Probleme security system
Résolu
Ouille
-
fix200 Messages postés 3365 Statut Contributeur sécurité -
fix200 Messages postés 3365 Statut Contributeur sécurité -
Bonjour,
j'ai téléchargé un programme infecté et maintenant je ne peux plus utiliser ma souris, les scans avast avant démarrage n'ont pas réglé le problème et je ne peux pas ouvrir regedit, ni le gestionnaire de tâches !
Le virus a changé mon wallpaper en message pour telecharger system security et d'autres messages incessants.
Voici les logs de Hijackthis
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bénédicte at 2009-07-14 20:46:33
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 48 GB (54%) free of 88 GB
Total RAM: 894 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:44, on 14/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bénédicte\Local Settings\Temporary Internet Files\Content.IE5\N1A9D2N1\RSIT[1].exe
C:\Program Files\trend micro\Bénédicte.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/fr/extension-garantie/iconlanding
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [chic media time up] C:\Documents and Settings\All Users\Application Data\bodyshowchicmedia\mathcake.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [16391094] C:\Documents and Settings\All Users\Application Data\16391094\16391094.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shim error] C:\DOCUME~1\BNDICT~1\APPLIC~1\DEAFON~1\more plus setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Anti-Hacker(2).lnk = ?
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier(2).lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor(2).lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader(2).lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office(2).lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
j'ai téléchargé un programme infecté et maintenant je ne peux plus utiliser ma souris, les scans avast avant démarrage n'ont pas réglé le problème et je ne peux pas ouvrir regedit, ni le gestionnaire de tâches !
Le virus a changé mon wallpaper en message pour telecharger system security et d'autres messages incessants.
Voici les logs de Hijackthis
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bénédicte at 2009-07-14 20:46:33
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 48 GB (54%) free of 88 GB
Total RAM: 894 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:44, on 14/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bénédicte\Local Settings\Temporary Internet Files\Content.IE5\N1A9D2N1\RSIT[1].exe
C:\Program Files\trend micro\Bénédicte.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/fr/extension-garantie/iconlanding
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [chic media time up] C:\Documents and Settings\All Users\Application Data\bodyshowchicmedia\mathcake.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [16391094] C:\Documents and Settings\All Users\Application Data\16391094\16391094.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shim error] C:\DOCUME~1\BNDICT~1\APPLIC~1\DEAFON~1\more plus setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Anti-Hacker(2).lnk = ?
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier(2).lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor(2).lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader(2).lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office(2).lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:
- Probleme security system
- Reboot system now - Guide
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Ai security avis - Forum Mobile
- Cette action ne peut pas être réalisée car le fichier est ouvert dans system - Guide
- Fichier ouvert dans system ✓ - Forum Windows
126 réponses
Oui Mais celui la :) http://www.commentcamarche.net/forum/affich 13358466 probleme security system?page=3#41
Ca ne marche toujours pas =O
ComboFix 09-07-14.07 - Bénédicte 15/07/2009 12:28.4.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.440 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Combofix.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090714-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 09:58 . 2009-07-15 10:14 -------- d-s---w- C:\Moi
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-09-28 17:09 . 2006-10-01 08:11 88 --sh--r- c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-15_08.37.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 10:12 . 2009-07-15 10:12 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2009-07-15 10:40 . 2009-07-15 10:40 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2009-07-13 09:23 . 2009-07-15 10:17 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-13 09:23 . 2009-07-14 20:31 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 12:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3600)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-07-15 13:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 11:05
ComboFix2.txt 2009-07-15 09:47
ComboFix3.txt 2009-07-15 08:41
Pre-Run: 49 725 272 064 octets libres
Post-Run: 49 693 724 672 octets libres
309 --- E O F --- 2009-07-13 07:45
ComboFix 09-07-14.07 - Bénédicte 15/07/2009 12:28.4.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.440 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Combofix.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090714-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 09:58 . 2009-07-15 10:14 -------- d-s---w- C:\Moi
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-09-28 17:09 . 2006-10-01 08:11 88 --sh--r- c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-15_08.37.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 10:12 . 2009-07-15 10:12 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2009-07-15 10:40 . 2009-07-15 10:40 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2009-07-13 09:23 . 2009-07-15 10:17 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-13 09:23 . 2009-07-14 20:31 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 12:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3600)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-07-15 13:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 11:05
ComboFix2.txt 2009-07-15 09:47
ComboFix3.txt 2009-07-15 08:41
Pre-Run: 49 725 272 064 octets libres
Post-Run: 49 693 724 672 octets libres
309 --- E O F --- 2009-07-13 07:45
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Hello ;)
Il a bien travaillé
Un dernier CFScript :)
Copie le texte ci-dessous :
Rootkit::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
Ensuite :
Désactive ton Antivirus le temps de la manip car il est détecté a tort comme infection puis :
Télécharge List_All de gen-hackman et enregistre-le sur ton bureau et pas ailleurs.
Exécute-le (en tant qu'administrateur sous vista)
Choisis l'option en gras ci-dessous :
1 : Elements du panneau de configuration ^(cpl^)
2 : Liste des .dll systeme
3 : Listes des executables ^(.exe^)
4 : Liste des fichiers systeme ^(Drivers^)
5 : Liste du system32
6 : Liste de tout le systeme
7 : Liste des fichiers .tmp
8 : Liste des fichiers racine
9 : Liste des fichiers caches
0 : Liste des processus console
Valide par "entrée"
Rends-toi récupérer le rapport où il t'est indiqué ,
* Envoie-le sur : http://www.cijoint.fr/ , fais-toi parcourir ,
Puis envoie le fichier.
Un lien de cette forme va apparaitre : hxxp://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
=> Renvoie le lien tout frais dans ta prochaine réponse .
Il a bien travaillé
Un dernier CFScript :)
Copie le texte ci-dessous :
Rootkit::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
Ensuite :
Désactive ton Antivirus le temps de la manip car il est détecté a tort comme infection puis :
Télécharge List_All de gen-hackman et enregistre-le sur ton bureau et pas ailleurs.
Exécute-le (en tant qu'administrateur sous vista)
Choisis l'option en gras ci-dessous :
1 : Elements du panneau de configuration ^(cpl^)
2 : Liste des .dll systeme
3 : Listes des executables ^(.exe^)
4 : Liste des fichiers systeme ^(Drivers^)
5 : Liste du system32
6 : Liste de tout le systeme
7 : Liste des fichiers .tmp
8 : Liste des fichiers racine
9 : Liste des fichiers caches
0 : Liste des processus console
Valide par "entrée"
Rends-toi récupérer le rapport où il t'est indiqué ,
* Envoie-le sur : http://www.cijoint.fr/ , fais-toi parcourir ,
Puis envoie le fichier.
Un lien de cette forme va apparaitre : hxxp://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
=> Renvoie le lien tout frais dans ta prochaine réponse .
ComboFix 09-07-14.07 - Bénédicte 15/07/2009 13:28.5.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.424 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Combofix.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090714-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 09:58 . 2009-07-15 10:14 -------- d-s---w- C:\Moi
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-09-28 17:09 . 2006-10-01 08:11 88 --sh--r- c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-15_08.37.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 11:40 . 2009-07-15 11:40 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2009-07-15 11:40 . 2009-07-15 11:40 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2009-07-13 09:23 . 2009-07-15 11:45 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-13 09:23 . 2009-07-14 20:31 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 13:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????u?n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2396)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-07-15 13:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 11:54
ComboFix2.txt 2009-07-15 11:06
ComboFix3.txt 2009-07-15 09:47
ComboFix4.txt 2009-07-15 08:41
Pre-Run: 49 682 575 360 octets libres
Post-Run: 49 673 302 016 octets libres
310 --- E O F --- 2009-07-13 07:45
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.424 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Combofix.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090714-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.
