PC INFECTE PAR HTML/infected.Webpage.Gen
Fermé
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
-
10 août 2009 à 20:45
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 - 12 août 2009 à 00:00
phk30 Messages postés 1030 Date d'inscription dimanche 3 avril 2005 Statut Membre Dernière intervention 25 mars 2018 - 12 août 2009 à 00:00
A voir également:
- PC INFECTE PAR HTML/infected.Webpage.Gen
- Benchmark pc - Guide
- Ecran noir pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
11 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
10 août 2009 à 22:34
10 août 2009 à 22:34
OK. Fais redémarrer ton ordinateur, puis passé à la suite :
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helper du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Fais un clic-droit sur ComboFix.exe et clique sur « Exécuter en temps qu'administrateur ».
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helper du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Fais un clic-droit sur ComboFix.exe et clique sur « Exécuter en temps qu'administrateur ».
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
10 août 2009 à 20:58
10 août 2009 à 20:58
Bonjour,
Ce rapport montre plusieurs infections, on va toutes les traiter une par une.
Il y a tout d'abord une infection Lop/Swizzor, qui s'installe notamment via les logiciels suivant, en contrepartie de leur dite « gratuité » :
• Le sponsor de Messenger Plus!
• BitDownload
• BitGrabber
• BitRoll
• NetPumper
• TorrentQ
• Torrent101
Pour supprimer cette infection, il faut utiliser le programme LopS&D.
• Télécharge Lop S&D (créé par eric 71) sur ton Bureau
• Double-clique dessus pour lancer l'installation
• Fais un clic-droit sur le raccourci Lop S&D présent sur ton Bureau, puis choisis « Exécuter en temps qu'administrateur ».
• Sélectionne la langue souhaitée, puis choisis l'option 2 (Suppression)
• Patiente jusqu'à la fin du scan
• Poste le rapport généré (C:\lopR.txt)
Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php
Ce rapport montre plusieurs infections, on va toutes les traiter une par une.
Il y a tout d'abord une infection Lop/Swizzor, qui s'installe notamment via les logiciels suivant, en contrepartie de leur dite « gratuité » :
• Le sponsor de Messenger Plus!
• BitDownload
• BitGrabber
• BitRoll
• NetPumper
• TorrentQ
• Torrent101
Pour supprimer cette infection, il faut utiliser le programme LopS&D.
• Télécharge Lop S&D (créé par eric 71) sur ton Bureau
• Double-clique dessus pour lancer l'installation
• Fais un clic-droit sur le raccourci Lop S&D présent sur ton Bureau, puis choisis « Exécuter en temps qu'administrateur ».
• Sélectionne la langue souhaitée, puis choisis l'option 2 (Suppression)
• Patiente jusqu'à la fin du scan
• Poste le rapport généré (C:\lopR.txt)
Tutoriel pour t’aider : http://www.malekal.com//tutorial_Lop_SD.php
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
75
10 août 2009 à 21:21
10 août 2009 à 21:21
bonsoir et merci pour la rapidité c'est en cour je répond de mon autre pc et d'abord question cela va t'il désinfecté les 2 sessions ? merci à bientot
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
75
10 août 2009 à 21:23
10 août 2009 à 21:23
VOICI LE RAPPORT
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) SI-40 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Galdeano ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:223 Go (Free:73 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/08/2009|21:13 )
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\Okay meta anti lite\Trans Title.dat
Supprime! - C:\ProgramData\Okay meta anti lite\wait program.dat
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@adserver5[1].txt
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@www.adserver5[2].txt
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@advertising[1].txt
Supprime! - C:\ProgramData\listthirdthird.kb2sj
Supprime! - C:\ProgramData\listthirdthird.r6kom
Supprime! - C:\ProgramData\listthirdthird.uockq
Supprime! - C:\ProgramData\listthirdthird.xrbfea
Supprime! - C:\ProgramData\Bat first rule.kuv5gl2
Supprime! - C:\ProgramData\listthirdthird.hmxde5g
Supprime! - C:\ProgramData\Okay meta anti lite
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\PROGRA~2\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[21/02/2009|18:32] C:\Users\Galdeano\AppData\Local\Adobe
[07/12/2008|18:07] C:\Users\Galdeano\AppData\Local\AOL
[03/03/2009|18:27] C:\Users\Galdeano\AppData\Local\Apple
[11/04/2009|15:27] C:\Users\Galdeano\AppData\Local\Apple Computer
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Application Data
[19/04/2009|10:41] C:\Users\Galdeano\AppData\Local\Ares
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\AtStart.txt
[14/07/2009|13:16] C:\Users\Galdeano\AppData\Local\d3d9caps.dat
[09/07/2009|18:54] C:\Users\Galdeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\DSwitch.txt
[10/08/2009|18:39] C:\Users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\Galdeano\AppData\Local\gnc.exe
[09/08/2009|00:58] C:\Users\Galdeano\AppData\Local\Google
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Historique
[13/06/2009|18:19] C:\Users\Galdeano\AppData\Local\Microsoft
[11/12/2008|22:34] C:\Users\Galdeano\AppData\Local\Microsoft Games
[18/06/2009|11:56] C:\Users\Galdeano\AppData\Local\Mozilla
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\QSwitch.txt
[20/02/2009|12:25] C:\Users\Galdeano\AppData\Local\QuickPlay
[09/02/2009|18:43] C:\Users\Galdeano\AppData\Local\Shareaza
[10/08/2009|21:13] C:\Users\Galdeano\AppData\Local\Temp
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Temporary Internet Files
[07/12/2008|17:26] C:\Users\Galdeano\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[10/08/2009 20:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
[09/08/2009 19:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
[10/08/2009 20:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
[10/08/2009 12:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
[10/08/2009 20:57][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[10/08/2009 20:07][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[10/08/2009 20:54][--a------] C:\Windows\tasks\Google Software Updater.job
[10/08/2009 21:13][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
[10/08/2009 20:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
[03/08/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - Galdeano.job
[10/08/2009 20:06][--ah-----] C:\Windows\tasks\SA.DAT
[10/08/2009 18:49][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[26/05/2008|11:32] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[11/04/2009|15:24] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[26/05/2008|11:34] C:\ProgramData\Adobe
[03/08/2009|19:39] C:\ProgramData\airportmania
[26/05/2008|11:46] C:\ProgramData\AOL
[03/03/2009|18:26] C:\ProgramData\Apple
[03/03/2009|18:31] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[07/08/2008|09:26] C:\ProgramData\Atheros
[10/08/2009|11:26] C:\ProgramData\Avira
[30/06/2009|19:15] C:\ProgramData\Azureus
[07/12/2008|16:21] C:\ProgramData\Bureau
[22/03/2009|15:06] C:\ProgramData\CanonBJ
[22/03/2009|17:57] C:\ProgramData\CanonIJ
[22/03/2009|17:57] C:\ProgramData\CanonIJEGV
[22/03/2009|17:54] C:\ProgramData\CanonIJEPPEX
[22/03/2009|17:53] C:\ProgramData\CanonIJMyPrinter
[01/07/2009|12:22] C:\ProgramData\CanonIJPLM
[22/03/2009|17:54] C:\ProgramData\CanonIJSolutionMenu
[19/02/2009|00:56] C:\ProgramData\CyberLink
[27/04/2009|17:49] C:\ProgramData\DAEMON Tools Pro
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[16/02/2009|18:27] C:\ProgramData\eMule
[07/12/2008|16:21] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[03/05/2009|18:24] C:\ProgramData\FirmTools
[04/04/2009|21:12] C:\ProgramData\Google
[10/08/2009|20:54] C:\ProgramData\Google Updater
[07/08/2008|10:02] C:\ProgramData\Hewlett-Packard
[18/06/2009|12:02] C:\ProgramData\Manager Delete 4.ml9fg73
[10/08/2009|03:03] C:\ProgramData\mealblahooze
[07/12/2008|16:21] C:\ProgramData\Menu D‚marrer
[18/06/2009|14:55] C:\ProgramData\Messenger Plus!
