla
2010-03-10 15:12:58 ----D---- C:\Users\Vamos\AppData\Roaming\LimeWire
2010-03-10 15:09:57 ----D---- C:\ProgramData\Sun
2010-03-10 15:09:56 ----D---- C:\Program Files\Common Files\Java
2010-03-10 15:09:49 ----A---- C:\Windows\system32\javaws.exe
2010-03-10 15:09:49 ----A---- C:\Windows\system32\javaw.exe
2010-03-10 15:09:49 ----A---- C:\Windows\system32\java.exe
2010-03-10 15:09:49 ----A---- C:\Windows\system32\deploytk.dll
2010-03-10 15:09:43 ----D---- C:\Program Files\Java
2010-03-10 15:09:23 ----D---- C:\Program Files\LimeWire
2010-03-10 15:01:51 ----D---- C:\Users\Vamos\AppData\Roaming\WinRAR
2010-03-10 14:54:25 ----D---- C:\Program Files\WinRAR
2010-03-10 14:45:48 ----D---- C:\Program Files\Ask.com
2010-03-10 14:44:33 ----D---- C:\Users\Vamos\AppData\Roaming\uTorrent
2010-03-10 13:29:42 ----D---- C:\Program Files\Windows Virtual PC
2010-03-10 13:28:48 ----A---- C:\Windows\system32\vpchbuspipe.dll
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VPCWizard.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VPCSettings.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VMWindow.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\vmsal.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VMCPropertyHandler.dll
2010-03-10 13:28:43 ----A---- C:\Windows\system32\vpc.exe
2010-03-10 13:05:34 ----A---- C:\Windows\system32\msasn1.dll
2010-03-10 13:05:33 ----A---- C:\Windows\system32\wmp.dll
2010-03-10 13:05:33 ----A---- C:\Windows\system32\winresume.exe
2010-03-10 13:05:33 ----A---- C:\Windows\system32\winload.exe
2010-03-10 13:05:33 ----A---- C:\Windows\system32\CertEnroll.dll
2010-03-10 13:05:32 ----A---- C:\Windows\system32\wmploc.DLL
2010-03-10 13:05:20 ----A---- C:\Windows\system32\jscript.dll
2010-03-10 13:05:16 ----A---- C:\Windows\system32\t2embed.dll
2010-03-10 13:05:16 ----A---- C:\Windows\system32\fontsub.dll
2010-03-10 13:05:16 ----A---- C:\Windows\system32\atmfd.dll
2010-03-10 13:05:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-10 13:05:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-10 13:05:15 ----A---- C:\Windows\system32\kernel32.dll
2010-03-10 13:05:15 ----A---- C:\Windows\system32\apphelp.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\tsbyuv.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\quartz.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\msyuv.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\msvidc32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\msrle32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\mciavi32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\iyuv_32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\avifil32.dll
2010-03-10 13:05:13 ----A---- C:\Windows\system32\mshtml.dll
2010-03-10 13:05:13 ----A---- C:\Windows\system32\ieframe.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\wininet.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\urlmon.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-10 13:05:06 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-10 13:05:06 ----A---- C:\Windows\system32\msdri.dll
2010-03-10 13:05:06 ----A---- C:\Windows\system32\CPFilters.dll
2010-03-10 13:05:02 ----A---- C:\Windows\system32\tzres.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-10 13:04:55 ----A---- C:\Windows\system32\winlogon.exe
2010-03-10 13:04:55 ----A---- C:\Windows\explorer.exe
2010-03-10 09:27:47 ----D---- C:\ProgramData\Adobe
2010-03-10 09:27:44 ----D---- C:\Program Files\Common Files\Adobe
2010-03-10 09:27:44 ----D---- C:\Program Files\Adobe
2010-03-10 03:45:04 ----D---- C:\Windows\SoftwareDistribution
2010-03-09 22:12:06 ----D---- C:\Program Files\LogMeIn Hamachi
2010-03-09 22:09:23 ----D---- C:\wamp
2010-03-09 22:07:17 ----D---- C:\Users\Vamos\AppData\Roaming\Notepad++
2010-03-09 22:07:17 ----D---- C:\Program Files\Notepad++
2010-03-09 20:11:49 ----D---- C:\PFiles
2010-03-09 20:05:30 ----D---- C:\Users\Vamos\AppData\Roaming\Macromedia
2010-03-09 20:05:30 ----D---- C:\Users\Vamos\AppData\Roaming\Adobe
2010-03-09 20:04:59 ----D---- C:\Windows\system32\Macromed
2010-03-09 19:54:47 ----D---- C:\Program Files\Microsoft
2010-03-09 19:54:26 ----D---- C:\Program Files\Windows Live SkyDrive
2010-03-09 19:54:09 ----D---- C:\Program Files\Windows Live
2010-03-09 19:51:53 ----D---- C:\ProgramData\Kaspersky Lab
2010-03-09 19:51:53 ----D---- C:\Program Files\Kaspersky Lab
2010-03-09 19:50:53 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-03-09 19:50:50 ----D---- C:\Program Files\Common Files\Windows Live
2010-03-09 19:47:31 ----D---- C:\Users\Vamos\AppData\Roaming\ATI
2010-03-09 19:47:12 ----SD---- C:\Users\Vamos\AppData\Roaming\Microsoft
2010-03-09 19:47:12 ----D---- C:\Users\Vamos\AppData\Roaming\Identities