2009-07-15 09:58 . 2009-07-15 10:14 -------- d-s---w- C:\Moi
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-09-28 17:09 . 2006-10-01 08:11 88 --sh--r- c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-15_08.37.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 11:40 . 2009-07-15 11:40 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2009-07-15 11:40 . 2009-07-15 11:40 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2009-07-13 09:23 . 2009-07-15 11:45 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-13 09:23 . 2009-07-14 20:31 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 13:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????u?n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2396)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-07-15 13:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 11:54
ComboFix2.txt 2009-07-15 11:06
ComboFix3.txt 2009-07-15 09:47
ComboFix4.txt 2009-07-15 08:41
Pre-Run: 49 682 575 360 octets libres
Post-Run: 49 673 302 016 octets libres
310 --- E O F --- 2009-07-13 07:45
Salut ,
Vraiment coriace cette merde de rootkit ... :(
As tu le CD de windows pour une éventuelle réparation ?
Essaye ça :
Télécharge OAD de !aur3n7
▶ Enregistre le sur ton Bureau
▶ Double clique sur le OAD.exe pour le lancer
▶ Nom de fichier à rechercher tape ou fais un copier coller de : geyekrakuuuvqf
▶ Type de recherche : sélectionne l'option 6puis valide [entrée]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
▶ Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)
Ensuite Essaye avec ça : geyekrakuuuvqf.sys
Colle les rapports .
A+
Vraiment coriace cette merde de rootkit ... :(
As tu le CD de windows pour une éventuelle réparation ?
Essaye ça :
Télécharge OAD de !aur3n7
▶ Enregistre le sur ton Bureau
▶ Double clique sur le OAD.exe pour le lancer
▶ Nom de fichier à rechercher tape ou fais un copier coller de : geyekrakuuuvqf
▶ Type de recherche : sélectionne l'option 6puis valide [entrée]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
▶ Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)
Ensuite Essaye avec ça : geyekrakuuuvqf.sys
Colle les rapports .
A+
15/07/2009 ---- 16:12:30,07
----------------------------------
§§§§§§ [geyekrakuuuvqf] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Non je n'ai pas de cd Windows :(
----------------------------------
§§§§§§ [geyekrakuuuvqf] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Non je n'ai pas de cd Windows :(
15/07/2009 ---- 21:09:23,62
----------------------------------
§§§§§§ [geyekrakuuuvqf.sys] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
----------------------------------
§§§§§§ [geyekrakuuuvqf.sys] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Hello :)
Supprime combofix .
et Menu Démarrer => exécuter
Tape combofix /u
OK
ComboFix va redémarrer puis se supprimer
Puis reprends Combofix exactement comme en haut > http://www.commentcamarche.net/forum/affich 13358466 probleme security system?page=2#27
A+
Supprime combofix .
et Menu Démarrer => exécuter
Tape combofix /u
OK
ComboFix va redémarrer puis se supprimer
Puis reprends Combofix exactement comme en haut > http://www.commentcamarche.net/forum/affich 13358466 probleme security system?page=2#27
A+
ComboFix 09-07-14.08 - Bénédicte 16/07/2009 13:26.7.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.391 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Moi.exe
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
2009-06-16 14:54 . 2009-06-16 14:54 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:54 . 2009-06-16 14:54 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-09-28 17:09 . 2006-10-01 08:11 88 --sh--r- c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 13:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(480)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\HPQ\Quick Launch Buttons\CPQINFO.DLL
.
Completion time: 2009-07-16 13:42
ComboFix-quarantined-files.txt 2009-07-16 11:41
Pre-Run: 51 056 316 416 octets libres
Post-Run: 51 090 583 552 octets libres
275 --- E O F --- 2009-07-15 23:15
Quand est-ce qu'il doit me demander d'installer la recovery console ? Parce que je lance le programme et je n'ai aucune proposition d'installation de rien, il y a d'abord une pop up qui me demande si je veux continuer, je mets oui et le scan commence =O !
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.391 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Moi.exe
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
2009-06-16 14:54 . 2009-06-16 14:54 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:54 . 2009-06-16 14:54 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-09-28 17:09 . 2006-10-01 08:11 88 --sh--r- c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 13:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(480)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\HPQ\Quick Launch Buttons\CPQINFO.DLL
.
Completion time: 2009-07-16 13:42
ComboFix-quarantined-files.txt 2009-07-16 11:41
Pre-Run: 51 056 316 416 octets libres
Post-Run: 51 090 583 552 octets libres
275 --- E O F --- 2009-07-15 23:15
Quand est-ce qu'il doit me demander d'installer la recovery console ? Parce que je lance le programme et je n'ai aucune proposition d'installation de rien, il y a d'abord une pop up qui me demande si je veux continuer, je mets oui et le scan commence =O !
Salut,
Bizarre tout cela .
ce rootkit commence sérieusement a m'énerver .
Essaye ça , si sa veux pas on va utiliser un autre outil puissant :
Copie le texte ci-dessous :
File::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
c:\windows\system32\C917B0E5BD.sys
Rootkit::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
A+
Bizarre tout cela .
ce rootkit commence sérieusement a m'énerver .
Essaye ça , si sa veux pas on va utiliser un autre outil puissant :
Copie le texte ci-dessous :
File::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
c:\windows\system32\C917B0E5BD.sys
Rootkit::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
A+
ComboFix 09-07-14.08 - Bénédicte 16/07/2009 20:25.8.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.377 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Moi.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\C917B0E5BD.sys"
"c:\windows\system32\drivers\geyekrakuuuvqf.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 11:20 . 2009-07-16 11:24 -------- d-s---w- C:\Combofix
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-16_11.36.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 18:36 . 2009-07-16 18:36 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2009-07-16 18:36 . 2009-07-16 18:36 16384 c:\windows\Temp\Perflib_Perfdata_150.dat
+ 2009-07-13 09:23 . 2009-07-16 18:42 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-13 09:23 . 2009-07-16 11:14 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 20:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3496)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-07-16 20:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 18:50
ComboFix2.txt 2009-07-16 11:42
Pre-Run: 51 076 075 520 octets libres
Post-Run: 51 048 038 400 octets libres
318 --- E O F --- 2009-07-15 23:15
Voila !
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.377 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Moi.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\C917B0E5BD.sys"
"c:\windows\system32\drivers\geyekrakuuuvqf.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\C917B0E5BD.sys
.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 11:20 . 2009-07-16 11:24 -------- d-s---w- C:\Combofix
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 21:07 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 21:07 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-16_11.36.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-16 18:36 . 2009-07-16 18:36 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2009-07-16 18:36 . 2009-07-16 18:36 16384 c:\windows\Temp\Perflib_Perfdata_150.dat
+ 2009-07-13 09:23 . 2009-07-16 18:42 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-13 09:23 . 2009-07-16 11:14 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Bénédicte\Application Data\Mozilla\Firefox\Profiles\bvfzkeyj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 20:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3496)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-07-16 20:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 18:50
ComboFix2.txt 2009-07-16 11:42
Pre-Run: 51 076 075 520 octets libres
Post-Run: 51 048 038 400 octets libres
318 --- E O F --- 2009-07-15 23:15
Voila !
Re ,
Télécharge Gmer (by Przemyslaw Gmerek)
▶ Dézippe gmer ,cliques sur l'onglet rootkit,lances le scan, des lignes rouges vont apparaitre.
* Les lignes rouges indiquent la présence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
++
Télécharge Gmer (by Przemyslaw Gmerek)
▶ Dézippe gmer ,cliques sur l'onglet rootkit,lances le scan, des lignes rouges vont apparaitre.