[09/08/2009|22:59] C:\ProgramData\Microsoft
[24/07/2009|16:26] C:\ProgramData\Microsoft Help
[07/12/2008|16:21] C:\ProgramData\ModŠles
[26/05/2008|11:17] C:\ProgramData\muvee Technologies
[10/08/2009|11:57] C:\ProgramData\ntuser.pol
[07/08/2008|10:08] C:\ProgramData\NVIDIA
[10/08/2009|20:07] C:\ProgramData\nvModes.001
[10/08/2009|20:07] C:\ProgramData\nvModes.dat
[19/07/2009|17:21] C:\ProgramData\PC Tools
[13/12/2008|14:01] C:\ProgramData\PlayFirst
[02/11/2006|15:02] C:\ProgramData\Start Menu
[10/08/2009|10:50] C:\ProgramData\Symantec
[24/07/2009|00:22] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[24/12/2008|20:16] C:\ProgramData\WildTangent
[08/02/2009|00:47] C:\ProgramData\WindowsSearch
[03/08/2009|19:12] C:\ProgramData\Zylom
--------------------\\ Listing des dossiers dans C:\Program Files
[26/05/2008|11:32] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[26/05/2008|11:33] C:\Program Files\Adobe
[07/12/2008|16:28] C:\Program Files\AIM6
[05/02/2009|12:38] C:\Program Files\Alwil Software
[26/05/2008|11:46] C:\Program Files\AOL
[03/03/2009|18:27] C:\Program Files\Apple Software Update
[19/04/2009|10:41] C:\Program Files\Ares
[07/08/2008|09:27] C:\Program Files\Atheros
[10/08/2009|11:26] C:\Program Files\Avira
[11/04/2009|15:15] C:\Program Files\Bonjour
[22/03/2009|18:15] C:\Program Files\Canon
[22/03/2009|17:48] C:\Program Files\CanonBJ
[09/08/2009|21:19] C:\Program Files\CCleaner
[10/08/2009|13:29] C:\Program Files\Circle Developeent
[07/08/2008|09:26] C:\Program Files\Cisco
[22/07/2009|22:06] C:\Program Files\CleanUp!
[19/07/2009|17:21] C:\Program Files\Common Files
[23/07/2009|20:53] C:\Program Files\Conduit
[07/08/2008|09:34] C:\Program Files\CONEXANT
[22/04/2009|12:51] C:\Program Files\Creative Labs
[07/08/2008|10:06] C:\Program Files\CyberLink
[27/04/2009|17:53] C:\Program Files\DAEMON Tools Pro
[21/07/2009|00:47] C:\Program Files\Datel
[26/05/2008|11:46] C:\Program Files\EasyBits For Kids
[07/12/2008|16:21] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[03/05/2009|18:24] C:\Program Files\FirmTools
[23/07/2009|20:49] C:\Program Files\FreeTime
[22/04/2009|19:06] C:\Program Files\GameSpy Arcade
[17/05/2009|20:16] C:\Program Files\Google
[24/02/2009|19:01] C:\Program Files\Guitar Pro 5
[16/04/2009|00:11] C:\Program Files\Hewlett-Packard
[26/05/2008|11:56] C:\Program Files\HP
[26/05/2008|10:41] C:\Program Files\HP Games
[03/05/2009|10:20] C:\Program Files\InstallShield Installation Information
[31/07/2009|03:06] C:\Program Files\Internet Explorer
[01/07/2009|12:10] C:\Program Files\iPod
[01/07/2009|12:11] C:\Program Files\iTunes
[24/07/2009|00:19] C:\Program Files\Java
[09/02/2009|16:27] C:\Program Files\LimeWire
[03/05/2009|10:20] C:\Program Files\LucasArts
[14/07/2009|20:21] C:\Program Files\Messenger Plus! Live
[20/02/2009|01:31] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[21/01/2009|14:05] C:\Program Files\Microsoft Office
[20/02/2009|01:31] C:\Program Files\Microsoft Office Outlook Connector
[31/07/2009|03:08] C:\Program Files\Microsoft Silverlight
[20/02/2009|01:26] C:\Program Files\Microsoft SQL Server Compact Edition
[20/02/2009|01:29] C:\Program Files\Microsoft Sync Framework
[21/01/2009|14:05] C:\Program Files\Microsoft Visual Studio
[12/06/2009|03:09] C:\Program Files\Microsoft Works
[26/05/2008|11:30] C:\Program Files\Microsoft.NET
[26/05/2008|19:38] C:\Program Files\Movie Maker
[10/08/2009|16:23] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[04/02/2009|08:36] C:\Program Files\MSXML 4.0
[26/05/2008|11:17] C:\Program Files\muvee Technologies
[07/08/2008|09:33] C:\Program Files\NetWaiting
[07/12/2008|16:28] C:\Program Files\Online Services
[01/07/2009|12:07] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[01/07/2009|12:16] C:\Program Files\Safari
[11/04/2009|14:59] C:\Program Files\Samsung
[16/04/2009|15:16] C:\Program Files\Shareaza
[23/07/2009|20:54] C:\Program Files\Softonic_France_FF
[22/07/2009|21:03] C:\Program Files\Spyware Doctor
[07/08/2008|09:31] C:\Program Files\Synaptics
[10/08/2009|16:08] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[05/02/2009|18:40] C:\Program Files\VideoLAN
[02/08/2009|21:35] C:\Program Files\Vuze
[26/05/2008|19:38] C:\Program Files\Windows Calendar
[26/05/2008|19:38] C:\Program Files\Windows Collaboration
[26/05/2008|19:38] C:\Program Files\Windows Defender
[26/05/2008|19:38] C:\Program Files\Windows Journal
[20/02/2009|01:30] C:\Program Files\Windows Live
[07/02/2009|22:22] C:\Program Files\Windows Live SkyDrive
[16/07/2009|12:38] C:\Program Files\Windows Mail
[12/03/2009|04:07] C:\Program Files\Windows Media Player
[07/12/2008|16:21] C:\Program Files\Windows NT
[26/05/2008|19:38] C:\Program Files\Windows Photo Gallery
[26/05/2008|19:38] C:\Program Files\Windows Sidebar
[18/07/2009|14:13] C:\Program Files\WinRAR
[01/08/2009|00:28] C:\Program Files\Youtube Downloader HD
[03/08/2009|21:24] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[26/05/2008|11:34] C:\Program Files\Common Files\Adobe
[07/12/2008|16:28] C:\Program Files\Common Files\AOL
[01/07/2009|12:10] C:\Program Files\Common Files\Apple
[22/03/2009|17:52] C:\Program Files\Common Files\CANON
[26/05/2008|11:30] C:\Program Files\Common Files\DESIGNER
[26/05/2008|11:50] C:\Program Files\Common Files\InstallShield
[26/05/2008|11:57] C:\Program Files\Common Files\Java
[07/08/2008|10:03] C:\Program Files\Common Files\LightScribe
[24/07/2009|16:44] C:\Program Files\Common Files\microsoft shared
[26/05/2008|11:17] C:\Program Files\Common Files\muvee Technologies
[19/07/2009|17:24] C:\Program Files\Common Files\PC Tools
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[16/04/2009|14:46] C:\Program Files\Common Files\SWF Studio
[10/08/2009|10:52] C:\Program Files\Common Files\Symantec Shared
[20/02/2009|01:31] C:\Program Files\Common Files\System
[07/02/2009|21:54] C:\Program Files\Common Files\Windows Live
--------------------\\ Process
( 63 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 21:15:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:6][D:5]-> C:\Users\Galdeano\AppData\Local\Temp
[F:1114][D:1]-> C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies
[F:684][D:4]-> C:\Users\Galdeano\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:145][D:8]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 10/08/2009|21:20 - Option : [2]
--------------------\\ Fin du rapport a 21:20:25
[ UAC => 1 ]