======List of files/folders modified in the last 1 months======

2010-03-28 13:16:06 ----D---- C:\Windows\Temp
2010-03-28 13:12:41 ----D---- C:\Windows\system32\config
2010-03-26 19:14:20 ----D---- C:\Windows\Tasks
2010-03-26 19:14:20 ----D---- C:\Windows\system32\Tasks
2010-03-26 12:19:50 ----D---- C:\Windows\system32\drivers
2010-03-26 12:19:50 ----D---- C:\Windows\System32
2010-03-26 12:12:32 ----HD---- C:\ProgramData
2010-03-26 12:12:31 ----RD---- C:\Program Files
2010-03-26 11:14:36 ----SHD---- C:\System Volume Information
2010-03-26 11:11:07 ----D---- C:\Windows\system32\catroot2
2010-03-25 20:13:23 ----D---- C:\Windows
2010-03-25 17:47:36 ----D---- C:\Windows\system32\catroot
2010-03-25 17:47:35 ----SHD---- C:\Windows\Installer
2010-03-25 17:47:33 ----D---- C:\Program Files\Common Files
2010-03-25 00:10:23 ----D---- C:\Program Files\Internet Explorer
2010-03-25 00:10:22 ----D---- C:\Windows\winsxs
2010-03-23 12:59:38 ----D---- C:\Windows\Prefetch
2010-03-19 12:51:07 ----D---- C:\Windows\system32\LogFiles
2010-03-19 11:37:15 ----D---- C:\ProgramData\Microsoft Help
2010-03-19 00:27:23 ----D---- C:\Windows\inf
2010-03-19 00:27:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-18 21:20:06 ----RSD---- C:\Windows\assembly
2010-03-18 19:05:22 ----RSD---- C:\Windows\Fonts
2010-03-17 23:58:34 ----D---- C:\Program Files\Common Files\microsoft shared
2010-03-16 20:59:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-15 14:14:16 ----D---- C:\Windows\system32\zh-TW
2010-03-15 14:14:16 ----D---- C:\Windows\system32\zh-HK
2010-03-15 14:14:16 ----D---- C:\Windows\system32\tr-TR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\sv-SE
2010-03-15 14:14:16 ----D---- C:\Windows\system32\pt-BR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\nl-NL
2010-03-15 14:14:16 ----D---- C:\Windows\system32\nb-NO
2010-03-15 14:14:16 ----D---- C:\Windows\system32\ko-KR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\it-IT
2010-03-15 14:14:16 ----D---- C:\Windows\system32\he-IL
2010-03-15 14:14:16 ----D---- C:\Windows\system32\fr-FR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\fi-FI
2010-03-15 14:14:16 ----D---- C:\Windows\system32\es-ES
2010-03-15 14:14:16 ----D---- C:\Windows\system32\en-US
2010-03-15 14:14:16 ----D---- C:\Windows\system32\el-GR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\de-DE
2010-03-15 14:14:16 ----D---- C:\Windows\system32\da-DK
2010-03-15 14:14:16 ----D---- C:\Windows\system32\ar-SA
2010-03-15 14:13:28 ----D---- C:\Windows\debug
2010-03-14 15:14:41 ----D---- C:\Windows\Microsoft.NET
2010-03-14 04:24:30 ----D---- C:\Windows\system32\wdi
2010-03-13 18:49:43 ----D---- C:\Windows\rescache
2010-03-13 18:32:10 ----D---- C:\Windows\DigitalLocker
2010-03-13 18:32:09 ----D---- C:\Windows\system32\winrm
2010-03-13 18:32:07 ----D---- C:\Windows\system32\slmgr
2010-03-13 18:32:06 ----D---- C:\Windows\system32\WCN
2010-03-13 18:32:06 ----D---- C:\Windows\system32\MUI
2010-03-13 18:32:00 ----D---- C:\Windows\servicing
2010-03-13 18:32:00 ----D---- C:\Windows\PolicyDefinitions
