PC INFECTE PAR VIRUS TRES LENT
PHK30
-
noctambule28 -
noctambule28 -
Bonjour, MON PC EST INFECTE JE PENSE TRES LENT SOUS INTERNET EXPLORER BITDEFENDER NE VEUT PAS SE LANCER, DANS LA PAGE DE CHARGEMENT De BITDEFENDER TOURNE EN BOUCLE EN ATTENTE DE LA FENETRE ANALYSE je suis aller sur le forum et j'ai appliquer tout les reglage rien ne fait merci a bientot
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:15, on 09/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Chris\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\logon.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
F:\ccm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Chris\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\credssp32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9abf7f7465800) (gupdate1c9abf7f7465800) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:15, on 09/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Chris\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\logon.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
F:\ccm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Chris\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\credssp32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9abf7f7465800) (gupdate1c9abf7f7465800) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- PC INFECTE PAR VIRUS TRES LENT
- Pc tres lent - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
27 réponses
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ComboFix 09-08-10.01 - Galdeano 10/08/2009 22:32.1.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1830 [GMT 2:00]
Running from: c:\users\Galdeano\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
?
c:\$recycle.bin\S-1-5-21-1424694559-391544997-3858417649-500
c:\$recycle.bin\S-1-5-21-3518471247-657319657-3530783759-500
.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-10 20:43 . 2009-08-10 20:43 -------- d-----w- c:\users\Galdeano\AppData\Local\temp
2009-08-10 20:29 . 2009-08-10 20:28 318976 ----a-w- c:\windows\system32\CF19598.exe
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\programdata\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 19:12 . 2009-08-10 19:20 -------- d-----w- C:\Lop SD
2009-08-10 09:29 . 2009-08-10 09:28 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-10 09:29 . 2009-08-10 09:28 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-10 09:29 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-10 09:29 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-10 09:29 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-10 09:29 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-10 09:29 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-10 09:26 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 09:26 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\programdata\Avira
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\program files\Avira
2009-08-10 09:04 . 2009-08-10 09:04 23 --sha-w- c:\windows\system32\edacded0.dat
2009-08-09 23:56 . 2009-08-10 14:08 266012242 ----a-w- C:\Sauv.reg
2009-08-09 19:47 . 2009-08-09 19:47 -------- d-----w- C:\UAC
2009-08-09 19:42 . 2009-08-10 14:08 -------- d-----w- c:\program files\Trend Micro
2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\program files\CCleaner
2009-08-03 17:15 . 2009-08-03 17:15 4096 ----a-w- c:\windows\d3dx.dat
2009-08-03 17:15 . 2009-08-03 17:39 -------- d-----w- c:\programdata\airportmania
2009-08-03 17:15 . 2009-08-03 17:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Zylom
2009-08-03 17:12 . 2009-08-03 17:12 -------- d-----w- c:\programdata\Zylom
2009-08-03 17:12 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-08-03 17:12 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-08-03 17:12 . 2009-08-03 19:24 -------- d-----w- c:\program files\Zylom Games
2009-07-24 14:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-24 14:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-24 14:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-24 14:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-24 14:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-24 14:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-24 14:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-24 14:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-24 14:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-24 14:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-23 22:50 . 2008-06-05 16:18 5737 ----a-w- c:\users\Galdeano\AppData\Local\gnc.exe
2009-07-23 22:20 . 2009-07-23 22:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 22:11 . 2009-08-09 15:52 521 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-07-23 20:55 . 2009-08-10 15:28 -------- d-----w- c:\windows\BDOSCAN8
2009-07-23 18:53 . 2009-07-23 18:53 -------- d-----w- c:\program files\Conduit
2009-07-23 18:53 . 2009-07-23 18:54 -------- d-----w- c:\program files\Softonic_France_FF
2009-07-23 18:53 . 2009-07-16 12:05 52224 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\FFExternalAlert.dll
2009-07-23 18:53 . 2009-07-16 12:05 114688 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\npmozax.dll
2009-07-23 18:50 . 2009-07-23 18:50 -------- d-----w- c:\users\Chris\AppData\Roaming\Desktopicon
2009-07-23 18:49 . 2009-07-23 18:49 -------- d-----w- c:\program files\FreeTime
2009-07-23 15:32 . 2009-07-23 15:39 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2009-07-22 20:06 . 2009-07-22 20:06 -------- d-----w- c:\program files\CleanUp!