* Les lignes rouges indiquent la présence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
++
Re
il n'y a eu aucune ligne rouge trouvé au scan et le bouton Copy a disparu au bout d'un moment je suis désolé je n'ai pas pu faire de rapport.
il n'y a eu aucune ligne rouge trouvé au scan et le bouton Copy a disparu au bout d'un moment je suis désolé je n'ai pas pu faire de rapport.
Re ,
Sa commence a m'énerver ... lol :)
Télécharge SysProt ( De Swatkat ) sur ton bureau :
> ! Déconnecte toi, ferme toutes tes applications le temps de la manipe !
> ! Désactive tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !
> Double clique sur SysProt.exe afin de le lancer.
> Clique sur l'onglet "log"
> Coche toutes les cases présentes dans l'encadré "Write to log" .
> Puis clique sur le bouton en bas à droite [Create Log] .
> Le scan démarre , laisse travailler l'outil ( même si il semble avoir planté ...)
> Au bout d'un moment, une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .
> Patiente de nouveau ... attends le message de fin indiquant la creation du rapport et clique sur "OK"
===> Ferme SysProt, et copie/colle le contenu du rapport ( SysProtLog.txt ) qui a été sauvegardé sur ton bureau dans ta prochaine réponse.
++
Sa commence a m'énerver ... lol :)
Télécharge SysProt ( De Swatkat ) sur ton bureau :
> ! Déconnecte toi, ferme toutes tes applications le temps de la manipe !
> ! Désactive tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !
> Double clique sur SysProt.exe afin de le lancer.
> Clique sur l'onglet "log"
> Coche toutes les cases présentes dans l'encadré "Write to log" .
> Puis clique sur le bouton en bas à droite [Create Log] .
> Le scan démarre , laisse travailler l'outil ( même si il semble avoir planté ...)
> Au bout d'un moment, une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .
> Patiente de nouveau ... attends le message de fin indiquant la creation du rapport et clique sur "OK"
===> Ferme SysProt, et copie/colle le contenu du rapport ( SysProtLog.txt ) qui a été sauvegardé sur ton bureau dans ta prochaine réponse.
++
Voila (désolé pour l'absence)
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 680
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 760
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 788
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 840
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 852
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1008
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1108
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1168
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1220
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1332
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1396
Hidden: No
Window Visible: No
Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1632
Hidden: No
Window Visible: No
Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1648
Hidden: No
Window Visible: No
Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1708
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 360
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 460
Hidden: No
Window Visible: No
Name: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 492
Hidden: No
Window Visible: No
Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 504
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 592
Hidden: No
Window Visible: No
Name: C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PID: 668
Hidden: No
Window Visible: No
Name: C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
PID: 720
Hidden: No
Window Visible: No
Name: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PID: 756
Hidden: No
Window Visible: No
Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 1056
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1488
Hidden: No
Window Visible: No
Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PID: 1768
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 2372
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 2584
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 2596
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2632
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 2968
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
PID: 3056
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wscntfy.exe
PID: 3172
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\QuickPlay\QPService.exe
PID: 3792
Hidden: No
Window Visible: No
Name: C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PID: 3908
Hidden: No
Window Visible: No
Name: C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PID: 3964
Hidden: No
Window Visible: No
Name: C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PID: 3984
Hidden: No
Window Visible: No
Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 4044
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 4064
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 4076
Hidden: No
Window Visible: No
Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 1964
Hidden: No
Window Visible: No
Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 236
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE
PID: 520
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ctfmon.exe
PID: 740
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 272
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 2688
Hidden: No
Window Visible: No
Name: C:\Program Files\OpenOffice.org 3\program\soffice.exe
PID: 3184
Hidden: No
Window Visible: No
Name: C:\Program Files\OpenOffice.org 3\program\soffice.bin
PID: 3248
Hidden: No
Window Visible: No
Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 2068
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 3216
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wuauclt.exe
PID: 216
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PID: 1532
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2160
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2472
Hidden: No
Window Visible: No
Name: C:\Program Files\Windows Live\Toolbar\wltuser.exe
PID: 2796
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\Bénédicte\Bureau\SysProt.exe
PID: 2748
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Bénédicte\Bureau\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B8248000
Module End: B8253000
Hidden: No
Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CF280
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D0000
Module End: 806F0280
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A52000
Module End: F7A54000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7962000
Module End: F7965000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7422000
Module End: F7451000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7A54000
Module End: F7A56000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7411000
Module End: F7422000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7552000
Module End: F755B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F7562000
Module End: F7571000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7572000
Module End: F757F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7966000
Module End: F7969000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F796A000
Module End: F796E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B1A000
Module End: F7B1B000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F77D2000
Module End: F77D9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F7A56000
Module End: F7A58000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F7A58000
Module End: F7A5A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: F7A5A000
Module End: F7A5C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: F73F3000
Module End: F7411000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7582000
Module End: F758D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F73D4000
Module End: F73F3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F796E000
Module End: F7971000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7B1B000
Module End: F7B1C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F77DA000
Module End: F77DF000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7592000
Module End: F75A0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73BC000
Module End: F73D4000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F75A2000
Module End: F75AB000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F75B2000
Module End: F75BF000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F739C000
Module End: F73BC000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F738A000
Module End: F739C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: F75C2000
Module End: F75D1000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F77E2000
Module End: F77E7000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7373000
Module End: F738A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F7360000
Module End: F7373000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72D3000
Module End: F7360000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F72A6000
Module End: F72D3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\serial.sys
Service Name: Serial
Module Base: F7295000
Module End: F72A6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F727A000
Module End: F7295000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Klpid.sys
Service Name: Klpid
Module Base: F77EA000
Module End: F77F2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Klpf.sys
Service Name: Klpf
Module Base: F77F2000
Module End: F77F9000
Hidden: No
Module Name: \WINDOWS\System32\drivers\TDI.SYS
Service Name: ---
Module Base: F77FA000
Module End: F77FF000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: F7732000
Module End: F7742000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F7A2A000
Module End: F7A2D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F6D5F000
Module End: F6EC0000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6D4B000
Module End: F6D5F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F78E2000
Module End: F78E7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6D28000
Module End: F6D4B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F78EA000
Module End: F78F1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7742000
Module End: F774D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7752000
Module End: F775F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7762000
Module End: F7771000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6D05000
Module End: F6D28000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F7772000
Module End: F777C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7782000
Module End: F7790000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F78F2000
Module End: F78F9000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F7A32000
Module End: F7A36000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Service Name: BCM43XX
Module Base: F6C9D000
Module End: F6D05000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Service Name: RTL8023xp
Module Base: F6C89000
Module End: F6C9D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\camc6hal.sys
Service Name: CAMCHALA
Module Base: F6C33000
Module End: F6C89000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\camc6aud.sys
Service Name: CAMCAUD
Module Base: F7792000
Module End: F779C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F6C0F000
Module End: F6C33000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F77A2000
Module End: F77B1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
Service Name: HSFHWATI
Module Base: F6BD6000
Module End: F6C0F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F6AD9000