2010-03-13 18:32:00 ----D---- C:\Windows\IME
2010-03-13 18:32:00 ----D---- C:\Windows\ehome
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Sidebar
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Photo Viewer
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Mail
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Defender
2010-03-13 18:32:00 ----D---- C:\Program Files\DVD Maker
2010-03-13 18:32:00 ----D---- C:\Program Files\Common Files\System
2010-03-13 18:31:59 ----D---- C:\Windows\system32\sysprep
2010-03-13 18:31:59 ----D---- C:\Windows\system32\Setup
2010-03-13 18:31:59 ----D---- C:\Windows\system32\oobe
2010-03-13 18:31:59 ----D---- C:\Windows\system32\migwiz
2010-03-13 18:31:59 ----D---- C:\Windows\system32\migration
2010-03-13 18:31:59 ----D---- C:\Windows\system32\Boot
2010-03-13 18:31:56 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2010-03-13 18:31:55 ----D---- C:\Windows\system32\wbem
2010-03-13 18:31:55 ----D---- C:\Windows\system32\com
2010-03-13 18:31:55 ----D---- C:\Windows\AppPatch
2010-03-13 16:04:38 ----D---- C:\Windows\system32\Dism
2010-03-13 16:02:19 ----D---- C:\Program Files\Windows Media Player
2010-03-13 16:02:19 ----D---- C:\Program Files\Windows Journal
2010-03-13 16:02:02 ----D---- C:\Windows\system32\XPSViewer
2010-03-13 16:00:14 ----D---- C:\Windows\Logs
2010-03-13 04:13:26 ----D---- C:\Program Files\Microsoft Works
2010-03-13 04:12:15 ----A---- C:\Windows\win.ini
2010-03-10 22:06:20 ----D---- C:\Windows\system32\DriverStore
2010-03-10 22:06:11 ----RSD---- C:\Windows\Media
2010-03-10 22:06:05 ----D---- C:\Windows\twain_32
2010-03-10 13:40:48 ----D---- C:\Windows\Downloaded Program Files
2010-03-10 13:29:45 ----D---- C:\Windows\system32\ro-RO
2010-03-10 13:29:45 ----D---- C:\Windows\system32\pt-PT
2010-03-10 13:29:45 ----D---- C:\Windows\system32\ja-JP
2010-03-10 13:29:45 ----D---- C:\Windows\system32\cs-CZ
2010-03-10 13:29:44 ----D---- C:\Windows\system32\th-TH
2010-03-10 13:29:44 ----D---- C:\Windows\system32\pl-PL
2010-03-10 13:29:44 ----D---- C:\Windows\system32\hu-HU
2010-03-10 13:29:43 ----D---- C:\Windows\system32\zh-CN
2010-03-10 13:29:43 ----D---- C:\Windows\system32\ru-RU
2010-03-09 20:00:34 ----D---- C:\Windows\system32\NDF
2010-03-09 19:50:33 ----SD---- C:\ProgramData\Microsoft
2010-03-09 19:50:26 ----D---- C:\Windows\system32\restore
2010-03-09 19:47:19 ----SHD---- C:\$Recycle.Bin
2010-03-09 19:47:12 ----RD---- C:\Users
2010-03-09 19:46:07 ----D---- C:\Windows\Panther
2010-03-09 19:46:06 ----SHD---- C:\Recovery
2010-03-09 19:46:06 ----D---- C:\Windows\system32\Recovery



nouveau problème dans la liste pour désinistaller des programmes, on ne vois plus auucn programmes sauf MBAM :cry: a vous
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 28 Mar 2010 13:13

Télécharge OTMoveIt (OTM) par OldTimer.
  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Windows Vista ou 7, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    Code: Tout sélectionner
    :processes
    :files
    C:\Program Files\Ask.com