2009-07-20 22:47 . 2009-07-20 22:47 -------- d-----w- c:\program files\Datel
2009-07-19 15:22 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-19 15:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-19 15:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-19 15:21 . 2009-07-19 15:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-19 15:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-19 15:21 . 2009-07-22 19:03 -------- d-----w- c:\program files\Spyware Doctor
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Tools
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\programdata\PC Tools
2009-07-18 17:19 . 2009-07-18 17:19 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
2009-07-18 17:09 . 2009-07-18 17:09 -------- d-----w- c:\users\Chris\AppData\Roaming\WildTangent
2009-07-18 16:20 . 2009-07-18 16:20 1372 ----a-w- c:\windows\system32\sulXSVQZyccBbxu.vbs
2009-07-18 16:19 . 2009-07-18 16:19 1372 ----a-w- c:\windows\system32\c7SbYJf5ntITkmG.vbs
2009-07-16 22:06 . 2009-07-16 22:06 1372 ----a-w- c:\windows\system32\ZgNYNSPsBPgWW.vbs
2009-07-15 16:48 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:48 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:48 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:48 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:09 . 2009-07-15 11:09 1372 ----a-w- c:\windows\system32\DJ2IxfI.vbs
2009-07-12 13:35 . 2009-07-12 13:58 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:24 . 2008-08-07 08:02 71324 ----a-w- c:\programdata\nvModes.dat
2009-08-10 18:54 . 2009-03-23 20:42 -------- d-----w- c:\programdata\Google Updater
2009-08-10 16:39 . 2008-12-07 14:43 75200 ----a-w- c:\users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 11:29 . 2009-06-18 09:59 -------- d-----w- c:\program files\Circle Developeent
2009-08-10 08:52 . 2008-05-26 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 08:50 . 2008-05-26 08:05 -------- d-----w- c:\programdata\Symantec
2009-08-10 01:03 . 2009-06-18 10:00 -------- d-----w- c:\programdata\mealblahooze
2009-08-09 19:36 . 2009-07-07 17:12 -------- d-----w- c:\users\Chris\AppData\Roaming\Azureus
2009-08-09 18:56 . 2009-03-15 10:24 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-08-09 18:24 . 2008-05-26 17:35 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 18:24 . 2008-05-26 17:35 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-02 19:35 . 2009-06-30 17:14 -------- d-----w- c:\program files\Vuze
2009-07-31 22:28 . 2009-05-03 16:17 -------- d-----w- c:\program files\Youtube Downloader HD
2009-07-31 01:08 . 2009-02-19 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:03 . 2009-02-09 12:38 75664 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-24 14:26 . 2008-05-26 09:28 -------- d-----w- c:\programdata\Microsoft Help
2009-07-23 22:19 . 2008-05-26 09:57 -------- d-----w- c:\program files\Java
2009-07-22 20:08 . 2009-02-09 14:28 -------- d-----w- c:\users\Galdeano\AppData\Roaming\LimeWire
2009-07-22 20:08 . 2009-06-30 17:14 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Azureus
2009-07-21 21:52 . 2009-07-30 22:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 22:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 22:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 22:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 10:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 18:21 . 2009-06-18 09:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 11:16 . 2009-06-14 18:06 680 ----a-w- c:\users\Galdeano\AppData\Local\d3d9caps.dat
2009-07-09 20:30 . 2009-07-09 20:30 1878984 ----a-w- c:\users\Galdeano\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-01 10:22 . 2009-03-22 15:53 -------- d-----w- c:\programdata\CanonIJPLM
2009-07-01 10:16 . 2009-04-11 13:17 -------- d-----w- c:\program files\Safari
2009-07-01 10:11 . 2009-07-01 10:10 -------- d-----w- c:\program files\iTunes
2009-07-01 10:10 . 2009-07-01 10:10 -------- d-----w- c:\program files\iPod
2009-07-01 10:10 . 2009-03-03 16:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-01 10:07 . 2009-07-01 10:06 -------- d-----w- c:\program files\QuickTime
2009-07-01 09:56 . 2009-07-01 09:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-30 17:15 . 2009-06-30 17:15 -------- d-----w- c:\programdata\Azureus
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-18 09:56 . 2009-06-18 09:56 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 13:04 . 2009-06-16 13:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-15 08:30 . 2009-06-15 08:30 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA78E.tmp.exe
