Virus JS:FakeAV-S [Trj]
Caro
-
Caro -
Caro -
Bonjour,
Depuis hier, alors que j'ai fait la betise d'ouvrir une vidéo d'une amie sur facebook, je me suis chopé un virus JS:FakeAV-S [Trj] qui ralenti ma connexion Internet et me redirige vers des pages pub lorsque je suis sur Internet.
Je suis sous Vista (mon ordi a une semaine!!) et j'ai Avast.
J'ai donc fait un scan complet, mis le virus en quarantaine puis supprimer les fichiers infectés.
Malheureusement le virus revient sans cesse!!!
En plus du scan Avast, j'ai fait SpyBot, MalwareBytes, CCleaner qui n'ont rien trouvé.
Je suis désespérée!!! Aidez-moi!!!
ps : sachant que les manip trop compliquées m'effraient un peu...
Merci d'avance pour tous vos précieux conseils.
Depuis hier, alors que j'ai fait la betise d'ouvrir une vidéo d'une amie sur facebook, je me suis chopé un virus JS:FakeAV-S [Trj] qui ralenti ma connexion Internet et me redirige vers des pages pub lorsque je suis sur Internet.
Je suis sous Vista (mon ordi a une semaine!!) et j'ai Avast.
J'ai donc fait un scan complet, mis le virus en quarantaine puis supprimer les fichiers infectés.
Malheureusement le virus revient sans cesse!!!
En plus du scan Avast, j'ai fait SpyBot, MalwareBytes, CCleaner qui n'ont rien trouvé.
Je suis désespérée!!! Aidez-moi!!!
ps : sachant que les manip trop compliquées m'effraient un peu...
Merci d'avance pour tous vos précieux conseils.
A voir également:
- Virus JS:FakeAV-S [Trj]
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
38 réponses
Juste une derniere chose pour vérifier.Je pense que tu es toujours infecté.
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil
* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...
Pour éviter leur réactivation après un redémarrage, décochez les dans les options de démarrage ->Msconfig
Si vous utilisez Spybot
Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!
Afficher d'abord le Mode Avancé dans Spybot
->Options Avancées :
- >menu Mode, Mode Avancé.
Une colonne de menus apparaît dans la partie gauche :
- >cliquer sur Outils,
- >cliquer sur Résident,
Dans Résident :
- >décocher Résident "TeaTimer" pour le désactiver.
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil
* Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...
Pour éviter leur réactivation après un redémarrage, décochez les dans les options de démarrage ->Msconfig
Si vous utilisez Spybot
Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!
Afficher d'abord le Mode Avancé dans Spybot
->Options Avancées :
- >menu Mode, Mode Avancé.
Une colonne de menus apparaît dans la partie gauche :
- >cliquer sur Outils,
- >cliquer sur Résident,
Dans Résident :
- >décocher Résident "TeaTimer" pour le désactiver.
Ok. Alors j'ai essayé sauf qu'il ne veut pas s'installer car il m'indique un message d'erreur (en anglais) "vous ne pouvez pas renommer conbofix par combofix[1], veuillez utiliser des caractères alphanumériques".
Que faire?
Que faire?
C'est l'infection qui le bloque.Renommes combofix en ccm et éxécute le en mode sans échec.
Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
Ok je vois comment démarrer en mode sans échec mais je n'ai pas bien compris comment faire pour :
- renommer combofix en ccm
- éxécuter combofix le en mode sans échec
(excuse-moi pour ma réponse tardive; je me faisais débloquer un torticolis... les galères continuent!)
Merci pour ta patience!
- renommer combofix en ccm
- éxécuter combofix le en mode sans échec
(excuse-moi pour ma réponse tardive; je me faisais débloquer un torticolis... les galères continuent!)