    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "EoEngine"=-
    ""=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-


    :commands
    [Start Explorer]
  • Retourne dans la fenêtre de OTM, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 28 Mar 2010 19:09

Re,
========== PROCESSES ==========
========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.10.1 log created on 03282010_200743
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 28 Mar 2010 19:35

Parfait, poste un nouveau rapport RSIT stp, pour faire le point.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 28 Mar 2010 22:33

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vamos at 2010-03-28 23:31:32
Microsoft Windows 7 Professionnel
System drive C: has 240 GB (79%) free of 305 GB
Total RAM: 3583 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:47, on 28.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Vamos\Desktop\NitrosMt2 Officiel\NitrosMT2.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Users\Vamos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Vamos\Documents\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Vamos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{FF8BA809-851E-4D11-B6C4-F57E2C981EE4}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vamos\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 8023 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3011667035-269395239-3036896157-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3011667035-269395239-3036896157-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2010-03-09 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2009-03-31 5748736]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-14 98304]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"SWPROguard"=C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe [2010-03-11 586376]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Steam"=c:\program files\valve\steam\steam.exe [2010-03-16 1217872]
"Google Update"=C:\Users\Vamos\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 136176]

C:\Users\Vamos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b699769a-2be5-11df-80fb-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe
shell\directx\command - D:\DirectX9\dxsetup.exe
shell\setup\command - D:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-28 20:07:43 ----D---- C:\_OTM
2010-03-26 12:12:37 ----D---- C:\Users\Vamos\AppData\Roaming\Malwarebytes
2010-03-26 12:12:32 ----D---- C:\ProgramData\Malwarebytes
2010-03-26 12:12:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-26 11:13:23 ----D---- C:\rsit
2010-03-26 11:13:23 ----D---- C:\Program Files\trend micro
2010-03-25 22:53:11 ----D---- C:\Users\Vamos\AppData\Roaming\QuickScan
2010-03-25 19:27:14 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-25 19:27:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-25 17:47:48 ----D---- C:\Users\Vamos\AppData\Roaming\Common Toolkit Suite
2010-03-25 17:47:41 ----D---- C:\ProgramData\clp
2010-03-25 17:47:33 ----D---- C:\ProgramData\Common Toolkit Suite
2010-03-25 17:47:33 ----D---- C:\Program Files\Fighters
2010-03-25 17:47:33 ----D---- C:\Program Files\Common Files\Common Toolkit Suite
2010-03-25 17:47:03 ----HDC---- C:\ProgramData\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-03-25 17:46:32 ----D---- C:\Users\Vamos\AppData\Roaming\Fighters
2010-03-25 13:09:41 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-25 13:09:41 ----A---- C:\Windows\PCTBDRes.dll
2010-03-25 13:09:41 ----A---- C:\Windows\PCTBDCore.dll.old
2010-03-25 13:09:41 ----A---- C:\Windows\PCTBDCore.dll
2010-03-25 13:09:41 ----A---- C:\Windows\BDTSupport.dll.old
2010-03-25 13:09:41 ----A---- C:\Windows\BDTSupport.dll
2010-03-25 13:07:14 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-25 13:07:13 ----D---- C:\Users\Vamos\AppData\Roaming\PC Tools
2010-03-25 13:07:13 ----D---- C:\ProgramData\PC Tools