2009-06-12 01:09 . 2008-05-26 09:05 -------- d-----w- c:\program files\Microsoft Works
2009-03-31 20:47 . 2009-06-18 09:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-23 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Galdeano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Galdeano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{63FC0E32-44A3-4668-9819-DA27EB62692A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1E6979A3-3BDF-4DD7-B94B-EC7DE0004C4A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{759D2343-1D58-47DE-ADB8-46C43FA825E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31BF0BE5-F768-4AD3-818A-204C2F878DC1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F7EDD56-E6C2-4F9D-9CC7-445678D6E318}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3351A1A5-4720-42F5-A517-A6597EEABCB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1C200367-AC15-4425-8497-434A015A20C8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19D1BD83-6606-4155-89BE-3F430C5DF4A9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0CFE5DE5-8944-48DF-84E9-813D448CBDE7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F3D8FB44-2BCA-4B29-B88F-8040E5F0520B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7DA5AC63-2CF2-4F26-AC8E-18D38077CAF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB36B454-B273-4206-AD5A-F6A093FFBA78}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{212856A8-99EF-4DE3-A7F2-610CC590D9D5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9CC6250B-416D-490B-B15C-30835FF153F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B06DA3C-A5E2-4EEA-B542-1BB8DA8AF7F6}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{9A3DFADF-ED25-4DFB-A142-5C597C6DC36A}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{8A013790-CE75-4360-AB83-8E300BA8FD33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AB8E3F88-8B7F-4D59-84AB-DB67CFA6DF50}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/07/2009 17:21 130936]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2009 11:26 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/05/2008 11:52 361808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 14:39 42528]
S2 gupdate1c9abf7f7465800;Service Google Update (gupdate1c9abf7f7465800);c:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 22:42 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/05/2008 10:32 193840]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20/02/2009 01:30 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/07/2009 17:21 348752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:41]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Galdeano\AppData\Roaming\Mozilla\Firefox\Profiles\eymq5rs6.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Galdeano\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 22:43
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]
@DACL=(02 0000)
"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]
@DACL=(02 0000)
"FLAG"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]
@DACL=(02 0000)
"EnableKmixer"=hex:01,00,00,00
"KMixerDataInitialDelay"=hex:0d,00,00,00
"KMixerSpkpInitialDelay"=hex:0c,00,00,00
"MaxSampleValue"=hex:e8,03,00,00
"UnMuteTimerDuration"=hex:d0,07,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]
@DACL=(02 0000)
"1"="at+vcid=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]
@DACL=(02 0000)
"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,
77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05
"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,
00,00
"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,
2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\
"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,
00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\
"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\
"FLAGS"=hex:02,07,00,08,08,00,00,00
"SPKR_MUTE_DELAY"=hex:2c,01
"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00
"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00
"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00
"PROPERTIES"=hex:ff,ff,ff,ff
"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"CSA_FLAGS"=hex:00,00,00,00
"DAAType"=hex:01
"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,
00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\
"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\