Merci pour ta patience!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Va dans le dossier de réception de tes téléchargement et tu va sur le logo combofix.Tu clic droite dessus et tu clic sur renommer.Maintenant tu le renommes ccm.exe
Ensuite tu redémarres en mode sans échec et tu clic sur le logo ccm.exe
Au final post le rapport.a+
Ensuite tu redémarres en mode sans échec et tu clic sur le logo ccm.exe
Au final post le rapport.a+
Voici le rapport :
ComboFix 09-08-27.02 - Caro 27/08/2009 23:12.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1934 [GMT 2:00]
Running from: c:\users\Caro\Downloads\ccm.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1806630246-3167636288-2817179115-500
c:\$recycle.bin\S-1-5-21-4118126451-3013633870-3493635313-500
c:\program files\DDnsFilter
c:\program files\DDnsFilter\ddnsfilter.dll
c:\windows\0101120101464854.xe
c:\windows\0101120101464857.xe
c:\windows\0101120101464950.xe
c:\windows\01011201014650120.xe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SfX
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-27 21:18 . 2009-08-27 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-17 11:39 . 2009-08-27 21:20 -------- d-----w- c:\users\Caro\Tracing
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-17 10:38 . 2009-08-27 21:20 -------- d-----w- c:\users\Caro\AppData\Local\Temp
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 21:15 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-27 21:15 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 23:20
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-27 23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 21:23
Pre-Run: 401 011 159 040 octets libres
Post-Run: 400 746 401 792 octets libres
332 --- E O F --- 2009-08-27 21:02
ComboFix 09-08-27.02 - Caro 27/08/2009 23:12.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1934 [GMT 2:00]
Running from: c:\users\Caro\Downloads\ccm.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1806630246-3167636288-2817179115-500
c:\$recycle.bin\S-1-5-21-4118126451-3013633870-3493635313-500
c:\program files\DDnsFilter
c:\program files\DDnsFilter\ddnsfilter.dll
c:\windows\0101120101464854.xe
c:\windows\0101120101464857.xe
c:\windows\0101120101464950.xe
c:\windows\01011201014650120.xe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SfX
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-27 21:18 . 2009-08-27 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-17 11:39 . 2009-08-27 21:20 -------- d-----w- c:\users\Caro\Tracing
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-17 10:38 . 2009-08-27 21:20 -------- d-----w- c:\users\Caro\AppData\Local\Temp
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 21:15 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-27 21:15 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 23:20
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-27 23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-27 21:23
Pre-Run: 401 011 159 040 octets libres
Post-Run: 400 746 401 792 octets libres
332 --- E O F --- 2009-08-27 21:02
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
" ddnsfilter"=-
* Copie le texte sélectionné ci-dessus (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement .
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)
comme ceci
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal
Ne touche à rien tant que le scan n'est pas terminé.
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu .
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
" ddnsfilter"=-
* Copie le texte sélectionné ci-dessus (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement .
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)
comme ceci
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal
Ne touche à rien tant que le scan n'est pas terminé.
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu .
Bonjour,
Une petite question : dois-je executer combofix (qui s'appelle désormais ccm.exe) avant de faire gliser le CFScript?
Une petite question : dois-je executer combofix (qui s'appelle désormais ccm.exe) avant de faire gliser le CFScript?