Module End: F6BD6000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F6A29000
Module End: F6AD9000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F78FA000
Module End: F7902000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7B9E000
Module End: F7B9F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F77B2000
Module End: F77BF000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A36000
Module End: F7A39000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6A12000
Module End: F6A29000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F77C2000
Module End: F77CD000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F75E2000
Module End: F75EE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F6A01000
Module End: F6A12000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F75F2000
Module End: F75FB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F790A000
Module End: F790F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7912000
Module End: F7917000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7602000
Module End: F760C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F791A000
Module End: F7920000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7A72000
Module End: F7A74000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F692D000
Module End: F6961000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7A46000
Module End: F7A4A000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7612000
Module End: F761C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7642000
Module End: F7651000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7A76000
Module End: F7A78000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A7A000
Module End: F7A7C000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7C0A000
Module End: F7C0B000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A7C000
Module End: F7A7E000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F792A000
Module End: F7930000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A7E000
Module End: F7A80000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A80000
Module End: F7A82000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7932000
Module End: F7937000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F793A000
Module End: F7942000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F79F6000
Module End: F79F9000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EE87D000
Module End: EE890000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EE825000
Module End: EE87D000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: F7652000
Module End: F765D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EE7FD000
Module End: EE825000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EE7DB000
Module End: EE7FD000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7662000
Module End: F766B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EE7B0000
Module End: EE7DB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EE741000
Module End: EE7B0000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\klif.sys
Service Name: Klif
Module Base: EE716000
Module End: EE741000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7682000
Module End: F768B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EE6CD000
Module End: EE6EE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7692000
Module End: F769B000
Hidden: No
Module Name: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: EE5CB000
Module End: EE62D000
Hidden: No
Module Name: \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
Service Name: eabfiltr
Module Base: F7A82000
Module End: F7A84000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: EE5AA000
Module End: EE5CB000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: F794A000
Module End: F794F000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: EE587000
Module End: EE5AA000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F7722000
Module End: F7732000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE56F000
Module End: EE587000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7AAC000
Module End: F7AAE000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F7245000
Module End: F7248000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F784A000
Module End: F784F000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7C23000
Module End: F7C24000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: F783A000
Module End: F7842000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Service Name: fssfltr
Module Base: F76A2000
Module End: F76AE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B8DD0000
Module End: B8DD4000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: B8C6A000
Module End: B8C80000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B89E6000
Module End: B8A12000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B897D000
Module End: B89BE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
Service Name: Ip6Fw
Module Base: F7902000
Module End: F790A000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Service Name: ---
Module Base: B891D000
Module End: B8955000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B88CB000
Module End: B891D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: B8B4E000
Module End: B8B51000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: B8C32000
Module End: B8C3C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B847E000
Module End: B8493000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B8513000
Module End: B8522000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: B84C7000
Module End: B84CB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B8220000
Module End: B8223000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: B8543000
Module End: B854C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F78D2000
Module End: F78D9000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B810C000
Module End: B810F000
Hidden: No
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: PC821326320297:27015
Remote Address: LOCALHOST:1041
Type: TCP
Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED
Local Address: PC821326320297:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING
Local Address: PC821326320297:12080
Remote Address: LOCALHOST:1534
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING
Local Address: PC821326320297:5152
Remote Address: LOCALHOST:1537
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT
Local Address: PC821326320297:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING
Local Address: PC821326320297:1537
Remote Address: LOCALHOST:5152
Type: TCP
Process: 2252 (PID)
State: FIN_WAIT2
Local Address: PC821326320297:WINS
Remote Address: LOCALHOST:12080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:1487
Remote Address: LOCALHOST:5152
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:1041
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED
Local Address: PC821326320297:1028
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: 81.56.105.66:1489
Remote Address: 209.85.227.113:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: 81.56.105.66:1484
Remote Address: 209.85.227.104:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: 81.56.105.66:1482
Remote Address: 74.125.77.104:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: PC821326320297:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: PC821326320297:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: PC821326320297:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: PC821326320297:1567
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: PC821326320297:1480
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA
Local Address: PC821326320297:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: PC821326320297:61844
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: PC821326320297:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: PC821326320297:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: PC821326320297:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: PC821326320297:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Bénédicte\Application Data\BitTorrent\Jacques Brel Inte´grale - La Boi^te A` Bonbons.torrent
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\nagarathinamcitra87@hotmail.com\DFSR\Staging\CS{4D8E2890-4E51-C486-F63F-AF82890AB325}\01\17-{4D8E2890-4E51-C486-F63F-AF82890AB
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\nagarathinamcitra87@hotmail.com\DFSR\Staging\CS{4D8E2890-4E51-C486-F63F-AF82890AB325}\18\15-{A3AD3FB9-9227-4702-8956-DAC2E8987
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\01\288-{80209185-E997-EFAD-C508-6C016AC76BA8}-v1-{A
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\57\290-{5176EDED-5965-4416-905A-F7E801B0773F}-v1557
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\58\292-{5176EDED-5965-4416-905A-F7E801B0773F}-v1558
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\59\294-{5176EDED-5965-4416-905A-F7E801B0773F}-v1559
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\60\296-{5176EDED-5965-4416-905A-F7E801B0773F}-v1560
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\61\298-{5176EDED-5965-4416-905A-F7E801B0773F}-v1561
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\62\300-{5176EDED-5965-4416-905A-F7E801B0773F}-v1562
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\63\302-{5176EDED-5965-4416-905A-F7E801B0773F}-v1563
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\64\304-{5176EDED-5965-4416-905A-F7E801B0773F}-v1564
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\65\306-{5176EDED-5965-4416-905A-F7E801B0773F}-v1565
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\66\308-{5176EDED-5965-4416-905A-F7E801B0773F}-v1566
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\67\310-{5176EDED-5965-4416-905A-F7E801B0773F}-v1567
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\68\312-{5176EDED-5965-4416-905A-F7E801B0773F}-v1568
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\69\314-{5176EDED-5965-4416-905A-F7E801B0773F}-v1569
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\70\316-{5176EDED-5965-4416-905A-F7E801B0773F}-v1570
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\71\318-{5176EDED-5965-4416-905A-F7E801B0773F}-v1571
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\72\320-{5176EDED-5965-4416-905A-F7E801B0773F}-v1572
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\73\322-{5176EDED-5965-4416-905A-F7E801B0773F}-v1573
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\74\324-{5176EDED-5965-4416-905A-F7E801B0773F}-v1574
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\75\326-{5176EDED-5965-4416-905A-F7E801B0773F}-v1575
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\76\328-{5176EDED-5965-4416-905A-F7E801B0773F}-v1576
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\77\330-{5176EDED-5965-4416-905A-F7E801B0773F}-v1577
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\78\332-{5176EDED-5965-4416-905A-F7E801B0773F}-v1578
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\79\334-{5176EDED-5965-4416-905A-F7E801B0773F}-v1579
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\80\336-{5176EDED-5965-4416-905A-F7E801B0773F}-v1580
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\81\338-{5176EDED-5965-4416-905A-F7E801B0773F}-v1581
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\82\340-{5176EDED-5965-4416-905A-F7E801B0773F}-v1582
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\83\342-{5176EDED-5965-4416-905A-F7E801B0773F}-v1583
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\84\344-{5176EDED-5965-4416-905A-F7E801B0773F}-v1584
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\85\346-{5176EDED-5965-4416-905A-F7E801B0773F}-v1585