"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\
"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,
00,08,00,00,00,04,00,00,00,00,00,00,00
"HwData"=hex:00,10,00,30,01,80,10,00
"DLG_PARAMS"=hex:01,00,00,00,00
"HANDSET_PARAMS"=hex:00,00,ff,ff,ff
"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff
"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00
"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00
"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00
"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00
"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a
"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,
00,00,30,75,b8,0b
"JCID_RING"=hex:32,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]
@DACL=(02 0000)
"Current"=hex:ff,00
"Previous"=hex:ff,00
"COPY_CTY"=hex:00,00,00,00
"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,
ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]
@DACL=(02 0000)
"Type"=hex:00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=";"
"SpeakerVolume_Low"="L1"
"SpeakerVolume_Med"="L2"
"SpeakerVolume_High"="L3"
"SpeakerMode_Off"="M0"
"SpeakerMode_Dial"="M1"
"SpeakerMode_On"="M2"
"SpeakerMode_Setup"="M3"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Soft"="+IFC=1,1;"
"Pulse"="P"
"Tone"="T"
"Blind_Off"="X4"
"Blind_On"="X3"
"CallSetupFailTimer"="S7=<#>"
"ErrorControl_On"="+ES=3,0,2;"
"ErrorControl_Off"="+ES=1,0,1;"
"ErrorControl_Forced"="+ES=3,2,4;"
"Compression_On"="+DS=3;+DS44=3;"
"Compression_Off"="+DS=0;+DS44=0;"
"InactivityTimeout"="S30=<#>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]
@DACL=(02 0000)
"QC_CONF"=hex:01,01,01,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&F<cr>"
"3"="ATV1E0S0=0&D2&C1<cr>"
"4"="AT+CMEE=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Soft"="+IFC=1,1;"
"CompatibilityFlags"=hex:01,00,00,00
"CallSetupFailTimer"="S7=<#>"
"DialPrefix"="D"
"DialSuffix"=";"
"Prefix"="AT"
"Terminator"="<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Hangup]
@DACL=(02 0000)
"1"="ATHE1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="ATE0V1&D2&C1S0=0<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=""
"Pulse"="P"
"Tone"="T"
"CallSetupFailTimer"="S7=<#>"
.
Completion time: 2009-08-10 22:46
ComboFix-quarantined-files.txt 2009-08-10 20:46
Pre-Run: 78 497 067 008 octets libres
Post-Run: 78 473 232 384 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
502 --- E O F --- 2009-08-07 13:27
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1830 [GMT 2:00]
Running from: c:\users\Galdeano\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
?
c:\$recycle.bin\S-1-5-21-1424694559-391544997-3858417649-500
c:\$recycle.bin\S-1-5-21-3518471247-657319657-3530783759-500
.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-10 20:43 . 2009-08-10 20:43 -------- d-----w- c:\users\Galdeano\AppData\Local\temp
2009-08-10 20:29 . 2009-08-10 20:28 318976 ----a-w- c:\windows\system32\CF19598.exe
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\programdata\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 19:12 . 2009-08-10 19:20 -------- d-----w- C:\Lop SD
2009-08-10 09:29 . 2009-08-10 09:28 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-10 09:29 . 2009-08-10 09:28 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-10 09:29 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-10 09:29 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-10 09:29 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-10 09:29 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-10 09:29 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-10 09:26 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 09:26 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\programdata\Avira
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\program files\Avira
2009-08-10 09:04 . 2009-08-10 09:04 23 --sha-w- c:\windows\system32\edacded0.dat
2009-08-09 23:56 . 2009-08-10 14:08 266012242 ----a-w- C:\Sauv.reg
2009-08-09 19:47 . 2009-08-09 19:47 -------- d-----w- C:\UAC
2009-08-09 19:42 . 2009-08-10 14:08 -------- d-----w- c:\program files\Trend Micro
2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\program files\CCleaner
2009-08-03 17:15 . 2009-08-03 17:15 4096 ----a-w- c:\windows\d3dx.dat
2009-08-03 17:15 . 2009-08-03 17:39 -------- d-----w- c:\programdata\airportmania
2009-08-03 17:15 . 2009-08-03 17:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Zylom