2010-03-25 13:07:13 ----D---- C:\Program Files\Spyware Doctor
2010-03-25 13:06:55 ----AD---- C:\ProgramData\TEMP
2010-03-24 22:46:40 ----D---- C:\Program Files\No-IP
2010-03-23 12:59:34 ----D---- C:\Program Files\CR-TEKnologies
2010-03-18 21:19:23 ----D---- C:\ProgramData\Sony
2010-03-18 21:19:17 ----D---- C:\Program Files\Sony
2010-03-18 20:41:23 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-03-18 20:40:57 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-03-18 20:31:37 ----D---- C:\Program Files\Movie Maker 2.6
2010-03-18 19:05:15 ----D---- C:\Program Files\VirtualDJ
2010-03-18 00:00:12 ----A---- C:\Windows\system32\msonpmon.dll
2010-03-17 16:14:17 ----D---- C:\Program Files\HyCam2
2010-03-16 21:26:40 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-03-16 20:59:10 ----D---- C:\Program Files\Eidos
2010-03-16 20:45:52 ----D---- C:\Program Files\SpeedFan
2010-03-16 18:59:59 ----D---- C:\Windows\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP
2010-03-16 18:53:08 ----D---- C:\Program Files\Common Files\Steam
2010-03-16 18:47:14 ----D---- C:\Program Files\Valve
2010-03-15 20:40:52 ----D---- C:\Users\Vamos\AppData\Roaming\TS3Client
2010-03-15 20:39:45 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-03-15 15:56:48 ----D---- C:\Fraps
2010-03-15 14:40:24 ----D---- C:\ProgramData\Office Genuine Advantage
2010-03-15 14:13:27 ----A---- C:\Windows\system32\MRT.exe
2010-03-15 14:13:08 ----D---- C:\Program Files\MSXML 4.0
2010-03-14 15:16:03 ----D---- C:\ProgramData\Age of Empires 3
2010-03-14 15:14:48 ----D---- C:\Program Files\Common Files\Microsoft Games
2010-03-14 15:14:42 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-03-14 15:14:41 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-03-14 15:06:01 ----D---- C:\Program Files\Microsoft Games
2010-03-11 23:38:28 ----D---- C:\Program Files\QS
2010-03-11 23:38:23 ----D---- C:\Users\Vamos\AppData\Roaming\TeamViewer
2010-03-10 23:33:11 ----D---- C:\Program Files\WinSCP
2010-03-10 23:27:52 ----A---- C:\Windows\system32\libmysql_d.dll
2010-03-10 23:27:49 ----D---- C:\Program Files\PremiumSoft
2010-03-10 22:08:26 ----D---- C:\Program Files\Hamachi
2010-03-10 22:06:40 ----HD---- C:\ProgramData\CanonBJ
2010-03-10 22:06:04 ----A---- C:\Windows\system32\CNMLM9E.DLL
2010-03-10 21:07:16 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-10 21:04:10 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-10 20:59:15 ----D---- C:\Windows\system32\appmgmt
2010-03-10 18:08:21 ----D---- C:\Users\Vamos\AppData\Roaming\Hamachi
2010-03-10 18:00:24 ----D---- C:\Program Files\Common Files\PC SOFT
2010-03-10 17:42:38 ----D---- C:\ProgramData\COMODO
2010-03-10 17:37:45 ----D---- C:\ProgramData\Comodo Downloader
2010-03-10 17:17:59 ----D---- C:\Program Files\Microsoft Virtual PC
2010-03-10 16:39:33 ----D---- C:\Program Files\Landwirtschafts-Simulator 2009 Demo
2010-03-10 15:39:28 ----D---- C:\Program Files\Legend of MT2
2010-03-10 15:13:05 ----D---- C:\Users\Vamos\AppData\Roaming\Mozilla
2010-03-10 15:12:58 ----D---- C:\Users\Vamos\AppData\Roaming\LimeWire
2010-03-10 15:09:57 ----D---- C:\ProgramData\Sun
2010-03-10 15:09:56 ----D---- C:\Program Files\Common Files\Java
2010-03-10 15:09:49 ----A---- C:\Windows\system32\javaws.exe
2010-03-10 15:09:49 ----A---- C:\Windows\system32\javaw.exe
2010-03-10 15:09:49 ----A---- C:\Windows\system32\java.exe
2010-03-10 15:09:49 ----A---- C:\Windows\system32\deploytk.dll
2010-03-10 15:09:43 ----D---- C:\Program Files\Java
2010-03-10 15:09:23 ----D---- C:\Program Files\LimeWire
2010-03-10 15:01:51 ----D---- C:\Users\Vamos\AppData\Roaming\WinRAR
2010-03-10 14:54:25 ----D---- C:\Program Files\WinRAR
2010-03-10 14:44:33 ----D---- C:\Users\Vamos\AppData\Roaming\uTorrent
2010-03-10 13:29:42 ----D---- C:\Program Files\Windows Virtual PC
2010-03-10 13:28:48 ----A---- C:\Windows\system32\vpchbuspipe.dll