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) SI-40 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Galdeano ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:223 Go (Free:73 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/08/2009|21:13 )
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\Okay meta anti lite\Trans Title.dat
Supprime! - C:\ProgramData\Okay meta anti lite\wait program.dat
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@adserver5[1].txt
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@www.adserver5[2].txt
Supprime! - C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies\galdeano@advertising[1].txt
Supprime! - C:\ProgramData\listthirdthird.kb2sj
Supprime! - C:\ProgramData\listthirdthird.r6kom
Supprime! - C:\ProgramData\listthirdthird.uockq
Supprime! - C:\ProgramData\listthirdthird.xrbfea
Supprime! - C:\ProgramData\Bat first rule.kuv5gl2
Supprime! - C:\ProgramData\listthirdthird.hmxde5g
Supprime! - C:\ProgramData\Okay meta anti lite
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\PROGRA~2\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[21/02/2009|18:32] C:\Users\Galdeano\AppData\Local\Adobe
[07/12/2008|18:07] C:\Users\Galdeano\AppData\Local\AOL
[03/03/2009|18:27] C:\Users\Galdeano\AppData\Local\Apple
[11/04/2009|15:27] C:\Users\Galdeano\AppData\Local\Apple Computer
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Application Data
[19/04/2009|10:41] C:\Users\Galdeano\AppData\Local\Ares
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\AtStart.txt
[14/07/2009|13:16] C:\Users\Galdeano\AppData\Local\d3d9caps.dat
[09/07/2009|18:54] C:\Users\Galdeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\DSwitch.txt
[10/08/2009|18:39] C:\Users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2008|18:18] C:\Users\Galdeano\AppData\Local\gnc.exe
[09/08/2009|00:58] C:\Users\Galdeano\AppData\Local\Google
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Historique
[13/06/2009|18:19] C:\Users\Galdeano\AppData\Local\Microsoft
[11/12/2008|22:34] C:\Users\Galdeano\AppData\Local\Microsoft Games
[18/06/2009|11:56] C:\Users\Galdeano\AppData\Local\Mozilla
[07/12/2008|16:43] C:\Users\Galdeano\AppData\Local\QSwitch.txt
[20/02/2009|12:25] C:\Users\Galdeano\AppData\Local\QuickPlay
[09/02/2009|18:43] C:\Users\Galdeano\AppData\Local\Shareaza
[10/08/2009|21:13] C:\Users\Galdeano\AppData\Local\Temp
[07/12/2008|16:25] C:\Users\Galdeano\AppData\Local\Temporary Internet Files
[07/12/2008|17:26] C:\Users\Galdeano\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[10/08/2009 20:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
[09/08/2009 19:30][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
[10/08/2009 20:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
[10/08/2009 12:41][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
[10/08/2009 20:57][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[10/08/2009 20:07][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[10/08/2009 20:54][--a------] C:\Windows\tasks\Google Software Updater.job
[10/08/2009 21:13][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
[10/08/2009 20:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
[03/08/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - Galdeano.job
[10/08/2009 20:06][--ah-----] C:\Windows\tasks\SA.DAT
[10/08/2009 18:49][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[26/05/2008|11:32] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[11/04/2009|15:24] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[26/05/2008|11:34] C:\ProgramData\Adobe
[03/08/2009|19:39] C:\ProgramData\airportmania
[26/05/2008|11:46] C:\ProgramData\AOL
[03/03/2009|18:26] C:\ProgramData\Apple
[03/03/2009|18:31] C:\ProgramData\Apple Computer
[02/11/2006|15:02] C:\ProgramData\Application Data
[07/08/2008|09:26] C:\ProgramData\Atheros
[10/08/2009|11:26] C:\ProgramData\Avira
[30/06/2009|19:15] C:\ProgramData\Azureus
[07/12/2008|16:21] C:\ProgramData\Bureau
[22/03/2009|15:06] C:\ProgramData\CanonBJ
[22/03/2009|17:57] C:\ProgramData\CanonIJ
[22/03/2009|17:57] C:\ProgramData\CanonIJEGV
[22/03/2009|17:54] C:\ProgramData\CanonIJEPPEX
[22/03/2009|17:53] C:\ProgramData\CanonIJMyPrinter
[01/07/2009|12:22] C:\ProgramData\CanonIJPLM
[22/03/2009|17:54] C:\ProgramData\CanonIJSolutionMenu
[19/02/2009|00:56] C:\ProgramData\CyberLink
[27/04/2009|17:49] C:\ProgramData\DAEMON Tools Pro
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[16/02/2009|18:27] C:\ProgramData\eMule
[07/12/2008|16:21] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[03/05/2009|18:24] C:\ProgramData\FirmTools
[04/04/2009|21:12] C:\ProgramData\Google
[10/08/2009|20:54] C:\ProgramData\Google Updater
[07/08/2008|10:02] C:\ProgramData\Hewlett-Packard
[18/06/2009|12:02] C:\ProgramData\Manager Delete 4.ml9fg73
[10/08/2009|03:03] C:\ProgramData\mealblahooze
[07/12/2008|16:21] C:\ProgramData\Menu D‚marrer
[18/06/2009|14:55] C:\ProgramData\Messenger Plus!
[09/08/2009|22:59] C:\ProgramData\Microsoft
[24/07/2009|16:26] C:\ProgramData\Microsoft Help
[07/12/2008|16:21] C:\ProgramData\ModŠles
[26/05/2008|11:17] C:\ProgramData\muvee Technologies
[10/08/2009|11:57] C:\ProgramData\ntuser.pol
[07/08/2008|10:08] C:\ProgramData\NVIDIA
[10/08/2009|20:07] C:\ProgramData\nvModes.001
[10/08/2009|20:07] C:\ProgramData\nvModes.dat
[19/07/2009|17:21] C:\ProgramData\PC Tools
[13/12/2008|14:01] C:\ProgramData\PlayFirst
[02/11/2006|15:02] C:\ProgramData\Start Menu
[10/08/2009|10:50] C:\ProgramData\Symantec
[24/07/2009|00:22] C:\ProgramData\TEMP
[02/11/2006|15:02] C:\ProgramData\Templates
[24/12/2008|20:16] C:\ProgramData\WildTangent
[08/02/2009|00:47] C:\ProgramData\WindowsSearch
[03/08/2009|19:12] C:\ProgramData\Zylom
--------------------\\ Listing des dossiers dans C:\Program Files
[26/05/2008|11:32] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[26/05/2008|11:33] C:\Program Files\Adobe
[07/12/2008|16:28] C:\Program Files\AIM6
[05/02/2009|12:38] C:\Program Files\Alwil Software
[26/05/2008|11:46] C:\Program Files\AOL
[03/03/2009|18:27] C:\Program Files\Apple Software Update
[19/04/2009|10:41] C:\Program Files\Ares
[07/08/2008|09:27] C:\Program Files\Atheros
[10/08/2009|11:26] C:\Program Files\Avira
[11/04/2009|15:15] C:\Program Files\Bonjour
[22/03/2009|18:15] C:\Program Files\Canon
[22/03/2009|17:48] C:\Program Files\CanonBJ
[09/08/2009|21:19] C:\Program Files\CCleaner
[10/08/2009|13:29] C:\Program Files\Circle Developeent
[07/08/2008|09:26] C:\Program Files\Cisco
[22/07/2009|22:06] C:\Program Files\CleanUp!