2009-08-03 17:12 . 2009-08-03 17:12 -------- d-----w- c:\programdata\Zylom
2009-08-03 17:12 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-08-03 17:12 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-08-03 17:12 . 2009-08-03 19:24 -------- d-----w- c:\program files\Zylom Games
2009-07-24 14:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-24 14:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-24 14:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-24 14:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-24 14:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-24 14:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-24 14:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-24 14:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-24 14:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-24 14:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-23 22:50 . 2008-06-05 16:18 5737 ----a-w- c:\users\Galdeano\AppData\Local\gnc.exe
2009-07-23 22:20 . 2009-07-23 22:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 22:11 . 2009-08-09 15:52 521 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-07-23 20:55 . 2009-08-10 15:28 -------- d-----w- c:\windows\BDOSCAN8
2009-07-23 18:53 . 2009-07-23 18:53 -------- d-----w- c:\program files\Conduit
2009-07-23 18:53 . 2009-07-23 18:54 -------- d-----w- c:\program files\Softonic_France_FF
2009-07-23 18:53 . 2009-07-16 12:05 52224 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\FFExternalAlert.dll
2009-07-23 18:53 . 2009-07-16 12:05 114688 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\npmozax.dll
2009-07-23 18:50 . 2009-07-23 18:50 -------- d-----w- c:\users\Chris\AppData\Roaming\Desktopicon
2009-07-23 18:49 . 2009-07-23 18:49 -------- d-----w- c:\program files\FreeTime
2009-07-23 15:32 . 2009-07-23 15:39 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2009-07-22 20:06 . 2009-07-22 20:06 -------- d-----w- c:\program files\CleanUp!
2009-07-20 22:47 . 2009-07-20 22:47 -------- d-----w- c:\program files\Datel
2009-07-19 15:22 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-19 15:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-19 15:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-19 15:21 . 2009-07-19 15:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-19 15:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-19 15:21 . 2009-07-22 19:03 -------- d-----w- c:\program files\Spyware Doctor
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Tools
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\programdata\PC Tools
2009-07-18 17:19 . 2009-07-18 17:19 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
2009-07-18 17:09 . 2009-07-18 17:09 -------- d-----w- c:\users\Chris\AppData\Roaming\WildTangent
2009-07-18 16:20 . 2009-07-18 16:20 1372 ----a-w- c:\windows\system32\sulXSVQZyccBbxu.vbs
2009-07-18 16:19 . 2009-07-18 16:19 1372 ----a-w- c:\windows\system32\c7SbYJf5ntITkmG.vbs
2009-07-16 22:06 . 2009-07-16 22:06 1372 ----a-w- c:\windows\system32\ZgNYNSPsBPgWW.vbs
2009-07-15 16:48 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:48 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:48 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:48 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:09 . 2009-07-15 11:09 1372 ----a-w- c:\windows\system32\DJ2IxfI.vbs
2009-07-12 13:35 . 2009-07-12 13:58 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:24 . 2008-08-07 08:02 71324 ----a-w- c:\programdata\nvModes.dat
2009-08-10 18:54 . 2009-03-23 20:42 -------- d-----w- c:\programdata\Google Updater
2009-08-10 16:39 . 2008-12-07 14:43 75200 ----a-w- c:\users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 11:29 . 2009-06-18 09:59 -------- d-----w- c:\program files\Circle Developeent
2009-08-10 08:52 . 2008-05-26 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 08:50 . 2008-05-26 08:05 -------- d-----w- c:\programdata\Symantec
2009-08-10 01:03 . 2009-06-18 10:00 -------- d-----w- c:\programdata\mealblahooze
2009-08-09 19:36 . 2009-07-07 17:12 -------- d-----w- c:\users\Chris\AppData\Roaming\Azureus
2009-08-09 18:56 . 2009-03-15 10:24 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-08-09 18:24 . 2008-05-26 17:35 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 18:24 . 2008-05-26 17:35 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-02 19:35 . 2009-06-30 17:14 -------- d-----w- c:\program files\Vuze
2009-07-31 22:28 . 2009-05-03 16:17 -------- d-----w- c:\program files\Youtube Downloader HD