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VPCWizard.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VPCSettings.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VMWindow.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\vmsal.exe
2010-03-10 13:28:45 ----A---- C:\Windows\system32\VMCPropertyHandler.dll
2010-03-10 13:28:43 ----A---- C:\Windows\system32\vpc.exe
2010-03-10 13:05:34 ----A---- C:\Windows\system32\msasn1.dll
2010-03-10 13:05:33 ----A---- C:\Windows\system32\wmp.dll
2010-03-10 13:05:33 ----A---- C:\Windows\system32\winresume.exe
2010-03-10 13:05:33 ----A---- C:\Windows\system32\winload.exe
2010-03-10 13:05:33 ----A---- C:\Windows\system32\CertEnroll.dll
2010-03-10 13:05:32 ----A---- C:\Windows\system32\wmploc.DLL
2010-03-10 13:05:20 ----A---- C:\Windows\system32\jscript.dll
2010-03-10 13:05:16 ----A---- C:\Windows\system32\t2embed.dll
2010-03-10 13:05:16 ----A---- C:\Windows\system32\fontsub.dll
2010-03-10 13:05:16 ----A---- C:\Windows\system32\atmfd.dll
2010-03-10 13:05:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-10 13:05:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-10 13:05:15 ----A---- C:\Windows\system32\kernel32.dll
2010-03-10 13:05:15 ----A---- C:\Windows\system32\apphelp.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\tsbyuv.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\quartz.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\msyuv.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\msvidc32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\msrle32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\mciavi32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\iyuv_32.dll
2010-03-10 13:05:14 ----A---- C:\Windows\system32\avifil32.dll
2010-03-10 13:05:13 ----A---- C:\Windows\system32\mshtml.dll
2010-03-10 13:05:13 ----A---- C:\Windows\system32\ieframe.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\wininet.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\urlmon.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-10 13:05:12 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-10 13:05:06 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-10 13:05:06 ----A---- C:\Windows\system32\msdri.dll
2010-03-10 13:05:06 ----A---- C:\Windows\system32\CPFilters.dll
2010-03-10 13:05:02 ----A---- C:\Windows\system32\tzres.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\secproc.dll
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-10 13:04:59 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-10 13:04:55 ----A---- C:\Windows\system32\winlogon.exe
2010-03-10 13:04:55 ----A---- C:\Windows\explorer.exe
2010-03-10 09:27:47 ----D---- C:\ProgramData\Adobe
2010-03-10 09:27:44 ----D---- C:\Program Files\Common Files\Adobe
2010-03-10 09:27:44 ----D---- C:\Program Files\Adobe
2010-03-10 03:45:04 ----D---- C:\Windows\SoftwareDistribution
2010-03-09 22:12:06 ----D---- C:\Program Files\LogMeIn Hamachi
2010-03-09 22:09:23 ----D---- C:\wamp
2010-03-09 22:07:17 ----D---- C:\Users\Vamos\AppData\Roaming\Notepad++
2010-03-09 22:07:17 ----D---- C:\Program Files\Notepad++
2010-03-09 20:11:49 ----D---- C:\PFiles
2010-03-09 20:05:30 ----D---- C:\Users\Vamos\AppData\Roaming\Macromedia
2010-03-09 20:05:30 ----D---- C:\Users\Vamos\AppData\Roaming\Adobe
2010-03-09 20:04:59 ----D---- C:\Windows\system32\Macromed
2010-03-09 19:54:47 ----D---- C:\Program Files\Microsoft
2010-03-09 19:54:26 ----D---- C:\Program Files\Windows Live SkyDrive
2010-03-09 19:54:09 ----D---- C:\Program Files\Windows Live
2010-03-09 19:51:53 ----D---- C:\ProgramData\Kaspersky Lab
2010-03-09 19:51:53 ----D---- C:\Program Files\Kaspersky Lab
2010-03-09 19:50:53 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-03-09 19:50:50 ----D---- C:\Program Files\Common Files\Windows Live
2010-03-09 19:47:31 ----D---- C:\Users\Vamos\AppData\Roaming\ATI
2010-03-09 19:47:12 ----SD---- C:\Users\Vamos\AppData\Roaming\Microsoft
2010-03-09 19:47:12 ----D---- C:\Users\Vamos\AppData\Roaming\Identities