Voici le rapport (je n'ai pas eu à taper 1 to continue, il ne me la pas proposer) :
ComboFix 09-08-27.02 - Caro 28/08/2009 12:13.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1756 [GMT 2:00]
Running from: c:\users\Caro\Downloads\ccm.exe
Command switches used :: c:\users\Caro\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-28 10:18 . 2009-08-28 10:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-28 10:18 . 2009-08-28 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-17 11:39 . 2009-08-28 09:08 -------- d-----w- c:\users\Caro\Tracing
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-17 10:38 . 2009-08-28 10:19 -------- d-----w- c:\users\Caro\AppData\Local\Temp
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 09:14 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-28 09:14 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_21.20.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-08-28 09:09 38506 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-28 09:09 69904 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-17 10:37 . 2009-08-28 10:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-17 10:37 . 2009-08-28 10:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-17 10:37 . 2009-08-28 10:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 10:40 . 2009-08-28 09:09 6716 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118126451-3013633870-3493635313-1000_UserData.bin
+ 2009-08-28 09:07 . 2009-08-28 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-28 09:07 . 2009-08-28 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-08-28 09:14 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-28 09:14 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2009-08-27 21:28 302768 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-08-19 09:59 302768 c:\windows\System32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 12:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-08-28 12:20
ComboFix-quarantined-files.txt 2009-08-28 10:20
ComboFix2.txt 2009-08-27 21:24
Pre-Run: 399 623 925 760 octets libres
Post-Run: 399 592 411 136 octets libres
318 --- E O F --- 2009-08-27 21:02
ComboFix 09-08-27.02 - Caro 28/08/2009 12:13.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1756 [GMT 2:00]
Running from: c:\users\Caro\Downloads\ccm.exe
Command switches used :: c:\users\Caro\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-28 10:18 . 2009-08-28 10:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-28 10:18 . 2009-08-28 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-17 11:39 . 2009-08-28 09:08 -------- d-----w- c:\users\Caro\Tracing
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-17 10:38 . 2009-08-28 10:19 -------- d-----w- c:\users\Caro\AppData\Local\Temp
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 09:14 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-28 09:14 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_21.20.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-08-28 09:09 38506 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-28 09:09 69904 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-17 10:37 . 2009-08-28 10:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-17 10:37 . 2009-08-28 10:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-17 10:37 . 2009-08-28 10:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 10:40 . 2009-08-28 09:09 6716 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118126451-3013633870-3493635313-1000_UserData.bin
+ 2009-08-28 09:07 . 2009-08-28 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-28 09:07 . 2009-08-28 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-08-28 09:14 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-28 09:14 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2009-08-27 21:28 302768 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-08-19 09:59 302768 c:\windows\System32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 12:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-08-28 12:20
ComboFix-quarantined-files.txt 2009-08-28 10:20
ComboFix2.txt 2009-08-27 21:24
Pre-Run: 399 623 925 760 octets libres
Post-Run: 399 592 411 136 octets libres
318 --- E O F --- 2009-08-27 21:02
Refait combofix mais cette fois ci avec ce nouveau script.
Driver::
ddnsfilter
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"ddnsfilter"=-
Driver::
ddnsfilter
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"ddnsfilter"=-
Voici le rapport :
ComboFix 09-08-27.02 - Caro 28/08/2009 13:29.3.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1901 [GMT 2:00]
Running from: c:\users\Caro\Downloads\ccm.exe
Command switches used :: c:\users\Caro\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-28 11:34 . 2009-08-28 11:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-28 11:34 . 2009-08-28 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-17 11:39 . 2009-08-28 10:22 -------- d-----w- c:\users\Caro\Tracing
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 10:27 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-28 10:27 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_21.20.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-08-28 10:23 38514 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-28 10:24 70000 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-17 10:37 . 2009-08-28 11:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-17 10:37 . 2009-08-28 11:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-17 10:37 . 2009-08-28 11:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 10:40 . 2009-08-28 10:24 6732 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118126451-3013633870-3493635313-1000_UserData.bin
+ 2009-08-28 10:22 . 2009-08-28 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-28 10:22 . 2009-08-28 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-08-28 10:27 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-28 10:27 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2009-08-27 21:28 302768 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-08-19 09:59 302768 c:\windows\System32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 13:34
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-08-28 13:36
ComboFix-quarantined-files.txt 2009-08-28 11:36
ComboFix2.txt 2009-08-28 10:20
ComboFix3.txt 2009-08-27 21:24
Pre-Run: 399 516 057 600 octets libres
Post-Run: 399 488 106 496 octets libres
316 --- E O F --- 2009-08-27 21:02
ComboFix 09-08-27.02 - Caro 28/08/2009 13:29.3.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2972.1901 [GMT 2:00]
Running from: c:\users\Caro\Downloads\ccm.exe
Command switches used :: c:\users\Caro\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-28 11:34 . 2009-08-28 11:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-28 11:34 . 2009-08-28 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-27 14:15 . 2009-08-27 14:39 -------- d-----w- c:\users\Caro\DoctorWeb
2009-08-27 13:00 . 2009-08-27 13:00 -------- d-----w- C:\Genproc
2009-08-27 12:08 . 2009-08-27 12:08 -------- d-----w- C:\_OTM
2009-08-27 11:55 . 2009-08-27 13:37 -------- d-----w- c:\program files\trend micro
2009-08-27 11:55 . 2009-08-27 11:55 -------- d-----w- C:\rsit
2009-08-27 10:46 . 2009-08-27 13:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-27 10:08 . 2009-08-27 10:11 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\users\Caro\AppData\Roaming\Yahoo!