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\86\348-{5176EDED-5965-4416-905A-F7E801B0773F}-v1586
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\87\350-{5176EDED-5965-4416-905A-F7E801B0773F}-v1587
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\88\352-{5176EDED-5965-4416-905A-F7E801B0773F}-v1588
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\89\354-{5176EDED-5965-4416-905A-F7E801B0773F}-v1589
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\90\356-{5176EDED-5965-4416-905A-F7E801B0773F}-v1590
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\91\358-{5176EDED-5965-4416-905A-F7E801B0773F}-v1591
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\92\360-{5176EDED-5965-4416-905A-F7E801B0773F}-v1592
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\00\1339-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\01\1340-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\01\397-{DFC80401-9441-DCE5-6159-6612E099B5DB}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\02\1341-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\03\1342-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\04\1343-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\05\1344-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\06\1345-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\07\1346-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\08\1347-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\09\1348-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\10\471-{A3AD3FB9-9227-4702-8956-DAC2E8987203}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\11\1349-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\12\1350-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\13\1351-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\14\1352-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\15\1353-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\16\1354-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\17\1355-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\18\1356-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\19\1357-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\20\1358-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\21\1359-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\22\1360-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\23\1361-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\24\1362-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\25\1363-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\26\1364-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\27\1365-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\28\1366-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\29\1367-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\30\1368-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\31\1369-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\32\1370-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\33\470-{A3AD3FB9-9227-4702-8956-DAC2E8987203}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\98\472-{A3AD3FB9-9227-4702-8956-DAC2E8987203}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\99\1338-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\volttt@msn.com\DFSR\Staging\CS{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}\01\10-{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}-v1-{A3AD3FB9
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\volttt@msn.com\DFSR\Staging\CS{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}\22\257-{578E4D18-8FE1-4837-83FC-D111BD9DD520}-v22-{A3AD3F
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\volttt@msn.com\DFSR\Staging\CS{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}\30\2030-{A3AD3FB9-9227-4702-8956-DAC2E8987203}-v2030-{A3A
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\youngking88@hotmail.com\DFSR\Staging\CS{AC9E1094-24D7-0EF6-A063-036713DD5124}\01\15-{AC9E1094-24D7-0EF6-A063-036713DD5124}-v1-
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\youngking88@hotmail.com\DFSR\Staging\CS{AC9E1094-24D7-0EF6-A063-036713DD5124}\16\2021-{A3AD3FB9-9227-4702-8956-DAC2E8987203}-v
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\youngking88@hotmail.com\DFSR\Staging\CS{AC9E1094-24D7-0EF6-A063-036713DD5124}\28\2022-{A3AD3FB9-9227-4702-8956-DAC2E8987203}-v
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Mes documents\Ma musique\Jacques Brel Inte´grale - La Boi^te A` Bonbons
Status: Hidden
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 680
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 760
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 788
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 840
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 852
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1008
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1108
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1168
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1220
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1332
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1396
Hidden: No
Window Visible: No
Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1632
Hidden: No
Window Visible: No
Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1648
Hidden: No
Window Visible: No
Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1708
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 360
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 460
Hidden: No
Window Visible: No
Name: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 492
Hidden: No
Window Visible: No
Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 504
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 592
Hidden: No
Window Visible: No
Name: C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PID: 668
Hidden: No
Window Visible: No
Name: C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
PID: 720
Hidden: No
Window Visible: No
Name: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PID: 756
Hidden: No
Window Visible: No
Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 1056
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1488
Hidden: No
Window Visible: No
Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PID: 1768
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 2372
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 2584
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 2596
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2632
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 2968
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
PID: 3056
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wscntfy.exe
PID: 3172
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\QuickPlay\QPService.exe
PID: 3792
Hidden: No
Window Visible: No
Name: C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PID: 3908
Hidden: No
Window Visible: No
Name: C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PID: 3964
Hidden: No
Window Visible: No
Name: C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PID: 3984
Hidden: No
Window Visible: No
Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 4044
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 4064
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
PID: 4076
Hidden: No
Window Visible: No
Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 1964
Hidden: No
Window Visible: No
Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 236
Hidden: No
Window Visible: No
Name: C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE
PID: 520
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ctfmon.exe
PID: 740
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 272
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 2688
Hidden: No
Window Visible: No
Name: C:\Program Files\OpenOffice.org 3\program\soffice.exe
PID: 3184
Hidden: No
Window Visible: No
Name: C:\Program Files\OpenOffice.org 3\program\soffice.bin
PID: 3248
Hidden: No
Window Visible: No
Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 2068
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 3216
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wuauclt.exe
PID: 216
Hidden: No
Window Visible: No
Name: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PID: 1532
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2160
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 2472
Hidden: No
Window Visible: No
Name: C:\Program Files\Windows Live\Toolbar\wltuser.exe
PID: 2796
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\Bénédicte\Bureau\SysProt.exe
PID: 2748
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Bénédicte\Bureau\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B8248000
Module End: B8253000
Hidden: No
Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CF280
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D0000
Module End: 806F0280
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A52000
Module End: F7A54000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7962000
Module End: F7965000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7422000
Module End: F7451000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7A54000
Module End: F7A56000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7411000
Module End: F7422000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7552000
Module End: F755B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F7562000
Module End: F7571000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7572000
Module End: F757F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7966000
Module End: F7969000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F796A000
Module End: F796E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B1A000
Module End: F7B1B000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F77D2000
Module End: F77D9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F7A56000
Module End: F7A58000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F7A58000
Module End: F7A5A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: F7A5A000
Module End: F7A5C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: F73F3000
Module End: F7411000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F7582000
Module End: F758D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F73D4000
Module End: F73F3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F796E000
Module End: F7971000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7B1B000
Module End: F7B1C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F77DA000
Module End: F77DF000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F7592000
Module End: F75A0000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73BC000
Module End: F73D4000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F75A2000
Module End: F75AB000
Hidden: No
Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F75B2000
Module End: F75BF000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F739C000
Module End: F73BC000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F738A000
Module End: F739C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: F75C2000
Module End: F75D1000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F77E2000
Module End: F77E7000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7373000
Module End: F738A000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F7360000
Module End: F7373000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72D3000
Module End: F7360000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F72A6000
Module End: F72D3000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\serial.sys
Service Name: Serial
Module Base: F7295000
Module End: F72A6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F727A000
Module End: F7295000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Klpid.sys
Service Name: Klpid
Module Base: F77EA000
Module End: F77F2000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Klpf.sys
Service Name: Klpf
Module Base: F77F2000
Module End: F77F9000
Hidden: No
Module Name: \WINDOWS\System32\drivers\TDI.SYS
Service Name: ---
Module Base: F77FA000
Module End: F77FF000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: F7732000
Module End: F7742000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F7A2A000
Module End: F7A2D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F6D5F000
Module End: F6EC0000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6D4B000
Module End: F6D5F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: F78E2000
Module End: F78E7000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6D28000
Module End: F6D4B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F78EA000
Module End: F78F1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7742000
Module End: F774D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F7752000
Module End: F775F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F7762000
Module End: F7771000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6D05000
Module End: F6D28000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F7772000
Module End: F777C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7782000
Module End: F7790000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F78F2000
Module End: F78F9000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F7A32000
Module End: F7A36000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Service Name: BCM43XX
Module Base: F6C9D000
Module End: F6D05000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Service Name: RTL8023xp
Module Base: F6C89000
Module End: F6C9D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\camc6hal.sys
Service Name: CAMCHALA
Module Base: F6C33000
Module End: F6C89000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\camc6aud.sys
Service Name: CAMCAUD
Module Base: F7792000
Module End: F779C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F6C0F000
Module End: F6C33000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F77A2000
Module End: F77B1000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
Service Name: HSFHWATI
Module Base: F6BD6000
Module End: F6C0F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F6AD9000
Module End: F6BD6000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F6A29000
Module End: F6AD9000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F78FA000
Module End: F7902000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7B9E000
Module End: F7B9F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F77B2000
Module End: F77BF000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A36000
Module End: F7A39000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6A12000
Module End: F6A29000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F77C2000
Module End: F77CD000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F75E2000
Module End: F75EE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F6A01000
Module End: F6A12000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F75F2000
Module End: F75FB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F790A000
Module End: F790F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7912000
Module End: F7917000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7602000
Module End: F760C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F791A000
Module End: F7920000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7A72000
Module End: F7A74000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F692D000
Module End: F6961000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7A46000
Module End: F7A4A000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7612000
Module End: F761C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7642000
Module End: F7651000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7A76000
Module End: F7A78000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7A7A000
Module End: F7A7C000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7C0A000
Module End: F7C0B000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7A7C000
Module End: F7A7E000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F792A000
Module End: F7930000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7A7E000
Module End: F7A80000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7A80000
Module End: F7A82000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7932000
Module End: F7937000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F793A000
Module End: F7942000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F79F6000
Module End: F79F9000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EE87D000
Module End: EE890000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EE825000
Module End: EE87D000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: F7652000
Module End: F765D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EE7FD000
Module End: EE825000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EE7DB000
Module End: EE7FD000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7662000
Module End: F766B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EE7B0000
Module End: EE7DB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EE741000
Module End: EE7B0000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\klif.sys
Service Name: Klif
Module Base: EE716000
Module End: EE741000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7682000
Module End: F768B000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EE6CD000
Module End: EE6EE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7692000
Module End: F769B000
Hidden: No
Module Name: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: EE5CB000
Module End: EE62D000
Hidden: No
Module Name: \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
Service Name: eabfiltr
Module Base: F7A82000
Module End: F7A84000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: EE5AA000
Module End: EE5CB000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: F794A000
Module End: F794F000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: EE587000
Module End: EE5AA000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F7722000
Module End: F7732000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EE56F000
Module End: EE587000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7AAC000
Module End: F7AAE000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F7245000
Module End: F7248000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F784A000
Module End: F784F000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7C23000
Module End: F7C24000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: F783A000
Module End: F7842000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Service Name: fssfltr
Module Base: F76A2000
Module End: F76AE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B8DD0000
Module End: B8DD4000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: B8C6A000
Module End: B8C80000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B89E6000
Module End: B8A12000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B897D000
Module End: B89BE000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
Service Name: Ip6Fw
Module Base: F7902000
Module End: F790A000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Service Name: ---
Module Base: B891D000
Module End: B8955000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B88CB000
Module End: B891D000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: B8B4E000
Module End: B8B51000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: B8C32000
Module End: B8C3C000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B847E000
Module End: B8493000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B8513000
Module End: B8522000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: B84C7000
Module End: B84CB000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B8220000
Module End: B8223000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: B8543000
Module End: B854C000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F78D2000
Module End: F78D9000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B810C000
Module End: B810F000
Hidden: No
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: PC821326320297:27015
Remote Address: LOCALHOST:1041
Type: TCP
Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED
Local Address: PC821326320297:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING
Local Address: PC821326320297:12080
Remote Address: LOCALHOST:1534
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING
Local Address: PC821326320297:5152
Remote Address: LOCALHOST:1537
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT
Local Address: PC821326320297:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING
Local Address: PC821326320297:1537
Remote Address: LOCALHOST:5152
Type: TCP
Process: 2252 (PID)
State: FIN_WAIT2
Local Address: PC821326320297:WINS
Remote Address: LOCALHOST:12080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:1487
Remote Address: LOCALHOST:5152
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:1041
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED
Local Address: PC821326320297:1028
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: 81.56.105.66:1489
Remote Address: 209.85.227.113:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: 81.56.105.66:1484
Remote Address: 209.85.227.104:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: 81.56.105.66:1482
Remote Address: 74.125.77.104:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PC821326320297:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: PC821326320297:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: PC821326320297:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: PC821326320297:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: PC821326320297:1567
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: PC821326320297:1480
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA
Local Address: PC821326320297:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: PC821326320297:61844
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: PC821326320297:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: PC821326320297:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: PC821326320297:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: PC821326320297:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Bénédicte\Application Data\BitTorrent\Jacques Brel Inte´grale - La Boi^te A` Bonbons.torrent
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\nagarathinamcitra87@hotmail.com\DFSR\Staging\CS{4D8E2890-4E51-C486-F63F-AF82890AB325}\01\17-{4D8E2890-4E51-C486-F63F-AF82890AB
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\nagarathinamcitra87@hotmail.com\DFSR\Staging\CS{4D8E2890-4E51-C486-F63F-AF82890AB325}\18\15-{A3AD3FB9-9227-4702-8956-DAC2E8987
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\01\288-{80209185-E997-EFAD-C508-6C016AC76BA8}-v1-{A
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\57\290-{5176EDED-5965-4416-905A-F7E801B0773F}-v1557
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\58\292-{5176EDED-5965-4416-905A-F7E801B0773F}-v1558
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\59\294-{5176EDED-5965-4416-905A-F7E801B0773F}-v1559
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\60\296-{5176EDED-5965-4416-905A-F7E801B0773F}-v1560