======List of files/folders modified in the last 1 months======

2010-03-28 23:31:34 ----D---- C:\Windows\Temp
2010-03-28 20:07:43 ----RD---- C:\Program Files
2010-03-28 17:21:35 ----D---- C:\Windows\system32\config
2010-03-28 17:16:57 ----D---- C:\Windows\System32
2010-03-28 17:16:57 ----D---- C:\Windows\inf
2010-03-28 17:16:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-28 17:08:49 ----D---- C:\Windows\system32\wdi
2010-03-26 19:14:20 ----D---- C:\Windows\Tasks
2010-03-26 19:14:20 ----D---- C:\Windows\system32\Tasks
2010-03-26 12:19:50 ----D---- C:\Windows\system32\drivers
2010-03-26 12:12:32 ----HD---- C:\ProgramData
2010-03-26 11:14:36 ----SHD---- C:\System Volume Information
2010-03-26 11:11:07 ----D---- C:\Windows\system32\catroot2
2010-03-25 20:13:23 ----D---- C:\Windows
2010-03-25 17:47:36 ----D---- C:\Windows\system32\catroot
2010-03-25 17:47:35 ----SHD---- C:\Windows\Installer
2010-03-25 17:47:33 ----D---- C:\Program Files\Common Files
2010-03-25 00:10:23 ----D---- C:\Program Files\Internet Explorer
2010-03-25 00:10:22 ----D---- C:\Windows\winsxs
2010-03-23 12:59:38 ----D---- C:\Windows\Prefetch
2010-03-19 12:51:07 ----D---- C:\Windows\system32\LogFiles
2010-03-19 11:37:15 ----D---- C:\ProgramData\Microsoft Help
2010-03-18 21:20:06 ----RSD---- C:\Windows\assembly
2010-03-18 19:05:22 ----RSD---- C:\Windows\Fonts
2010-03-17 23:58:34 ----D---- C:\Program Files\Common Files\microsoft shared
2010-03-16 20:59:21 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-15 14:14:16 ----D---- C:\Windows\system32\zh-TW
2010-03-15 14:14:16 ----D---- C:\Windows\system32\zh-HK
2010-03-15 14:14:16 ----D---- C:\Windows\system32\tr-TR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\sv-SE
2010-03-15 14:14:16 ----D---- C:\Windows\system32\pt-BR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\nl-NL
2010-03-15 14:14:16 ----D---- C:\Windows\system32\nb-NO
2010-03-15 14:14:16 ----D---- C:\Windows\system32\ko-KR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\it-IT
2010-03-15 14:14:16 ----D---- C:\Windows\system32\he-IL
2010-03-15 14:14:16 ----D---- C:\Windows\system32\fr-FR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\fi-FI
2010-03-15 14:14:16 ----D---- C:\Windows\system32\es-ES
2010-03-15 14:14:16 ----D---- C:\Windows\system32\en-US
2010-03-15 14:14:16 ----D---- C:\Windows\system32\el-GR
2010-03-15 14:14:16 ----D---- C:\Windows\system32\de-DE
2010-03-15 14:14:16 ----D---- C:\Windows\system32\da-DK
2010-03-15 14:14:16 ----D---- C:\Windows\system32\ar-SA
2010-03-15 14:13:28 ----D---- C:\Windows\debug
2010-03-14 15:14:41 ----D---- C:\Windows\Microsoft.NET
2010-03-13 18:49:43 ----D---- C:\Windows\rescache
2010-03-13 18:32:10 ----D---- C:\Windows\DigitalLocker
2010-03-13 18:32:09 ----D---- C:\Windows\system32\winrm
2010-03-13 18:32:07 ----D---- C:\Windows\system32\slmgr
2010-03-13 18:32:06 ----D---- C:\Windows\system32\WCN
2010-03-13 18:32:06 ----D---- C:\Windows\system32\MUI
2010-03-13 18:32:00 ----D---- C:\Windows\servicing
2010-03-13 18:32:00 ----D---- C:\Windows\PolicyDefinitions
2010-03-13 18:32:00 ----D---- C:\Windows\IME
2010-03-13 18:32:00 ----D---- C:\Windows\ehome
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Sidebar
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Photo Viewer
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Mail
2010-03-13 18:32:00 ----D---- C:\Program Files\Windows Defender
2010-03-13 18:32:00 ----D---- C:\Program Files\DVD Maker
2010-03-13 18:32:00 ----D---- C:\Program Files\Common Files\System
2010-03-13 18:31:59 ----D---- C:\Windows\system32\sysprep
2010-03-13 18:31:59 ----D---- C:\Windows\system32\Setup
2010-03-13 18:31:59 ----D---- C:\Windows\system32\oobe
2010-03-13 18:31:59 ----D---- C:\Windows\system32\migwiz
2010-03-13 18:31:59 ----D---- C:\Windows\system32\migration
2010-03-13 18:31:59 ----D---- C:\Windows\system32\Boot
2010-03-13 18:31:56 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2010-03-13 18:31:55 ----D---- C:\Windows\system32\wbem
2010-03-13 18:31:55 ----D---- C:\Windows\system32\com
2010-03-13 18:31:55 ----D---- C:\Windows\AppPatch
2010-03-13 16:04:38 ----D---- C:\Windows\system32\Dism
2010-03-13 16:02:19 ----D---- C:\Program Files\Windows Media Player
2010-03-13 16:02:19 ----D---- C:\Program Files\Windows Journal
2010-03-13 16:02:02 ----D---- C:\Windows\system32\XPSViewer
2010-03-13 16:00:14 ----D---- C:\Windows\Logs
2010-03-13 04:13:26 ----D---- C:\Program Files\Microsoft Works
2010-03-13 04:12:15 ----A---- C:\Windows\win.ini
2010-03-10 22:06:20 ----D---- C:\Windows\system32\DriverStore
2010-03-10 22:06:11 ----RSD---- C:\Windows\Media
2010-03-10 22:06:05 ----D---- C:\Windows\twain_32
2010-03-10 13:40:48 ----D---- C:\Windows\Downloaded Program Files
2010-03-10 13:29:45 ----D---- C:\Windows\system32\ro-RO
2010-03-10 13:29:45 ----D---- C:\Windows\system32\pt-PT
2010-03-10 13:29:45 ----D---- C:\Windows\system32\ja-JP
2010-03-10 13:29:45 ----D---- C:\Windows\system32\cs-CZ
2010-03-10 13:29:44 ----D---- C:\Windows\system32\th-TH
2010-03-10 13:29:44 ----D---- C:\Windows\system32\pl-PL
2010-03-10 13:29:44 ----D---- C:\Windows\system32\hu-HU
2010-03-10 13:29:43 ----D---- C:\Windows\system32\zh-CN
2010-03-10 13:29:43 ----D---- C:\Windows\system32\ru-RU
2010-03-09 20:00:34 ----D---- C:\Windows\system32\NDF
2010-03-09 19:50:33 ----SD---- C:\ProgramData\Microsoft
2010-03-09 19:50:26 ----D---- C:\Windows\system32\restore
2010-03-09 19:47:19 ----SHD---- C:\$Recycle.Bin
2010-03-09 19:47:12 ----RD---- C:\Users
2010-03-09 19:46:07 ----D---- C:\Windows\Panther
2010-03-09 19:46:06 ----SHD---- C:\Recovery
2010-03-09 19:46:06 ----D---- C:\Windows\system32\Recovery
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 28 Mar 2010 22:36

