Virus JS:FakeAV-S [Trj] - Page 2

Précédent
  • 1
  • 2
  1. Utilisateur anonyme
     
    Juste une derniere chose pour vérifier.Je pense que tu es toujours infecté.
    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    /!\ Désactive tous tes logiciels de protection /!\

    • Télécharge combofix(de sUBs) sur ton Bureau.
    • Double-clique sur ComboFix.exe afin de le lancer.
    • Il va te demander d'installer la console de récupération : accepte.
    • Ne touche à rien pendant le scan.
    • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil
    * Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...
    Pour éviter leur réactivation après un redémarrage, décochez les dans les options de démarrage ->Msconfig
    Si vous utilisez Spybot
    Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!
    Afficher d'abord le Mode Avancé dans Spybot
    ->Options Avancées :
    - >menu Mode, Mode Avancé.
    Une colonne de menus apparaît dans la partie gauche :
    - >cliquer sur Outils,
    - >cliquer sur Résident,
    Dans Résident :
    - >décocher Résident "TeaTimer" pour le désactiver.

    0
  2. Caro
     
    Ok. Alors j'ai essayé sauf qu'il ne veut pas s'installer car il m'indique un message d'erreur (en anglais) "vous ne pouvez pas renommer conbofix par combofix[1], veuillez utiliser des caractères alphanumériques".

    Que faire?
    0
  3. Utilisateur anonyme
     
    C'est l'infection qui le bloque.Renommes combofix en ccm et éxécute le en mode sans échec.
    Redémarre en mode sans échec
    (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
    Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

    0
  4. Caro
     
    Ok je vois comment démarrer en mode sans échec mais je n'ai pas bien compris comment faire pour :
    - renommer combofix en ccm
    - éxécuter combofix le en mode sans échec

    (excuse-moi pour ma réponse tardive; je me faisais débloquer un torticolis... les galères continuent!)

    Merci pour ta patience!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Va dans le dossier de réception de tes téléchargement et tu va sur le logo combofix.Tu clic droite dessus et tu clic sur renommer.Maintenant tu le renommes ccm.exe
    Ensuite tu redémarres en mode sans échec et tu clic sur le logo ccm.exe
    Au final post le rapport.a+
    0
  7. Caro
     
    Voici le rapport :

    ComboFix 09-08-27.02 - Caro 27/08/2009 23:12.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1934 [GMT 2:00]
    Running from: c:\users\Caro\Downloads\ccm.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1806630246-3167636288-2817179115-500
    c:\$recycle.bin\S-1-5-21-4118126451-3013633870-3493635313-500
    c:\program files\DDnsFilter
    c:\program files\DDnsFilter\ddnsfilter.dll
    c:\windows\0101120101464854.xe
    c:\windows\0101120101464857.xe
    c:\windows\0101120101464950.xe
    c:\windows\01011201014650120.xe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SfX

    ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
    .

    2009-08-27 21:18 . 2009-08-27 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
    2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
    2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
    2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
    2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
    2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
    2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
    2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
    2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
    2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
    2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
    2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
    2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
    2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
    2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
    2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
    2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
    2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
    2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
    2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
    2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
    2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
    2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
    2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
    2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
    2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
    2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-08-17 11:39 . 2009-08-27 21:20 -------- d-----w- c:\users\Caro\Tracing
    2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
    2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
    2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
    2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
    2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
    2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
    2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
    2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
    2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
    2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
    2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
    2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
    2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
    2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
    2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
    2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
    2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
    2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
    2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
    2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
    2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
    2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
    2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
    2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
    2009-08-17 10:38 . 2009-08-27 21:20 -------- d-----w- c:\users\Caro\AppData\Local\Temp
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-27 21:15 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-27 21:15 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
    2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
    2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
    2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
    2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
    2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
    2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
    2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
    2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
    2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
    2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
    2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
    2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
    2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
    2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
    2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
    2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
    2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
    2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
    "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
    R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
    S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    ddnsfilter REG_MULTI_SZ ddnsfilter

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe
    HKLM-Run-eRecoveryService - (no file)

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
    FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-27 23:20
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\System32\IoctlSvc.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\windows\System32\igfxsrvc.exe
    c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\System32\wbem\WMIADAP.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-27 23:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-27 21:23

    Pre-Run: 401 011 159 040 octets libres
    Post-Run: 400 746 401 792 octets libres

    332 --- E O F --- 2009-08-27 21:02
    0
  8. Utilisateur anonyme
     
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    " ddnsfilter"=-

    * Copie le texte sélectionné ci-dessus (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement .

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)
    comme ceci
    * Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.

    * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal

    Ne touche à rien tant que le scan n'est pas terminé.

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu .

    0
  9. Caro
     
    Bonjour,

    Une petite question : dois-je executer combofix (qui s'appelle désormais ccm.exe) avant de faire gliser le CFScript?
    0
  10. Utilisateur anonyme
     
    Tres bonne question:)
    Pour toi se seras ccm.exe puisque tu la renommé
    0
  11. Caro
     
    Donc je l'execute avant de faire glisser CFScipt?
    0
  12. Utilisateur anonyme
     
    Le fait de faire glisser le script vers combofix le programme s'éxécute automatiquement.
    0
  13. Caro
     
    Voici le rapport (je n'ai pas eu à taper 1 to continue, il ne me la pas proposer) :

    ComboFix 09-08-27.02 - Caro 28/08/2009 12:13.2.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1756 [GMT 2:00]
    Running from: c:\users\Caro\Downloads\ccm.exe
    Command switches used :: c:\users\Caro\Downloads\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
    .

    2009-08-28 10:18 . 2009-08-28 10:18 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-08-28 10:18 . 2009-08-28 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
    2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
    2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
    2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
    2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
    2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
    2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
    2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
    2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
    2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
    2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
    2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
    2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
    2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
    2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
    2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
    2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
    2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
    2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
    2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
    2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
    2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
    2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
    2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
    2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
    2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
    2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-08-17 11:39 . 2009-08-28 09:08 -------- d-----w- c:\users\Caro\Tracing
    2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
    2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
    2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
    2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
    2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
    2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
    2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
    2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
    2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
    2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
    2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
    2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
    2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
    2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
    2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
    2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
    2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
    2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
    2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
    2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
    2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
    2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
    2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
    2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
    2009-08-17 10:38 . 2009-08-28 10:19 -------- d-----w- c:\users\Caro\AppData\Local\Temp
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-28 09:14 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-28 09:14 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
    2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
    2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
    2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
    2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
    2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
    2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
    2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
    2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
    2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
    2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
    2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
    2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
    2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
    2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
    2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
    2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
    2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
    2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-27_21.20.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-08-28 09:09 38506 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-08-28 09:09 69904 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-08-17 10:37 . 2009-08-28 10:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-08-17 10:37 . 2009-08-28 10:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-08-17 10:37 . 2009-08-27 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-08-17 10:37 . 2009-08-28 10:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-08-17 10:40 . 2009-08-28 09:09 6716 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118126451-3013633870-3493635313-1000_UserData.bin
    + 2009-08-28 09:07 . 2009-08-28 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-08-28 09:07 . 2009-08-28 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-08-28 09:14 587178 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-08-27 21:15 587178 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-08-27 21:15 101250 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-08-28 09:14 101250 c:\windows\System32\perfc009.dat
    + 2006-11-02 12:47 . 2009-08-27 21:28 302768 c:\windows\System32\FNTCACHE.DAT
    - 2006-11-02 12:47 . 2009-08-19 09:59 302768 c:\windows\System32\FNTCACHE.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
    "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
    R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
    S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
    S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    ddnsfilter REG_MULTI_SZ ddnsfilter

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
    FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-28 12:19
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    Completion time: 2009-08-28 12:20
    ComboFix-quarantined-files.txt 2009-08-28 10:20
    ComboFix2.txt 2009-08-27 21:24

    Pre-Run: 399 623 925 760 octets libres
    Post-Run: 399 592 411 136 octets libres

    318 --- E O F --- 2009-08-27 21:02
    0
  14. Utilisateur anonyme
     
    Refait combofix mais cette fois ci avec ce nouveau script.

    Driver::
    ddnsfilter

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    "ddnsfilter"=-
    0
  15. Caro
     
    Voici le rapport :

    ComboFix 09-08-27.02 - Caro 28/08/2009 13:29.3.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1901 [GMT 2:00]
    Running from: c:\users\Caro\Downloads\ccm.exe
    Command switches used :: c:\users\Caro\Downloads\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
    .