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\61\298-{5176EDED-5965-4416-905A-F7E801B0773F}-v1561
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\62\300-{5176EDED-5965-4416-905A-F7E801B0773F}-v1562
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\63\302-{5176EDED-5965-4416-905A-F7E801B0773F}-v1563
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\64\304-{5176EDED-5965-4416-905A-F7E801B0773F}-v1564
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\65\306-{5176EDED-5965-4416-905A-F7E801B0773F}-v1565
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\66\308-{5176EDED-5965-4416-905A-F7E801B0773F}-v1566
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\67\310-{5176EDED-5965-4416-905A-F7E801B0773F}-v1567
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\68\312-{5176EDED-5965-4416-905A-F7E801B0773F}-v1568
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\69\314-{5176EDED-5965-4416-905A-F7E801B0773F}-v1569
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\70\316-{5176EDED-5965-4416-905A-F7E801B0773F}-v1570
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\71\318-{5176EDED-5965-4416-905A-F7E801B0773F}-v1571
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\72\320-{5176EDED-5965-4416-905A-F7E801B0773F}-v1572
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\73\322-{5176EDED-5965-4416-905A-F7E801B0773F}-v1573
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\74\324-{5176EDED-5965-4416-905A-F7E801B0773F}-v1574
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\75\326-{5176EDED-5965-4416-905A-F7E801B0773F}-v1575
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\76\328-{5176EDED-5965-4416-905A-F7E801B0773F}-v1576
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\77\330-{5176EDED-5965-4416-905A-F7E801B0773F}-v1577
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\78\332-{5176EDED-5965-4416-905A-F7E801B0773F}-v1578
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\79\334-{5176EDED-5965-4416-905A-F7E801B0773F}-v1579
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\80\336-{5176EDED-5965-4416-905A-F7E801B0773F}-v1580
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\81\338-{5176EDED-5965-4416-905A-F7E801B0773F}-v1581
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\82\340-{5176EDED-5965-4416-905A-F7E801B0773F}-v1582
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\83\342-{5176EDED-5965-4416-905A-F7E801B0773F}-v1583
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\84\344-{5176EDED-5965-4416-905A-F7E801B0773F}-v1584
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\85\346-{5176EDED-5965-4416-905A-F7E801B0773F}-v1585
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\86\348-{5176EDED-5965-4416-905A-F7E801B0773F}-v1586
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\87\350-{5176EDED-5965-4416-905A-F7E801B0773F}-v1587
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\88\352-{5176EDED-5965-4416-905A-F7E801B0773F}-v1588
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\89\354-{5176EDED-5965-4416-905A-F7E801B0773F}-v1589
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\90\356-{5176EDED-5965-4416-905A-F7E801B0773F}-v1590
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\91\358-{5176EDED-5965-4416-905A-F7E801B0773F}-v1591
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\poockie2@hotmail.com\DFSR\Staging\CS{80209185-E997-EFAD-C508-6C016AC76BA8}\92\360-{5176EDED-5965-4416-905A-F7E801B0773F}-v1592
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\00\1339-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\01\1340-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\01\397-{DFC80401-9441-DCE5-6159-6612E099B5DB}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\02\1341-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\03\1342-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\04\1343-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\05\1344-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\06\1345-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\07\1346-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\08\1347-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\09\1348-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\10\471-{A3AD3FB9-9227-4702-8956-DAC2E8987203}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\11\1349-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\12\1350-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\13\1351-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\14\1352-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\15\1353-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\16\1354-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\17\1355-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\18\1356-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\19\1357-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\20\1358-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\21\1359-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\22\1360-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\23\1361-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\24\1362-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\25\1363-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\26\1364-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\27\1365-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\28\1366-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\29\1367-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\30\1368-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\31\1369-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\32\1370-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\33\470-{A3AD3FB9-9227-4702-8956-DAC2E8987203}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\98\472-{A3AD3FB9-9227-4702-8956-DAC2E8987203}
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\reda_boukakiou@hotmail.com\DFSR\Staging\CS{DFC80401-9441-DCE5-6159-6612E099B5DB}\99\1338-{A3AD3FB9-9227-4702-8956-DAC2E8987203
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\volttt@msn.com\DFSR\Staging\CS{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}\01\10-{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}-v1-{A3AD3FB9
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\volttt@msn.com\DFSR\Staging\CS{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}\22\257-{578E4D18-8FE1-4837-83FC-D111BD9DD520}-v22-{A3AD3F
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\volttt@msn.com\DFSR\Staging\CS{C773EFF5-CC74-C4BF-F398-C9068F4A01DC}\30\2030-{A3AD3FB9-9227-4702-8956-DAC2E8987203}-v2030-{A3A
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\youngking88@hotmail.com\DFSR\Staging\CS{AC9E1094-24D7-0EF6-A063-036713DD5124}\01\15-{AC9E1094-24D7-0EF6-A063-036713DD5124}-v1-
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\youngking88@hotmail.com\DFSR\Staging\CS{AC9E1094-24D7-0EF6-A063-036713DD5124}\16\2021-{A3AD3FB9-9227-4702-8956-DAC2E8987203}-v
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Local Settings\Application Data\Microsoft\Messenger\benedictemay@hotmail.com\SharingMetadata\youngking88@hotmail.com\DFSR\Staging\CS{AC9E1094-24D7-0EF6-A063-036713DD5124}\28\2022-{A3AD3FB9-9227-4702-8956-DAC2E8987203}-v
Status: Hidden
Object: C:\Documents and Settings\Bénédicte\Mes documents\Ma musique\Jacques Brel Inte´grale - La Boi^te A` Bonbons
Status: Hidden
Bon ...
Essai avec ça
/!\ Attention /!\
|=> Script écrit spécialement pour cet ordinateur , toute autre transportation pourrait endommager sévèrement votre système <=|
▶ Copie le texte ci-dessous :
File::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
C:\Windows\system32\geyekr*.dll
C:\Windows\system32\drivers\geyekr*.dll
C:\Windows\system32\drivers\geyekr*.sys
C:\Windows\System32\geyekr*.dat
C:\Windows\temp\geyekr*.tmp
Driver::
geyekr*.sys
geyekrakuuuvqf
geyekr.sys
Rootkit::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
C:\Windows\system32\drivers\geyekr*.dll
C:\Windows\system32\drivers\geyekr*.sys
C:\Windows\system32\geyekr*.dll
C:\Windows\System32\geyekr*.dat
C:\Windows\temp\geyekr*.tmp
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt sur ton bureau.
Redémarre en mode sans échec
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé.
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
Essai avec ça
/!\ Attention /!\
|=> Script écrit spécialement pour cet ordinateur , toute autre transportation pourrait endommager sévèrement votre système <=|
▶ Copie le texte ci-dessous :
File::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
C:\Windows\system32\geyekr*.dll
C:\Windows\system32\drivers\geyekr*.dll
C:\Windows\system32\drivers\geyekr*.sys
C:\Windows\System32\geyekr*.dat
C:\Windows\temp\geyekr*.tmp
Driver::
geyekr*.sys
geyekrakuuuvqf
geyekr.sys
Rootkit::
c:\windows\system32\drivers\geyekrakuuuvqf.sys
C:\Windows\system32\drivers\geyekr*.dll
C:\Windows\system32\drivers\geyekr*.sys
C:\Windows\system32\geyekr*.dll
C:\Windows\System32\geyekr*.dat
C:\Windows\temp\geyekr*.tmp
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt sur ton bureau.
Redémarre en mode sans échec
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé.
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
ComboFix 09-07-14.08 - Administrateur 22/07/2009 23:21.9.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.702 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Moi.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\drivers\geyekrakuuuvqf.sys"
.
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 21:16 . 2009-07-22 21:16 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2009-07-22 21:15 . 2009-07-22 21:15 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-07-22 21:13 . 2006-04-13 07:20 42128 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-22 21:13 . 2006-04-13 06:29 135 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2009-07-18 10:35 . 2009-07-18 10:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 11:20 . 2009-07-16 11:24 -------- d-s---w- C:\Combofix
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 09:32 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-22 09:32 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-16_11.36.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-16 07:39 . 2009-07-16 07:39 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2009-07-22 21:42 . 2009-07-22 21:42 16384 c:\windows\temp\Perflib_Perfdata_6a4.dat
+ 2009-07-22 21:42 . 2009-07-22 21:42 16384 c:\windows\temp\Perflib_Perfdata_144.dat
+ 2004-08-17 09:31 . 2009-07-22 09:32 63664 c:\windows\system32\perfc009.dat
- 2004-08-17 09:31 . 2009-07-14 21:07 63664 c:\windows\system32\perfc009.dat
+ 2004-08-17 09:31 . 2009-07-22 09:32 403054 c:\windows\system32\perfh009.dat
- 2004-08-17 09:31 . 2009-07-14 21:07 403054 c:\windows\system32\perfh009.dat
- 2009-07-13 09:23 . 2009-07-16 11:14 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-13 09:23 . 2009-07-22 21:47 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 23:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1424)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-07-22 23:53 - machine was rebooted [Bénédicte]
ComboFix-quarantined-files.txt 2009-07-22 21:53
ComboFix2.txt 2009-07-16 18:50
ComboFix3.txt 2009-07-16 11:42
Pre-Run: 51 759 800 320 octets libres
Post-Run: 50 791 194 624 octets libres
315 --- E O F --- 2009-07-15 23:15
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.702 [GMT 2:00]
Running from: c:\documents and settings\Bénédicte\Bureau\Moi.exe
Command switches used :: c:\documents and settings\Bénédicte\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Anti-Hacker *disabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\drivers\geyekrakuuuvqf.sys"
.