2009-08-27 10:08 . 2009-08-27 10:08 -------- d-----w- c:\program files\Yahoo!
2009-08-26 21:46 . 2009-08-26 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-08-26 21:46 . 2009-08-26 21:46 -------- d-----w- c:\users\Caro\AppData\Local\Mozilla
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\users\Caro\AppData\Roaming\Malwarebytes
2009-08-26 15:27 . 2009-08-26 15:27 -------- d-----w- c:\programdata\Malwarebytes
2009-08-26 13:01 . 2009-08-26 13:09 6176 ----a-w- c:\windows\ex1234.dat
2009-08-26 12:52 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 12:42 . 2009-08-26 12:42 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-26 12:41 . 2009-08-26 12:41 1 ---h--w- c:\windows\ex23567.dat
2009-08-26 09:49 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 09:49 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 13:01 . 2009-08-24 13:01 -------- d-----w- c:\program files\Canal+
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\users\Caro\AppData\Local\Downloaded Installations
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-24 12:59 . 2009-08-24 12:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 00:14 . 2009-08-19 00:14 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-19 00:04 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-19 00:04 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-19 00:04 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-19 00:04 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-19 00:04 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-19 00:04 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 23:59 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 23:59 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 23:59 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 23:59 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-18 23:59 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-17 12:08 . 2009-08-17 12:08 -------- d-----w- c:\program files\Audacity
2009-08-17 12:08 . 2009-08-27 18:15 680 ----a-w- c:\users\Caro\AppData\Local\d3d9caps.dat
2009-08-17 12:00 . 2009-08-24 21:54 -------- d-----w- c:\users\Caro\AppData\Roaming\vlc
2009-08-17 11:59 . 2009-08-17 11:59 -------- d-----w- c:\program files\VideoLAN
2009-08-17 11:58 . 2009-08-17 11:58 -------- d-----w- c:\program files\uTorrent
2009-08-17 11:57 . 2009-08-26 16:14 -------- d-----w- c:\users\Caro\AppData\Roaming\uTorrent
2009-08-17 11:48 . 2009-08-17 11:48 1961720 ----a-w- c:\users\Caro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-17 11:39 . 2009-08-28 10:22 -------- d-----w- c:\users\Caro\Tracing
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Roaming\Apple Computer
2009-08-17 11:33 . 2009-08-17 11:33 -------- d-----w- c:\users\Caro\AppData\Local\Apple Computer
2009-08-17 11:32 . 2009-08-17 11:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 11:32 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-17 11:32 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\iPod
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-17 11:31 . 2009-08-17 11:32 -------- d-----w- c:\program files\iTunes
2009-08-17 11:31 . 2009-08-17 11:31 -------- d-----w- c:\program files\Bonjour
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\QuickTime
2009-08-17 11:30 . 2009-08-17 11:31 -------- d-----w- c:\programdata\Apple Computer
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\users\Caro\AppData\Local\Apple
2009-08-17 11:29 . 2009-08-17 11:29 -------- d-----w- c:\program files\Apple Software Update
2009-08-17 11:28 . 2009-08-17 11:31 -------- d-----w- c:\program files\Common Files\Apple
2009-08-17 11:28 . 2009-08-17 11:28 -------- d-----w- c:\programdata\Apple
2009-08-17 11:05 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 11:05 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 11:05 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 11:05 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 11:05 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 11:05 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 11:05 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 11:05 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-17 11:05 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-17 11:05 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-17 11:05 . 2009-08-17 11:05 -------- d-----w- c:\program files\Alwil Software
2009-08-17 10:51 . 2009-08-17 11:52 -------- d-----w- c:\users\Caro\AppData\Local\Adobe
2009-08-17 10:48 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-17 10:47 . 2009-08-17 10:47 -------- d-----w- c:\users\Caro\AppData\Roaming\Nero
2009-08-17 10:45 . 2009-08-17 10:39 -------- d-----w- c:\users\Caro\AppData\Local\Google
2009-08-17 10:45 . 2009-08-17 10:58 71400 ----a-w- c:\users\Caro\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-17 10:45 . 2009-08-17 10:52 -------- d-----w- c:\users\Caro\AppData\Local\Packard Bell
2009-08-17 10:45 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-08-17 10:45 . 2009-08-17 12:00 -------- d-----w- c:\users\Caro\AppData\Local\VirtualStore
2009-08-17 10:44 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-17 10:44 . 2009-08-17 10:44 -------- d-----w- c:\programdata\FLEXnet
2009-08-17 10:40 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-17 10:40 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-17 10:40 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-17 10:40 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage réseau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Voisinage d'impression
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Mes documents
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\users\Default\AppData\Local\Historique
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Favoris
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Bureau
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\program files\Fichiers communs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 10:27 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-28 10:27 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-19 00:22 . 2009-01-08 12:19 -------- d-----w- c:\program files\Microsoft Works
2009-08-19 00:20 . 2009-01-08 12:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-17 17:08 . 2009-01-08 12:38 -------- d-----w- c:\programdata\Norton
2009-08-17 10:55 . 2009-08-17 10:39 -------- d-----w- c:\program files\EasyBits For Kids
2009-08-17 10:54 . 2009-01-08 12:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 10:46 . 2009-08-17 10:46 0 ----a-w- c:\users\Caro\AppData\Roaming\wklnhst.dat
2009-08-17 10:39 . 2009-08-17 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-17 10:39 . 2009-08-17 10:39 8164 ----a-w- c:\windows\system32\ezdigsgn.dat
2009-08-17 10:39 . 2009-01-08 19:49 -------- d-----w- c:\program files\PACKARD BELL
2009-08-17 10:39 . 2009-08-17 10:39 91136 ----a-w- c:\windows\system32\ezUninst.exe
2009-08-17 10:39 . 2009-08-17 10:39 49152 ----a-w- c:\windows\system32\ezUPBHook.dll
2009-08-17 10:39 . 2009-08-17 10:39 268288 ----a-w- c:\windows\system32\ezSetup.exe
2009-08-17 10:39 . 2009-08-17 10:39 15872 ----a-w- c:\windows\system32\ezMAPIHelper.exe
2009-08-17 10:39 . 2009-08-17 10:39 111104 ----a-w- c:\windows\system32\ezShellStart.exe
2009-08-17 10:39 . 2009-01-08 12:24 -------- d-----w- c:\program files\Google
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Modèles
2009-08-17 10:35 . 2009-08-17 10:35 -------- d-sh--we c:\programdata\Menu Démarrer
2009-07-18 16:06 . 2009-08-17 10:49 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-17 10:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-17 10:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-17 10:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-17 10:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-17 10:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-17 10:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-17 10:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 12:22 . 2009-07-13 12:22 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-06-15 18:20 . 2009-08-17 10:49 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:24 . 2009-08-17 10:49 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:24 . 2009-08-17 10:48 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-17 10:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:24 . 2009-08-17 10:49 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:23 . 2009-08-17 10:49 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:22 . 2009-08-17 10:49 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:21 . 2009-08-17 10:49 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 15:20 . 2009-08-17 10:48 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-17 10:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:57 . 2009-08-17 10:49 9728 ----a-w- c:\windows\system32\lsass.exe
2009-06-15 12:52 . 2009-08-17 10:48 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:12 . 2009-08-17 10:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-17 10:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-04 12:34 . 2009-08-17 10:48 2066432 ----a-w- c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-27_21.20.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-08-28 10:23 38514 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-28 10:24 70000 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-17 10:37 . 2009-08-28 11:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-17 10:37 . 2009-08-28 11:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-17 10:37 . 2009-08-28 11:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-17 10:37 . 2009-08-27 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-17 10:40 . 2009-08-28 10:24 6732 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4118126451-3013633870-3493635313-1000_UserData.bin
+ 2009-08-28 10:22 . 2009-08-28 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-28 10:22 . 2009-08-28 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-08-28 10:27 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-27 21:15 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-28 10:27 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2009-08-27 21:28 302768 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-08-19 09:59 302768 c:\windows\System32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-04 6265376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C69EB4D-6CCC-4143-9515-6F048F75216F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B1185102-107C-4A99-A17A-E69768D55422}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8FDBDFE5-3312-418E-9688-C61655939FFA}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{9BEC27CC-BB2B-4A12-BCBF-1C5648C0EE3E}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{EEFB39D2-1407-43FE-AE18-7729BA4597CD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{7E04D29C-164F-4A0E-BF0C-59279AC24487}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{27E29551-7837-4519-A8CB-13AE0984C8E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1E9B3B60-1A7D-49E3-8CF3-E16A6AA0B5C8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{546A28EE-725C-480A-B9CD-94DFE4F63B2C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2A26D1F9-108C-4465-98F2-2727A534BBF6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BDB77D71-AED9-4ECE-8743-EBC0B6E57986}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0A78AEB5-6748-4427-B3FF-976E85A537D8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3C246F5B-E7A9-4297-999B-3EB29458882D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/08/2009 13:05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/08/2009 13:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 13:05 53328]
R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [06/06/2009 10:20 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [08/01/2009 21:47 418816]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 14:24 30192]
S3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [08/01/2009 21:47 3658752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
FF - ProfilePath - c:\users\Caro\AppData\Roaming\Mozilla\Firefox\Profiles\9ywea6i5.default\
FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 13:34
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-08-28 13:36
ComboFix-quarantined-files.txt 2009-08-28 11:36
ComboFix2.txt 2009-08-28 10:20
ComboFix3.txt 2009-08-27 21:24
Pre-Run: 399 516 057 600 octets libres
Post-Run: 399 488 106 496 octets libres
316 --- E O F --- 2009-08-27 21:02
Ma connexion est revenue à la normale, je n'ai plus de pages de pub et aucun virus ne revient.
Voici le LOG rsit :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Caro at 2009-08-28 14:14:51
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 381 GB (82%) free of 464 GB
Total RAM: 2972 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:00, on 28/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Caro\Desktop\RSIT.exe
C:\Program Files\trend micro\Caro.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
Voici le LOG rsit :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Caro at 2009-08-28 14:14:51
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 381 GB (82%) free of 464 GB
Total RAM: 2972 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:00, on 28/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Caro\Desktop\RSIT.exe
C:\Program Files\trend micro\Caro.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vp32&d=0609&m=easynote_mh36
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
Voici le rapport ToolsCleaner :
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Genproc\Genproc.exe: trouvé !
C:\Genproc\outil\hijackthis.log: trouvé !
C:\Genproc\outil\mbr.exe: trouvé !
C:\Genproc\Page\GenProc[*].html: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\Caro\Desktop\Rsit.exe: trouvé !
---------------------------------
--> Suppression:
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Genproc\Genproc.exe: supprimé !
C:\Genproc\outil\hijackthis.log: supprimé !
C:\Genproc\outil\mbr.exe: supprimé !
C:\Genproc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\Caro\Desktop\Rsit.exe: supprimé !
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Restauration annulée !
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Genproc\Genproc.exe: trouvé !
C:\Genproc\outil\hijackthis.log: trouvé !
C:\Genproc\outil\mbr.exe: trouvé !
C:\Genproc\Page\GenProc[*].html: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\Caro\Desktop\Rsit.exe: trouvé !
---------------------------------
--> Suppression:
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Genproc\Genproc.exe: supprimé !
C:\Genproc\outil\hijackthis.log: supprimé !
C:\Genproc\outil\mbr.exe: supprimé !
C:\Genproc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\Caro\Desktop\Rsit.exe: supprimé !
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Restauration annulée !