2009-07-31 01:08 . 2009-02-19 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:03 . 2009-02-09 12:38 75664 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-24 14:26 . 2008-05-26 09:28 -------- d-----w- c:\programdata\Microsoft Help
2009-07-23 22:19 . 2008-05-26 09:57 -------- d-----w- c:\program files\Java
2009-07-22 20:08 . 2009-02-09 14:28 -------- d-----w- c:\users\Galdeano\AppData\Roaming\LimeWire
2009-07-22 20:08 . 2009-06-30 17:14 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Azureus
2009-07-21 21:52 . 2009-07-30 22:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 22:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 22:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 22:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 10:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 18:21 . 2009-06-18 09:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 11:16 . 2009-06-14 18:06 680 ----a-w- c:\users\Galdeano\AppData\Local\d3d9caps.dat
2009-07-09 20:30 . 2009-07-09 20:30 1878984 ----a-w- c:\users\Galdeano\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-01 10:22 . 2009-03-22 15:53 -------- d-----w- c:\programdata\CanonIJPLM
2009-07-01 10:16 . 2009-04-11 13:17 -------- d-----w- c:\program files\Safari
2009-07-01 10:11 . 2009-07-01 10:10 -------- d-----w- c:\program files\iTunes
2009-07-01 10:10 . 2009-07-01 10:10 -------- d-----w- c:\program files\iPod
2009-07-01 10:10 . 2009-03-03 16:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-01 10:07 . 2009-07-01 10:06 -------- d-----w- c:\program files\QuickTime
2009-07-01 09:56 . 2009-07-01 09:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-30 17:15 . 2009-06-30 17:15 -------- d-----w- c:\programdata\Azureus
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-18 09:56 . 2009-06-18 09:56 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 13:04 . 2009-06-16 13:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-15 08:30 . 2009-06-15 08:30 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA78E.tmp.exe
2009-06-12 01:09 . 2008-05-26 09:05 -------- d-----w- c:\program files\Microsoft Works
2009-03-31 20:47 . 2009-06-18 09:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-23 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Galdeano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Galdeano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{63FC0E32-44A3-4668-9819-DA27EB62692A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1E6979A3-3BDF-4DD7-B94B-EC7DE0004C4A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{759D2343-1D58-47DE-ADB8-46C43FA825E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31BF0BE5-F768-4AD3-818A-204C2F878DC1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F7EDD56-E6C2-4F9D-9CC7-445678D6E318}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3351A1A5-4720-42F5-A517-A6597EEABCB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1C200367-AC15-4425-8497-434A015A20C8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19D1BD83-6606-4155-89BE-3F430C5DF4A9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0CFE5DE5-8944-48DF-84E9-813D448CBDE7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F3D8FB44-2BCA-4B29-B88F-8040E5F0520B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7DA5AC63-2CF2-4F26-AC8E-18D38077CAF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB36B454-B273-4206-AD5A-F6A093FFBA78}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{212856A8-99EF-4DE3-A7F2-610CC590D9D5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9CC6250B-416D-490B-B15C-30835FF153F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B06DA3C-A5E2-4EEA-B542-1BB8DA8AF7F6}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{9A3DFADF-ED25-4DFB-A142-5C597C6DC36A}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{8A013790-CE75-4360-AB83-8E300BA8FD33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AB8E3F88-8B7F-4D59-84AB-DB67CFA6DF50}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/07/2009 17:21 130936]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2009 11:26 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/05/2008 11:52 361808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 14:39 42528]