C'est beaucoup mieux.

Ca tu connais ? C'est toi qui l'as installé ?
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 28 Mar 2010 23:11

:learn: c'est un anti virus sur le net oui :), sinon pour le problème des programmes plus dans la liste je fais comment :?:
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 28 Mar 2010 23:20

On va regarder ça.

Télécharge ce ajoutsup.bat ici :
http://senduit.com/368df2

Démarre-le par clic droit, exécuter en tant qu'administrateur, il va lire des clés de la base de registre, et te faire un rapport, à poster dans ta prochaine réponse. :-D
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 29 Mar 2010 11:15

salut, je crois avoir compris, un des mes anti spwyare d'avant avaient vidé la liste, les derniers programme installé sont dedans m'enfin.. :crazy:

Voici le Rapport ajoutsup.bat

Code: Tout sélectionner
  -------------
 -------------



je trouve drôle de rapport :xpdr:
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Re: Trojan.Generic Help :S

Messagepar Falkra » 29 Mar 2010 19:18

Drôle non, la base de registre semble vidée côté ajout/suppression de programme, c'est inquiétant.

Tu avais bien lancé le fichier bat par clic droit, exécuter en tant qu'administrateur ?
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Trojan.Generic Help :S

Messagepar Vamos » 29 Mar 2010 19:25

Oui oui, :-D
Vamos
Libellulien
Libellulien
 
Messages: 54
Inscription: 26 Mar 2010 10:38

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités