hacked by...

miauu · 29.04.2009, 21:37

Rapport de ZHPDiag v1.20.1 par Nicolas Coolman
Enregistré le 29.04.2009 22:31:56
Platform : Windows Vista (TM) Home Premium (6.0.6001) Service Pack 1
MSIE: Internet Explorer v8.0.6001.18702

---\\ Processus lancés
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (not file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: inetcpl.cpl=no

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFBARH.ICO
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe,1040
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe,1040

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} () - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {B85537E9-2D9C-400A-BC92-B04F4D9FF17D} (Silverwire Image Uploader Control) - http://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: EventStartup - C:\Windows\System32\VESWinlogon.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: .NET Framework - {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.8 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Webordner - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash10b.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Help Center 2.1
O42 - Logiciel: Adobe Photoshop Elements 5.0
O42 - Logiciel: Alps Pointing-device for VAIO
O42 - Logiciel: Ashampoo ClipFinder 1.26
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus
O42 - Logiciel: Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
O42 - Logiciel: Bluetooth Stack for Windows by Toshiba
O42 - Logiciel: Click to DVD 2.0.05 Menu Data
O42 - Logiciel: Click to DVD 2.6.00
O42 - Logiciel: DVAG Online-System
O42 - Logiciel: DVgate Plus
O42 - Logiciel: Die Sims 2
O42 - Logiciel: HDAUDIO SoftV92 Data Fax Modem with SmartCP
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: ICQ6.5
O42 - Logiciel: InstallRTC
O42 - Logiciel: Intel(R) PRO Network Connections Drivers
O42 - Logiciel: Java(TM) 6 Update 13
O42 - Logiciel: LAN Setting Utility
O42 - Logiciel: Lexmark Z500-Z600 Series
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Microsoft Office Standard Edition 2003
O42 - Logiciel: Microsoft SQL Server 2005
O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
O42 - Logiciel: Microsoft SQL Server Native Client
O42 - Logiciel: Microsoft SQL Server VSS Writer
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
O42 - Logiciel: Microsoft Works
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: OpenMG Secure Module 4.6.01
O42 - Logiciel: Radiotracker
O42 - Logiciel: SecureW2 TTLS Client 3.2.0 for Windows Vista BETA1
O42 - Logiciel: Setting Utility Series
O42 - Logiciel: SigmaTel Audio
O42 - Logiciel: SonicStage 4.2
O42 - Logiciel: SonicStage Mastering Studio
O42 - Logiciel: SonicStage Mastering Studio Audio Filter
O42 - Logiciel: SonicStage Mastering Studio Plug-Ins
O42 - Logiciel: Sony Snymsico for Vista
O42 - Logiciel: Sony Utilities DLL
O42 - Logiciel: Sony Video Shared Library
O42 - Logiciel: Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
O42 - Logiciel: VAIO Aqua Breeze Wallpaper
O42 - Logiciel: VAIO Camera Capture Utility
O42 - Logiciel: VAIO Camera Utility
O42 - Logiciel: VAIO Control Center
O42 - Logiciel: VAIO Cozy Orange Wallpaper
O42 - Logiciel: VAIO Entertainment Platform
O42 - Logiciel: VAIO Event Service
O42 - Logiciel: VAIO Hardware Diagnostics
O42 - Logiciel: VAIO Information FLOW
O42 - Logiciel: VAIO Media 6.0
O42 - Logiciel: VAIO Media AC3 Decoder 1.0
O42 - Logiciel: VAIO Media Content Collection 6.0
O42 - Logiciel: VAIO Media Integrated Server 6.0
O42 - Logiciel: VAIO Media Redistribution 6.0
O42 - Logiciel: VAIO Media Registration Tool 6.0
O42 - Logiciel: VAIO Photo 2007
O42 - Logiciel: VAIO Power Management
O42 - Logiciel: VAIO Tender Green Wallpaper
O42 - Logiciel: VAIO Update 4
O42 - Logiciel: VPN Client
O42 - Logiciel: WavePad Sound Editor
O42 - Logiciel: WinDVD for VAIO
O42 - Logiciel: Winamp
O42 - Logiciel: Windows-Treiberpaket - Ricoh R5U870 (UVC) (11/07/2006 6.1003.206.0)
O42 - Logiciel: Wireless Switch Setting Utility

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Alice(1)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Alice(2)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Real
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Roxio Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sony Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\Windows\System32\admparse.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\advpack.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\corpol.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\deploytk.dll -->27.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\dxtmsft.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\dxtrans.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->15.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iashost.exe -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\icardie.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ie4uinit.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieakeng.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieakui.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieapfltr.dat -->07.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieapfltr.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iepeers.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iernonce.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iesetup.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iesysprep.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieui.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieuinit.inf -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\iexpress.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\imgutil.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\inetcpl.cpl -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\inseng.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\java.exe -->27.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\javaw.exe -->27.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\javaws.exe -->27.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\jscript.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\licmgr10.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\mrt.exe -->06.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeedsbs.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeedssync.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshta.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtmled.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtmler.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msls31.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\msrating.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\PAV_FOG.OPC -->17.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\PDMSetup.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->14.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->14.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->14.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\pngfilt.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\RegisterIEPKEYs.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\rpcss.dll -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->03.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\SetDepNx.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\SetIEInstalledDate.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\tdc.ocx -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\url.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\vbscript.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\webcheck.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wextract.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->09.02.2009
O44 - LFC:Last File Created - C:\Windows\System32\WinFXDocObj.exe -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->08.03.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\avgntflt.sys -->27.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\avipbb.sys -->27.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\PktIcpt.sys -->14.04.2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\ssmdrv.sys -->13.02.2009

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages -
O48 - LSA:Local Security Authority Notification Packages -

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.i420"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.dvsd"="C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDrives"=0

End of the scan:

hacked by...

Log-Analyse und Auswertung: hacked by...

hacked by...

Ähnliche Themen: hacked by...