[19/07/2009|17:21] C:\Program Files\Common Files
[23/07/2009|20:53] C:\Program Files\Conduit
[07/08/2008|09:34] C:\Program Files\CONEXANT
[22/04/2009|12:51] C:\Program Files\Creative Labs
[07/08/2008|10:06] C:\Program Files\CyberLink
[27/04/2009|17:53] C:\Program Files\DAEMON Tools Pro
[21/07/2009|00:47] C:\Program Files\Datel
[26/05/2008|11:46] C:\Program Files\EasyBits For Kids
[07/12/2008|16:21] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[03/05/2009|18:24] C:\Program Files\FirmTools
[23/07/2009|20:49] C:\Program Files\FreeTime
[22/04/2009|19:06] C:\Program Files\GameSpy Arcade
[17/05/2009|20:16] C:\Program Files\Google
[24/02/2009|19:01] C:\Program Files\Guitar Pro 5
[16/04/2009|00:11] C:\Program Files\Hewlett-Packard
[26/05/2008|11:56] C:\Program Files\HP
[26/05/2008|10:41] C:\Program Files\HP Games
[03/05/2009|10:20] C:\Program Files\InstallShield Installation Information
[31/07/2009|03:06] C:\Program Files\Internet Explorer
[01/07/2009|12:10] C:\Program Files\iPod
[01/07/2009|12:11] C:\Program Files\iTunes
[24/07/2009|00:19] C:\Program Files\Java
[09/02/2009|16:27] C:\Program Files\LimeWire
[03/05/2009|10:20] C:\Program Files\LucasArts
[14/07/2009|20:21] C:\Program Files\Messenger Plus! Live
[20/02/2009|01:31] C:\Program Files\Microsoft
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[21/01/2009|14:05] C:\Program Files\Microsoft Office
[20/02/2009|01:31] C:\Program Files\Microsoft Office Outlook Connector
[31/07/2009|03:08] C:\Program Files\Microsoft Silverlight
[20/02/2009|01:26] C:\Program Files\Microsoft SQL Server Compact Edition
[20/02/2009|01:29] C:\Program Files\Microsoft Sync Framework
[21/01/2009|14:05] C:\Program Files\Microsoft Visual Studio
[12/06/2009|03:09] C:\Program Files\Microsoft Works
[26/05/2008|11:30] C:\Program Files\Microsoft.NET
[26/05/2008|19:38] C:\Program Files\Movie Maker
[10/08/2009|16:23] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[04/02/2009|08:36] C:\Program Files\MSXML 4.0
[26/05/2008|11:17] C:\Program Files\muvee Technologies
[07/08/2008|09:33] C:\Program Files\NetWaiting
[07/12/2008|16:28] C:\Program Files\Online Services
[01/07/2009|12:07] C:\Program Files\QuickTime
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[01/07/2009|12:16] C:\Program Files\Safari
[11/04/2009|14:59] C:\Program Files\Samsung
[16/04/2009|15:16] C:\Program Files\Shareaza
[23/07/2009|20:54] C:\Program Files\Softonic_France_FF
[22/07/2009|21:03] C:\Program Files\Spyware Doctor
[07/08/2008|09:31] C:\Program Files\Synaptics
[10/08/2009|16:08] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[05/02/2009|18:40] C:\Program Files\VideoLAN
[02/08/2009|21:35] C:\Program Files\Vuze
[26/05/2008|19:38] C:\Program Files\Windows Calendar
[26/05/2008|19:38] C:\Program Files\Windows Collaboration
[26/05/2008|19:38] C:\Program Files\Windows Defender
[26/05/2008|19:38] C:\Program Files\Windows Journal
[20/02/2009|01:30] C:\Program Files\Windows Live
[07/02/2009|22:22] C:\Program Files\Windows Live SkyDrive
[16/07/2009|12:38] C:\Program Files\Windows Mail
[12/03/2009|04:07] C:\Program Files\Windows Media Player
[07/12/2008|16:21] C:\Program Files\Windows NT
[26/05/2008|19:38] C:\Program Files\Windows Photo Gallery
[26/05/2008|19:38] C:\Program Files\Windows Sidebar
[18/07/2009|14:13] C:\Program Files\WinRAR
[01/08/2009|00:28] C:\Program Files\Youtube Downloader HD
[03/08/2009|21:24] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[26/05/2008|11:34] C:\Program Files\Common Files\Adobe
[07/12/2008|16:28] C:\Program Files\Common Files\AOL
[01/07/2009|12:10] C:\Program Files\Common Files\Apple
[22/03/2009|17:52] C:\Program Files\Common Files\CANON
[26/05/2008|11:30] C:\Program Files\Common Files\DESIGNER
[26/05/2008|11:50] C:\Program Files\Common Files\InstallShield
[26/05/2008|11:57] C:\Program Files\Common Files\Java
[07/08/2008|10:03] C:\Program Files\Common Files\LightScribe
[24/07/2009|16:44] C:\Program Files\Common Files\microsoft shared
[26/05/2008|11:17] C:\Program Files\Common Files\muvee Technologies
[19/07/2009|17:24] C:\Program Files\Common Files\PC Tools
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[16/04/2009|14:46] C:\Program Files\Common Files\SWF Studio
[10/08/2009|10:52] C:\Program Files\Common Files\Symantec Shared
[20/02/2009|01:31] C:\Program Files\Common Files\System
[07/02/2009|21:54] C:\Program Files\Common Files\Windows Live
--------------------\\ Process
( 63 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 21:15:44
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:6][D:5]-> C:\Users\Galdeano\AppData\Local\Temp
[F:1114][D:1]-> C:\Users\Galdeano\AppData\Roaming\MICROS~1\Windows\Cookies
[F:684][D:4]-> C:\Users\Galdeano\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:145][D:8]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 10/08/2009|21:20 - Option : [2]
--------------------\\ Fin du rapport a 21:20:25
[ UAC => 1 ]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
10 août 2009 à 22:01
10 août 2009 à 22:01
L'infection n'a pas été éradiquée totalement, on va devoir faire un script de suppression. Mais avant, fais ce scan généraliste stp :
• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp
• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
75
10 août 2009 à 22:27
10 août 2009 à 22:27
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2593
Windows 6.0.6001 Service Pack 1
10/08/2009 22:22:06
mbam-log-2009-08-10 (22-22-06).txt
Type de recherche: Examen rapide
Eléments examinés: 94474
Temps écoulé: 4 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\credssp32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\credssp32.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Windows\System32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\winupdate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\245.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\245.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\246.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\246.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\247.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\248.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\248.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\249.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\250.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\251.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\252.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
Version de la base de données: 2593
Windows 6.0.6001 Service Pack 1
10/08/2009 22:22:06
mbam-log-2009-08-10 (22-22-06).txt
Type de recherche: Examen rapide
Eléments examinés: 94474
Temps écoulé: 4 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\credssp32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\credssp32.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Windows\System32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Windows\System32\credssp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\winupdate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\245.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\245.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\246.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\246.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\247.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\247.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\248.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\248.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\249.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\250.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\251.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Windows\System32\SystemX86\252.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
75
10 août 2009 à 23:10
10 août 2009 à 23:10
je n'arrive plus a ouvrir internet explorer et mozilla une fenetre dit tentative d'operation non autorise sur une cle du registre marquée pour suppression dans C:\programfiles\internet exploreriexplore.exe merci
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
75
10 août 2009 à 23:11
10 août 2009 à 23:11
ceci après le scan combofix biensur
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
10 août 2009 à 23:17
10 août 2009 à 23:17
Est-ce que le problème persiste après redémarrage de l'ordinateur ?