S2 gupdate1c9abf7f7465800;Service Google Update (gupdate1c9abf7f7465800);c:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 22:42 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/05/2008 10:32 193840]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20/02/2009 01:30 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/07/2009 17:21 348752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:41]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Galdeano\AppData\Roaming\Mozilla\Firefox\Profiles\eymq5rs6.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Galdeano\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 22:43
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]
@DACL=(02 0000)
"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]
@DACL=(02 0000)
"FLAG"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]
@DACL=(02 0000)
"EnableKmixer"=hex:01,00,00,00
"KMixerDataInitialDelay"=hex:0d,00,00,00
"KMixerSpkpInitialDelay"=hex:0c,00,00,00
"MaxSampleValue"=hex:e8,03,00,00
"UnMuteTimerDuration"=hex:d0,07,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]
@DACL=(02 0000)
"1"="at+vcid=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]
@DACL=(02 0000)
"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,
77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05
"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,
00,00
"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,
2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\
"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,
00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\
"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\
"FLAGS"=hex:02,07,00,08,08,00,00,00
"SPKR_MUTE_DELAY"=hex:2c,01
"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00
"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00
"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00
"PROPERTIES"=hex:ff,ff,ff,ff
"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"CSA_FLAGS"=hex:00,00,00,00
"DAAType"=hex:01
"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,
00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\
"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\
"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\
"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,
00,08,00,00,00,04,00,00,00,00,00,00,00
"HwData"=hex:00,10,00,30,01,80,10,00
"DLG_PARAMS"=hex:01,00,00,00,00
"HANDSET_PARAMS"=hex:00,00,ff,ff,ff
"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff
"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00
"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00
"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00
"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00
"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a
"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,
00,00,30,75,b8,0b
"JCID_RING"=hex:32,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]
@DACL=(02 0000)
"Current"=hex:ff,00
"Previous"=hex:ff,00
"COPY_CTY"=hex:00,00,00,00
"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,
ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]
@DACL=(02 0000)
"Type"=hex:00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=";"
"SpeakerVolume_Low"="L1"
"SpeakerVolume_Med"="L2"
"SpeakerVolume_High"="L3"
"SpeakerMode_Off"="M0"
"SpeakerMode_Dial"="M1"
"SpeakerMode_On"="M2"
"SpeakerMode_Setup"="M3"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Soft"="+IFC=1,1;"
"Pulse"="P"
"Tone"="T"
"Blind_Off"="X4"
"Blind_On"="X3"
"CallSetupFailTimer"="S7=<#>"
"ErrorControl_On"="+ES=3,0,2;"
"ErrorControl_Off"="+ES=1,0,1;"
"ErrorControl_Forced"="+ES=3,2,4;"
"Compression_On"="+DS=3;+DS44=3;"
"Compression_Off"="+DS=0;+DS44=0;"
"InactivityTimeout"="S30=<#>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]
@DACL=(02 0000)
"QC_CONF"=hex:01,01,01,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&F<cr>"
"3"="ATV1E0S0=0&D2&C1<cr>"
"4"="AT+CMEE=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Soft"="+IFC=1,1;"
"CompatibilityFlags"=hex:01,00,00,00
"CallSetupFailTimer"="S7=<#>"
"DialPrefix"="D"
"DialSuffix"=";"
"Prefix"="AT"
"Terminator"="<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Hangup]
@DACL=(02 0000)
"1"="ATHE1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="ATE0V1&D2&C1S0=0<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=""
"Pulse"="P"
"Tone"="T"
"CallSetupFailTimer"="S7=<#>"
.
Completion time: 2009-08-10 22:46
ComboFix-quarantined-files.txt 2009-08-10 20:46
Pre-Run: 78 497 067 008 octets libres
Post-Run: 78 473 232 384 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
502 --- E O F --- 2009-08-07 13:27
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question