    2009-08-28 11:34 . 2009-08-28 11:34 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-08-28 11:34 . 2009-08-28 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
    2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
    2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
    2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
    2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
    2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
    2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
    2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
    2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
    2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
    2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
    2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
    2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
    2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
    2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
    2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
    2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
    2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
    2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
    2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
    2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
    2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
    2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
    2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
    2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
    2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
    2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
    2009-08-17 11:39 . 2009-08-28 10:22 -------- d-----w- c:\users\Caro\Tracing
    2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
    2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
    2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
    2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
    2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
    2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
    2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
    2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
    2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
    2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
    2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
    2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
    2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
    2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
    2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
    2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
    2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
    2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
    2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
    2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
    2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
    2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
    2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
    2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
    2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-28 10:27 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-28 10:27 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
    2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
    2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
    2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
    2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
    2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
    2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
    2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
    2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
    2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
    2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
    2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
    2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
    2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
    2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
    2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
    2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
    2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
    2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
    2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-27_21.20.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-08-28 10:23 38514 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-08-28 10:24 70000 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-08-17 10:37 . 2009-08-28 11:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-08-17 10:37 . 2009-08-28 11:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-08-17 10:37 . 2009-08-27 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-08-17 10:37 . 2009-08-28 11:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-08-17 10:40 . 2009-08-28 10:24 6732 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118126451-3013633870-3493635313-1000_UserData.bin
    + 2009-08-28 10:22 . 2009-08-28 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-08-28 10:22 . 2009-08-28 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-08-28 10:27 587178 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-08-27 21:15 587178 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-08-27 21:15 101250 c:\windows\System32\perfc009.dat
    + 2006-11-02 10:33 . 2009-08-28 10:27 101250 c:\windows\System32\perfc009.dat
    + 2006-11-02 12:47 . 2009-08-27 21:28 302768 c:\windows\System32\FNTCACHE.DAT
    - 2006-11-02 12:47 . 2009-08-19 09:59 302768 c:\windows\System32\FNTCACHE.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
    "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
    R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
    R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
    S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
    S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
    FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-28 13:34
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    Completion time: 2009-08-28 13:36
    ComboFix-quarantined-files.txt 2009-08-28 11:36
    ComboFix2.txt 2009-08-28 10:20
    ComboFix3.txt 2009-08-27 21:24

    Pre-Run: 399 516 057 600 octets libres
    Post-Run: 399 488 106 496 octets libres

    316 --- E O F --- 2009-08-27 21:02
    0
  16. Utilisateur anonyme
     
    comment se comporte ton pc.?
    Post un nouveau rapport rsit.
    0
  17. Caro
     
    Ma connexion est revenue à la normale, je n'ai plus de pages de pub et aucun virus ne revient.

    Voici le LOG rsit :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Caro at 2009-08-28 14:14:51
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 381 GB (82%) free of 464 GB
    Total RAM: 2972 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:15:00, on 28/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Framework.NotificationCenter.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Caro\Desktop\RSIT.exe
    C:\Program Files\trend micro\Caro.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    0
  18. Caro
     
    Voici le rapport ToolsCleaner :

    [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\GenProc: trouvé !
    C:\Qoobox: trouvé !
    C:\_OTM: trouvé !
    C:\Rsit: trouvé !
    C:\Genproc\Genproc.exe: trouvé !
    C:\Genproc\outil\hijackthis.log: trouvé !
    C:\Genproc\outil\mbr.exe: trouvé !
    C:\Genproc\Page\GenProc[*].html: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !
    C:\Qoobox\Quarantine\catchme.log: trouvé !
    C:\Users\Caro\Desktop\Rsit.exe: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Program Files\trend micro\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\Genproc\Genproc.exe: supprimé !
    C:\Genproc\outil\hijackthis.log: supprimé !
    C:\Genproc\outil\mbr.exe: supprimé !
    C:\Genproc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
    C:\Program Files\trend micro\hijackthis.log: supprimé !
    C:\Qoobox\Quarantine\catchme.log: supprimé !
    C:\Users\Caro\Desktop\Rsit.exe: supprimé !
    C:\GenProc: supprimé !
    C:\Qoobox: supprimé !
    C:\_OTM: supprimé !
    C:\Rsit: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    Restauration annulée !
    0
  19. Caro
     
    C'est bon j'ai fais les mises à jour, désactiver/reactiver le système.
    Il y a juste SP2 que je n'ai pas pu installer mais sinon tout marche!

    Un grand merci pour ton aide ultra précieuse et patience!
    0
Précédent
  • 1
  • 2