Avais-tu bien désactivé tes logiciels de protection avant de lancer Combofix ?
Est-ce que tu peux poster le rapport de Combofix pour que j'essaye de déterminer ce qui crée ce problème ?
Avais-tu bien désactivé tes logiciels de protection avant de lancer Combofix ?
Est-ce que tu peux poster le rapport de Combofix pour que j'essaye de déterminer ce qui crée ce problème ?
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
75
10 août 2009 à 23:26
10 août 2009 à 23:26
J AI EU PEUR voici le rapport avec tout desactiver
ComboFix 09-08-10.01 - Galdeano 10/08/2009 22:54.2.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1742 [GMT 2:00]
Running from: c:\users\Galdeano\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Galdeano\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\programdata\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 19:12 . 2009-08-10 19:20 -------- d-----w- C:\Lop SD
2009-08-10 09:29 . 2009-08-10 09:28 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-10 09:29 . 2009-08-10 09:28 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-10 09:29 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-10 09:29 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-10 09:29 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-10 09:29 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-10 09:29 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-10 09:26 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 09:26 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\programdata\Avira
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\program files\Avira
2009-08-10 09:04 . 2009-08-10 09:04 23 --sha-w- c:\windows\system32\edacded0.dat
2009-08-09 23:56 . 2009-08-10 14:08 266012242 ----a-w- C:\Sauv.reg
2009-08-09 19:47 . 2009-08-09 19:47 -------- d-----w- C:\UAC
2009-08-09 19:42 . 2009-08-10 14:08 -------- d-----w- c:\program files\Trend Micro
2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\program files\CCleaner
2009-08-03 17:15 . 2009-08-03 17:15 4096 ----a-w- c:\windows\d3dx.dat
2009-08-03 17:15 . 2009-08-03 17:39 -------- d-----w- c:\programdata\airportmania
2009-08-03 17:15 . 2009-08-03 17:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Zylom
2009-08-03 17:12 . 2009-08-03 17:12 -------- d-----w- c:\programdata\Zylom
2009-08-03 17:12 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-08-03 17:12 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-08-03 17:12 . 2009-08-03 19:24 -------- d-----w- c:\program files\Zylom Games
2009-07-24 14:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-24 14:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-24 14:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-24 14:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-24 14:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-24 14:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-24 14:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-24 14:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-24 14:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-24 14:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-23 22:50 . 2008-06-05 16:18 5737 ----a-w- c:\users\Galdeano\AppData\Local\gnc.exe
2009-07-23 22:20 . 2009-07-23 22:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 22:11 . 2009-08-09 15:52 521 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-07-23 20:55 . 2009-08-10 15:28 -------- d-----w- c:\windows\BDOSCAN8
2009-07-23 18:53 . 2009-07-23 18:53 -------- d-----w- c:\program files\Conduit
2009-07-23 18:53 . 2009-07-23 18:54 -------- d-----w- c:\program files\Softonic_France_FF
2009-07-23 18:53 . 2009-07-16 12:05 52224 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\FFExternalAlert.dll
2009-07-23 18:53 . 2009-07-16 12:05 114688 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\npmozax.dll
2009-07-23 18:50 . 2009-07-23 18:50 -------- d-----w- c:\users\Chris\AppData\Roaming\Desktopicon
2009-07-23 18:49 . 2009-07-23 18:49 -------- d-----w- c:\program files\FreeTime
2009-07-23 15:32 . 2009-07-23 15:39 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2009-07-22 20:06 . 2009-07-22 20:06 -------- d-----w- c:\program files\CleanUp!
2009-07-20 22:47 . 2009-07-20 22:47 -------- d-----w- c:\program files\Datel
2009-07-19 15:22 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-19 15:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-19 15:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-19 15:21 . 2009-07-19 15:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-19 15:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-19 15:21 . 2009-07-22 19:03 -------- d-----w- c:\program files\Spyware Doctor
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Tools
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\programdata\PC Tools
2009-07-18 17:19 . 2009-07-18 17:19 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
2009-07-18 17:09 . 2009-07-18 17:09 -------- d-----w- c:\users\Chris\AppData\Roaming\WildTangent
2009-07-18 16:20 . 2009-07-18 16:20 1372 ----a-w- c:\windows\system32\sulXSVQZyccBbxu.vbs
2009-07-18 16:19 . 2009-07-18 16:19 1372 ----a-w- c:\windows\system32\c7SbYJf5ntITkmG.vbs
2009-07-16 22:06 . 2009-07-16 22:06 1372 ----a-w- c:\windows\system32\ZgNYNSPsBPgWW.vbs
2009-07-15 16:48 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:48 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:48 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:48 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:09 . 2009-07-15 11:09 1372 ----a-w- c:\windows\system32\DJ2IxfI.vbs
2009-07-12 13:35 . 2009-07-12 13:58 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:24 . 2008-08-07 08:02 71324 ----a-w- c:\programdata\nvModes.dat
2009-08-10 18:54 . 2009-03-23 20:42 -------- d-----w- c:\programdata\Google Updater
2009-08-10 16:39 . 2008-12-07 14:43 75200 ----a-w- c:\users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 11:29 . 2009-06-18 09:59 -------- d-----w- c:\program files\Circle Developeent
2009-08-10 08:52 . 2008-05-26 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 08:50 . 2008-05-26 08:05 -------- d-----w- c:\programdata\Symantec
2009-08-10 01:03 . 2009-06-18 10:00 -------- d-----w- c:\programdata\mealblahooze
2009-08-09 19:36 . 2009-07-07 17:12 -------- d-----w- c:\users\Chris\AppData\Roaming\Azureus
2009-08-09 18:56 . 2009-03-15 10:24 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-08-09 18:24 . 2008-05-26 17:35 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 18:24 . 2008-05-26 17:35 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-02 19:35 . 2009-06-30 17:14 -------- d-----w- c:\program files\Vuze
2009-07-31 22:28 . 2009-05-03 16:17 -------- d-----w- c:\program files\Youtube Downloader HD
2009-07-31 01:08 . 2009-02-19 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:03 . 2009-02-09 12:38 75664 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-24 14:26 . 2008-05-26 09:28 -------- d-----w- c:\programdata\Microsoft Help
2009-07-23 22:19 . 2008-05-26 09:57 -------- d-----w- c:\program files\Java
2009-07-22 20:08 . 2009-02-09 14:28 -------- d-----w- c:\users\Galdeano\AppData\Roaming\LimeWire
2009-07-22 20:08 . 2009-06-30 17:14 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Azureus
2009-07-21 21:52 . 2009-07-30 22:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 22:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 22:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 22:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 10:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 18:21 . 2009-06-18 09:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 11:16 . 2009-06-14 18:06 680 ----a-w- c:\users\Galdeano\AppData\Local\d3d9caps.dat
2009-07-09 20:30 . 2009-07-09 20:30 1878984 ----a-w- c:\users\Galdeano\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-01 10:22 . 2009-03-22 15:53 -------- d-----w- c:\programdata\CanonIJPLM
2009-07-01 10:16 . 2009-04-11 13:17 -------- d-----w- c:\program files\Safari
2009-07-01 10:11 . 2009-07-01 10:10 -------- d-----w- c:\program files\iTunes
2009-07-01 10:10 . 2009-07-01 10:10 -------- d-----w- c:\program files\iPod
2009-07-01 10:10 . 2009-03-03 16:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-01 10:07 . 2009-07-01 10:06 -------- d-----w- c:\program files\QuickTime
2009-07-01 09:56 . 2009-07-01 09:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-30 17:15 . 2009-06-30 17:15 -------- d-----w- c:\programdata\Azureus
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-18 09:56 . 2009-06-18 09:56 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 13:04 . 2009-06-16 13:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-15 08:30 . 2009-06-15 08:30 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA78E.tmp.exe
2009-06-12 01:09 . 2008-05-26 09:05 -------- d-----w- c:\program files\Microsoft Works
2009-03-31 20:47 . 2009-06-18 09:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-23 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Galdeano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Galdeano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{63FC0E32-44A3-4668-9819-DA27EB62692A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1E6979A3-3BDF-4DD7-B94B-EC7DE0004C4A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{759D2343-1D58-47DE-ADB8-46C43FA825E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31BF0BE5-F768-4AD3-818A-204C2F878DC1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F7EDD56-E6C2-4F9D-9CC7-445678D6E318}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3351A1A5-4720-42F5-A517-A6597EEABCB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1C200367-AC15-4425-8497-434A015A20C8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19D1BD83-6606-4155-89BE-3F430C5DF4A9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0CFE5DE5-8944-48DF-84E9-813D448CBDE7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F3D8FB44-2BCA-4B29-B88F-8040E5F0520B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7DA5AC63-2CF2-4F26-AC8E-18D38077CAF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB36B454-B273-4206-AD5A-F6A093FFBA78}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{212856A8-99EF-4DE3-A7F2-610CC590D9D5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9CC6250B-416D-490B-B15C-30835FF153F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B06DA3C-A5E2-4EEA-B542-1BB8DA8AF7F6}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{9A3DFADF-ED25-4DFB-A142-5C597C6DC36A}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{8A013790-CE75-4360-AB83-8E300BA8FD33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AB8E3F88-8B7F-4D59-84AB-DB67CFA6DF50}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/07/2009 17:21 130936]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2009 11:26 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/05/2008 11:52 361808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 14:39 42528]
S2 gupdate1c9abf7f7465800;Service Google Update (gupdate1c9abf7f7465800);c:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 22:42 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/05/2008 10:32 193840]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20/02/2009 01:30 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/07/2009 17:21 348752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:41]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Galdeano\AppData\Roaming\Mozilla\Firefox\Profiles\eymq5rs6.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 23:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP000000715A326BE0EBC629D0 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]
@DACL=(02 0000)
"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]
@DACL=(02 0000)
"FLAG"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]
@DACL=(02 0000)
"EnableKmixer"=hex:01,00,00,00
"KMixerDataInitialDelay"=hex:0d,00,00,00
"KMixerSpkpInitialDelay"=hex:0c,00,00,00
"MaxSampleValue"=hex:e8,03,00,00
"UnMuteTimerDuration"=hex:d0,07,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]
@DACL=(02 0000)
"1"="at+vcid=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]
@DACL=(02 0000)
"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,
77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05
"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,
00,00
"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,
2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\
"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,
00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\
"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\
"FLAGS"=hex:02,07,00,08,08,00,00,00
"SPKR_MUTE_DELAY"=hex:2c,01
"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00
"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00
"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00
"PROPERTIES"=hex:ff,ff,ff,ff
"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"CSA_FLAGS"=hex:00,00,00,00
"DAAType"=hex:01
"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,
00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\
"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\
"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\
"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,
00,08,00,00,00,04,00,00,00,00,00,00,00
"HwData"=hex:00,10,00,30,01,80,10,00
"DLG_PARAMS"=hex:01,00,00,00,00
"HANDSET_PARAMS"=hex:00,00,ff,ff,ff
"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff
"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00
"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00
"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00
"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00
"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a
"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,
00,00,30,75,b8,0b
"JCID_RING"=hex:32,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]
@DACL=(02 0000)
"Current"=hex:ff,00
"Previous"=hex:ff,00
"COPY_CTY"=hex:00,00,00,00
"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,
ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]
@DACL=(02 0000)
"Type"=hex:00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=";"
"SpeakerVolume_Low"="L1"
"SpeakerVolume_Med"="L2"
"SpeakerVolume_High"="L3"
"SpeakerMode_Off"="M0"
"SpeakerMode_Dial"="M1"
"SpeakerMode_On"="M2"
"SpeakerMode_Setup"="M3"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Soft"="+IFC=1,1;"
"Pulse"="P"
"Tone"="T"
"Blind_Off"="X4"
"Blind_On"="X3"
"CallSetupFailTimer"="S7=<#>"
"ErrorControl_On"="+ES=3,0,2;"
"ErrorControl_Off"="+ES=1,0,1;"
"ErrorControl_Forced"="+ES=3,2,4;"
"Compression_On"="+DS=3;+DS44=3;"
"Compression_Off"="+DS=0;+DS44=0;"
"InactivityTimeout"="S30=<#>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]
@DACL=(02 0000)
"QC_CONF"=hex:01,01,01,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&F<cr>"
"3"="ATV1E0S0=0&D2&C1<cr>"
"4"="AT+CMEE=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Soft"="+IFC=1,1;"
"CompatibilityFlags"=hex:01,00,00,00
"CallSetupFailTimer"="S7=<#>"
"DialPrefix"="D"
"DialSuffix"=";"
"Prefix"="AT"
"Terminator"="<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Hangup]
@DACL=(02 0000)
"1"="ATHE1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="ATE0V1&D2&C1S0=0<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=""
"Pulse"="P"
"Tone"="T"
"CallSetupFailTimer"="S7=<#>"
.