((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-22 21:16 . 2009-07-22 21:16 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
2009-07-22 21:15 . 2009-07-22 21:15 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-07-22 21:13 . 2006-04-13 07:20 42128 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-22 21:13 . 2006-04-13 06:29 135 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2009-07-18 10:35 . 2009-07-18 10:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-16 11:20 . 2009-07-16 11:24 -------- d-s---w- C:\Combofix
2009-07-14 20:17 . 2009-07-14 21:09 -------- d-----w- C:\FindyKill
2009-07-14 19:10 . 2009-07-14 19:56 -------- d-----w- C:\Lop SD
2009-07-14 18:46 . 2009-07-14 21:22 -------- d-----w- c:\program files\trend micro
2009-07-14 18:46 . 2009-07-14 18:46 -------- d-----w- C:\rsit
2009-07-14 16:12 . 2009-07-14 16:12 68608 ----a-w- c:\windows\system32\drivers\geyekrakuuuvqf.sys
2009-07-14 15:59 . 2009-07-14 16:07 10142 ----a-w- c:\documents and settings\All Users\Application Data\DVD X Studios\DVD X Player 4.1 Professional\DVDXPlayer.dll
2009-07-14 15:59 . 2009-07-14 15:59 14 ----a-w- c:\windows\system32\SystemInfo32.sys
2009-07-14 15:59 . 2009-07-14 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD X Studios
2009-07-14 14:16 . 2009-07-14 14:19 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-13 16:48 . 2009-07-13 14:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-13 14:05 . 2009-07-13 14:05 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-13 14:05 . 2009-07-13 14:05 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-13 14:05 . 2009-07-13 14:05 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-13 13:51 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-13 13:51 . 2009-07-13 13:51 -------- d-----w- c:\program files\Lavasoft
2009-07-13 13:35 . 2009-07-13 13:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-13 13:30 . 2009-07-13 13:30 34543112 ----a-w- c:\program files\Ad-AwareAE.exe
2009-07-13 09:23 . 2009-07-13 09:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 07:44 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 07:43 . 2009-07-13 07:45 -------- d-----w- c:\windows\ie8updates
2009-07-13 07:38 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 07:38 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 07:28 . 2009-07-13 07:38 -------- dc-h--w- c:\windows\ie8
2009-07-12 20:15 . 2009-07-12 20:16 8171320 ----a-w- c:\program files\Firefox Setup 3.5.exe
2009-07-12 19:00 . 2009-07-12 19:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-12 18:59 . 2009-07-12 19:00 -------- d-----w- c:\program files\MSECACHE
2009-07-12 18:57 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-12 18:57 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-12 18:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-12 18:56 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-12 18:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-12 18:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-12 18:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-12 18:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-12 18:56 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-12 18:04 . 2009-07-12 18:04 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-04 07:54 . 2009-07-04 07:54 -------- d-----w- c:\program files\iPod
2009-07-04 07:41 . 2009-07-04 07:44 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-06-27 11:58 . 2009-06-27 12:10 -------- d-----w- c:\program files\Anuman Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 09:32 . 2004-08-17 09:31 76922 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-22 09:32 . 2004-08-17 09:31 470610 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-13 13:33 . 2008-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 20:03 . 2006-12-26 11:30 -------- d-----w- c:\program files\Musicmatch
2009-07-12 19:41 . 2006-12-24 19:12 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
2009-07-12 17:47 . 2006-08-23 16:22 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 14:33 . 2006-04-13 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 14:28 . 2008-04-18 07:15 -------- d-----w- c:\program files\MRIcro
2009-07-12 14:23 . 2006-04-13 06:33 -------- d-----w- c:\program files\Java
2009-07-12 13:51 . 2006-08-20 12:09 -------- d-----w- c:\program files\Microsoft Games
2009-07-04 07:55 . 2007-08-18 10:36 -------- d-----w- c:\program files\iTunes
2009-07-04 07:54 . 2007-08-18 10:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-04 07:52 . 2007-08-18 10:27 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:49 . 2007-08-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 07:16 . 2006-08-19 20:17 113561 ----a-w- c:\windows\hpoins07.dat
2009-07-01 15:49 . 2006-10-01 08:11 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 09:42 . 2009-04-04 09:30 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-11-22 12:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-18 14:04 . 2009-04-18 14:04 6025212 ----a-w- c:\program files\FreeVideoToiPhoneConverter.exe
2009-04-18 13:56 . 2009-04-18 13:56 5548636 ----a-w- c:\program files\m-iphone-video-converter-for-win.exe
2009-04-07 06:57 . 2009-04-07 06:56 143875176 ----a-w- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_fr.exe
2009-03-26 15:31 . 2009-03-26 15:31 3342809 ----a-w- c:\program files\eMule0.49c-Installer.exe
2009-03-26 15:30 . 2009-03-26 15:30 2633070 ----a-w- c:\program files\emule049b.exe
2009-02-13 13:43 . 2009-02-13 13:43 4454099 ----a-w- c:\program files\techlogg.com-toneshop-build21-i386-win32.exe
2008-11-29 08:09 . 2008-11-29 08:09 6904036 ----a-w- c:\program files\nvu-1.0-win32-installer-full.exe
2008-07-13 11:17 . 2008-07-13 11:13 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-07-10 09:18 . 2008-07-10 09:18 874856 ----a-w- c:\program files\BitTorrent-6.0.3.exe
2008-06-22 12:43 . 2008-06-22 12:43 19096706 ----a-w- c:\program files\izispot.exe
2008-06-21 10:51 . 2008-06-21 10:49 7599856 ----a-w- c:\program files\Firefox Setup 3.0.exe
2008-04-18 07:13 . 2008-04-18 07:13 6343320 ----a-w- c:\program files\mrizip.zip
2008-02-11 07:15 . 2008-02-11 07:15 19858624 ----a-w- c:\program files\setupfre.exe
2007-08-21 16:22 . 2007-08-21 16:22 6652812 ----a-w- c:\program files\sld.codec.pack.2.2.exe
2007-08-18 17:41 . 2007-08-18 17:41 18272684 ----a-w- c:\program files\FTB614.exe
2007-07-04 18:46 . 2007-07-04 18:46 22186192 ----a-w- c:\program files\DivXInstaller.exe
2007-07-02 19:38 . 2007-07-02 19:38 370328 ----a-w- c:\program files\jre-6u1-windows-i586-p-iftw.exe
2007-02-15 14:34 . 2008-02-27 20:56 6418 ----a-w- c:\program files\readme.txt
2007-02-15 01:23 . 2008-02-27 20:56 10984 ----a-w- c:\program files\changelog.txt
2006-10-01 08:09 . 2006-10-01 08:09 207529840 ----a-w- c:\program files\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2009-06-24 15:27 . 2008-06-22 11:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-16_11.36.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-16 07:39 . 2009-07-16 07:39 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
+ 2009-07-22 21:42 . 2009-07-22 21:42 16384 c:\windows\temp\Perflib_Perfdata_6a4.dat
+ 2009-07-22 21:42 . 2009-07-22 21:42 16384 c:\windows\temp\Perflib_Perfdata_144.dat
+ 2004-08-17 09:31 . 2009-07-22 09:32 63664 c:\windows\system32\perfc009.dat
- 2004-08-17 09:31 . 2009-07-14 21:07 63664 c:\windows\system32\perfc009.dat
+ 2004-08-17 09:31 . 2009-07-22 09:32 403054 c:\windows\system32\perfh009.dat
- 2004-08-17 09:31 . 2009-07-14 21:07 403054 c:\windows\system32\perfh009.dat
- 2009-07-13 09:23 . 2009-07-16 11:14 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-07-13 09:23 . 2009-07-22 21:47 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-13 520024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\documents and settings\B‚n‚dicte\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [2004-8-17 84]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Klpf;Klpf;c:\windows\system32\drivers\Klpf.sys [04/08/2005 17:19 25139]
R0 Klpid;Klpid;c:\windows\system32\drivers\Klpid.sys [04/08/2005 17:19 31862]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/07/2009 16:06 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 20:56 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 20:56 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 10:15 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:06]
2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-09-03 c:\windows\Tasks\WebReg psc 1400 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/fr/extension-garantie/iconlanding
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 23:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1424)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-07-22 23:53 - machine was rebooted [Bénédicte]
ComboFix-quarantined-files.txt 2009-07-22 21:53
ComboFix2.txt 2009-07-16 18:50
ComboFix3.txt 2009-07-16 11:42
Pre-Run: 51 759 800 320 octets libres
Post-Run: 50 791 194 624 octets libres
315 --- E O F --- 2009-07-15 23:15