Completion time: 2009-08-10 23:05
ComboFix-quarantined-files.txt 2009-08-10 21:05
ComboFix2.txt 2009-08-10 20:46
Pre-Run: 78 511 185 920 octets libres
Post-Run: 78 468 538 368 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
493 --- E O F --- 2009-08-07 13:27
ComboFix 09-08-10.01 - Galdeano 10/08/2009 22:54.2.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1742 [GMT 2:00]
Running from: c:\users\Galdeano\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Galdeano\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 21:02 . 2009-08-10 21:02 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 20:15 . 2009-08-10 20:15 -------- d-----w- c:\programdata\Malwarebytes
2009-08-10 20:15 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 19:12 . 2009-08-10 19:20 -------- d-----w- C:\Lop SD
2009-08-10 09:29 . 2009-08-10 09:28 404225 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-10 09:29 . 2009-08-10 09:28 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-08-10 09:29 . 2009-04-17 15:07 87297 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-08-10 09:29 . 2009-03-03 09:21 9985 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-08-10 09:29 . 2009-02-24 11:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-08-10 09:29 . 2009-02-17 12:49 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-08-10 09:29 . 2008-10-20 06:38 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-10 09:26 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-10 09:26 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\programdata\Avira
2009-08-10 09:26 . 2009-08-10 09:26 -------- d-----w- c:\program files\Avira
2009-08-10 09:04 . 2009-08-10 09:04 23 --sha-w- c:\windows\system32\edacded0.dat
2009-08-09 23:56 . 2009-08-10 14:08 266012242 ----a-w- C:\Sauv.reg
2009-08-09 19:47 . 2009-08-09 19:47 -------- d-----w- C:\UAC
2009-08-09 19:42 . 2009-08-10 14:08 -------- d-----w- c:\program files\Trend Micro
2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\program files\CCleaner
2009-08-03 17:15 . 2009-08-03 17:15 4096 ----a-w- c:\windows\d3dx.dat
2009-08-03 17:15 . 2009-08-03 17:39 -------- d-----w- c:\programdata\airportmania
2009-08-03 17:15 . 2009-08-03 17:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Zylom
2009-08-03 17:12 . 2009-08-03 17:12 -------- d-----w- c:\programdata\Zylom
2009-08-03 17:12 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-08-03 17:12 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-08-03 17:12 . 2009-08-03 19:24 -------- d-----w- c:\program files\Zylom Games
2009-07-24 14:55 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-24 14:55 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-24 14:55 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-24 14:55 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-24 14:55 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-24 14:55 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-24 14:48 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-24 14:48 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-24 14:48 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-24 14:48 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-24 14:47 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-23 22:50 . 2008-06-05 16:18 5737 ----a-w- c:\users\Galdeano\AppData\Local\gnc.exe
2009-07-23 22:20 . 2009-07-23 22:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 22:11 . 2009-08-09 15:52 521 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-07-23 20:55 . 2009-08-10 15:28 -------- d-----w- c:\windows\BDOSCAN8
2009-07-23 18:53 . 2009-07-23 18:53 -------- d-----w- c:\program files\Conduit
2009-07-23 18:53 . 2009-07-23 18:54 -------- d-----w- c:\program files\Softonic_France_FF
2009-07-23 18:53 . 2009-07-16 12:05 52224 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\FFExternalAlert.dll
2009-07-23 18:53 . 2009-07-16 12:05 114688 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\g05o292w.default\extensions\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}\components\npmozax.dll
2009-07-23 18:50 . 2009-07-23 18:50 -------- d-----w- c:\users\Chris\AppData\Roaming\Desktopicon
2009-07-23 18:49 . 2009-07-23 18:49 -------- d-----w- c:\program files\FreeTime
2009-07-23 15:32 . 2009-07-23 15:39 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2009-07-22 20:06 . 2009-07-22 20:06 -------- d-----w- c:\program files\CleanUp!
2009-07-20 22:47 . 2009-07-20 22:47 -------- d-----w- c:\program files\Datel
2009-07-19 15:22 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-19 15:21 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-19 15:21 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-19 15:21 . 2009-07-19 15:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-19 15:21 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-19 15:21 . 2009-07-22 19:03 -------- d-----w- c:\program files\Spyware Doctor
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\users\Chris\AppData\Roaming\PC Tools
2009-07-19 15:21 . 2009-07-19 15:21 -------- d-----w- c:\programdata\PC Tools
2009-07-18 17:19 . 2009-07-18 17:19 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
2009-07-18 17:09 . 2009-07-18 17:09 -------- d-----w- c:\users\Chris\AppData\Roaming\WildTangent
2009-07-18 16:20 . 2009-07-18 16:20 1372 ----a-w- c:\windows\system32\sulXSVQZyccBbxu.vbs
2009-07-18 16:19 . 2009-07-18 16:19 1372 ----a-w- c:\windows\system32\c7SbYJf5ntITkmG.vbs
2009-07-16 22:06 . 2009-07-16 22:06 1372 ----a-w- c:\windows\system32\ZgNYNSPsBPgWW.vbs
2009-07-15 16:48 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 16:48 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 16:48 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 16:48 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 11:09 . 2009-07-15 11:09 1372 ----a-w- c:\windows\system32\DJ2IxfI.vbs
2009-07-12 13:35 . 2009-07-12 13:58 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:24 . 2008-08-07 08:02 71324 ----a-w- c:\programdata\nvModes.dat
2009-08-10 18:54 . 2009-03-23 20:42 -------- d-----w- c:\programdata\Google Updater
2009-08-10 16:39 . 2008-12-07 14:43 75200 ----a-w- c:\users\Galdeano\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 11:29 . 2009-06-18 09:59 -------- d-----w- c:\program files\Circle Developeent
2009-08-10 08:52 . 2008-05-26 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 08:50 . 2008-05-26 08:05 -------- d-----w- c:\programdata\Symantec
2009-08-10 01:03 . 2009-06-18 10:00 -------- d-----w- c:\programdata\mealblahooze
2009-08-09 19:36 . 2009-07-07 17:12 -------- d-----w- c:\users\Chris\AppData\Roaming\Azureus
2009-08-09 18:56 . 2009-03-15 10:24 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-08-09 18:24 . 2008-05-26 17:35 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 18:24 . 2008-05-26 17:35 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-02 19:35 . 2009-06-30 17:14 -------- d-----w- c:\program files\Vuze
2009-07-31 22:28 . 2009-05-03 16:17 -------- d-----w- c:\program files\Youtube Downloader HD
2009-07-31 01:08 . 2009-02-19 23:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:03 . 2009-02-09 12:38 75664 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-24 14:26 . 2008-05-26 09:28 -------- d-----w- c:\programdata\Microsoft Help
2009-07-23 22:19 . 2008-05-26 09:57 -------- d-----w- c:\program files\Java
2009-07-22 20:08 . 2009-02-09 14:28 -------- d-----w- c:\users\Galdeano\AppData\Roaming\LimeWire
2009-07-22 20:08 . 2009-06-30 17:14 -------- d-----w- c:\users\Galdeano\AppData\Roaming\Azureus
2009-07-21 21:52 . 2009-07-30 22:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-30 22:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-30 22:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-30 22:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 10:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 18:21 . 2009-06-18 09:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-14 11:16 . 2009-06-14 18:06 680 ----a-w- c:\users\Galdeano\AppData\Local\d3d9caps.dat
2009-07-09 20:30 . 2009-07-09 20:30 1878984 ----a-w- c:\users\Galdeano\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-01 10:22 . 2009-03-22 15:53 -------- d-----w- c:\programdata\CanonIJPLM
2009-07-01 10:16 . 2009-04-11 13:17 -------- d-----w- c:\program files\Safari
2009-07-01 10:11 . 2009-07-01 10:10 -------- d-----w- c:\program files\iTunes
2009-07-01 10:10 . 2009-07-01 10:10 -------- d-----w- c:\program files\iPod
2009-07-01 10:10 . 2009-03-03 16:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-01 10:07 . 2009-07-01 10:06 -------- d-----w- c:\program files\QuickTime
2009-07-01 09:56 . 2009-07-01 09:56 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-30 17:15 . 2009-06-30 17:15 -------- d-----w- c:\programdata\Azureus
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\programdata\Messenger Plus!
2009-06-18 09:56 . 2009-06-18 09:56 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 13:04 . 2009-06-16 13:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-15 08:30 . 2009-06-15 08:30 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA78E.tmp.exe
2009-06-12 01:09 . 2008-05-26 09:05 -------- d-----w- c:\program files\Microsoft Works
2009-03-31 20:47 . 2009-06-18 09:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-07-15 08:09 2224152 ----a-w- c:\program files\Softonic_France_FF\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF\tbSoft.dll" [2009-07-15 2224152]
[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-23 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Galdeano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Galdeano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{63FC0E32-44A3-4668-9819-DA27EB62692A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1E6979A3-3BDF-4DD7-B94B-EC7DE0004C4A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{759D2343-1D58-47DE-ADB8-46C43FA825E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31BF0BE5-F768-4AD3-818A-204C2F878DC1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F7EDD56-E6C2-4F9D-9CC7-445678D6E318}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3351A1A5-4720-42F5-A517-A6597EEABCB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1C200367-AC15-4425-8497-434A015A20C8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19D1BD83-6606-4155-89BE-3F430C5DF4A9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0CFE5DE5-8944-48DF-84E9-813D448CBDE7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F3D8FB44-2BCA-4B29-B88F-8040E5F0520B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7DA5AC63-2CF2-4F26-AC8E-18D38077CAF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB36B454-B273-4206-AD5A-F6A093FFBA78}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{212856A8-99EF-4DE3-A7F2-610CC590D9D5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9CC6250B-416D-490B-B15C-30835FF153F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B06DA3C-A5E2-4EEA-B542-1BB8DA8AF7F6}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{9A3DFADF-ED25-4DFB-A142-5C597C6DC36A}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
"{8A013790-CE75-4360-AB83-8E300BA8FD33}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AB8E3F88-8B7F-4D59-84AB-DB67CFA6DF50}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19/07/2009 17:21 130936]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2009 11:26 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/05/2008 11:52 361808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [03/05/2008 14:39 42528]
S2 gupdate1c9abf7f7465800;Service Google Update (gupdate1c9abf7f7465800);c:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 22:42 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/05/2008 10:32 193840]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20/02/2009 01:30 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19/07/2009 17:21 348752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:41]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 20:42]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000Core.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1000UA.job
- c:\users\Galdeano\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 08:00]
2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424694559-391544997-3858417649-1002UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-03 08:00]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{50A94D73-4F1F-4EAA-81E9-A45AF48AF528}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{DF45F308-4470-4E68-890F-640EBF9D60A3}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\fr-FR\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Galdeano\AppData\Roaming\Mozilla\Firefox\Profiles\eymq5rs6.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 23:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP000000715A326BE0EBC629D0 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]
@DACL=(02 0000)
"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]
@DACL=(02 0000)
"FLAG"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]
@DACL=(02 0000)
"EnableKmixer"=hex:01,00,00,00
"KMixerDataInitialDelay"=hex:0d,00,00,00
"KMixerSpkpInitialDelay"=hex:0c,00,00,00
"MaxSampleValue"=hex:e8,03,00,00
"UnMuteTimerDuration"=hex:d0,07,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]
@DACL=(02 0000)
"1"="at+vcid=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]
@DACL=(02 0000)
"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,
77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05
"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,
00,00
"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,
2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,\
"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,
00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,\
"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,\
"FLAGS"=hex:02,07,00,08,08,00,00,00
"SPKR_MUTE_DELAY"=hex:2c,01
"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00
"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00
"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00
"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00
"PROPERTIES"=hex:ff,ff,ff,ff
"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"CSA_FLAGS"=hex:00,00,00,00
"DAAType"=hex:01
"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,
00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,\
"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,\
"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,
00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,\
"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,
00,08,00,00,00,04,00,00,00,00,00,00,00
"HwData"=hex:00,10,00,30,01,80,10,00
"DLG_PARAMS"=hex:01,00,00,00,00
"HANDSET_PARAMS"=hex:00,00,ff,ff,ff
"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff
"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00
"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00
"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00
"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00
"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a
"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,
00,00,30,75,b8,0b
"JCID_RING"=hex:32,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]
@DACL=(02 0000)
"Current"=hex:ff,00
"Previous"=hex:ff,00
"COPY_CTY"=hex:00,00,00,00
"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,
ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]
@DACL=(02 0000)
"Type"=hex:00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=";"
"SpeakerVolume_Low"="L1"
"SpeakerVolume_Med"="L2"
"SpeakerVolume_High"="L3"
"SpeakerMode_Off"="M0"
"SpeakerMode_Dial"="M1"
"SpeakerMode_On"="M2"
"SpeakerMode_Setup"="M3"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Soft"="+IFC=1,1;"
"Pulse"="P"
"Tone"="T"
"Blind_Off"="X4"
"Blind_On"="X3"
"CallSetupFailTimer"="S7=<#>"
"ErrorControl_On"="+ES=3,0,2;"
"ErrorControl_Off"="+ES=1,0,1;"
"ErrorControl_Forced"="+ES=3,2,4;"
"Compression_On"="+DS=3;+DS44=3;"
"Compression_Off"="+DS=0;+DS44=0;"
"InactivityTimeout"="S30=<#>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]
@DACL=(02 0000)
"QC_CONF"=hex:01,01,01,01
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1"="ATH<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="AT&F<cr>"
"3"="ATV1E0S0=0&D2&C1<cr>"
"4"="AT+CMEE=1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"FlowControl_Hard"="+IFC=2,2;"
"FlowControl_Off"="+IFC=0,0;"
"FlowControl_Soft"="+IFC=1,1;"
"CompatibilityFlags"=hex:01,00,00,00
"CallSetupFailTimer"="S7=<#>"
"DialPrefix"="D"
"DialSuffix"=";"
"Prefix"="AT"
"Terminator"="<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Answer]
@DACL=(02 0000)
"1"="ATA<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Clients]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Fax]
@DACL=(02 0000)
"CL1FCS"="2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Hangup]
@DACL=(02 0000)
"1"="ATHE1<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Init]
@DACL=(02 0000)
"1"="AT<cr>"
"2"="ATE0V1&D2&C1S0=0<cr>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Monitor]
@DACL=(02 0000)
"1"="ATS0=0<cr>"
"2"="None"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Settings]
@DACL=(02 0000)
"Prefix"="AT"
"Terminator"="<cr>"
"DialPrefix"="D"
"DialSuffix"=""
"Pulse"="P"
"Tone"="T"
"CallSetupFailTimer"="S7=<#>"
.
Completion time: 2009-08-10 23:05
ComboFix-quarantined-files.txt 2009-08-10 21:05
ComboFix2.txt 2009-08-10 20:46
Pre-Run: 78 511 185 920 octets libres
Post-Run: 78 468 538 368 octets libres
Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
493 --- E O F --- 2009-08-07 13:27
phk30
Messages postés
1030
Date d'inscription
dimanche 3 avril 2005
Statut
Membre
Dernière intervention
25 mars 2018
75
12 août 2009 à 00:00
12 août 2009 à 00:00
bonsoir est ce que j'ouvre une autre aide sur le forum svp merci à bientot