Plus aucun accès aux sites d'antivirus
Résolu/Fermé
A voir également:
- Plus aucun accès aux sites d'antivirus
- Sites de téléchargement - Accueil - Outils
- Pourquoi google me bloque l'accès de certain sites ? - Guide
- Sites de vente d'occasion - Guide
- Acces rapide - Guide
- Comodo antivirus - Télécharger - Sécurité
31 réponses
Utilisateur anonyme
8 sept. 2009 à 00:35
8 sept. 2009 à 00:35
Hello ,
Copie le texte ci-dessous :
Driver::
gaailca
NetSvc::
gaailca
File::
c:\windows\system32\hsyos.dll
Folder::
c:\program files\Winamp Toolbar
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\documents and settings\All Users\Application Data\Winamp Toolbar
Registry::
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt .
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Copie le texte ci-dessous :
Driver::
gaailca
NetSvc::
gaailca
File::
c:\windows\system32\hsyos.dll
Folder::
c:\program files\Winamp Toolbar
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\documents and settings\All Users\Application Data\Winamp Toolbar
Registry::
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt .
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
7 sept. 2009 à 22:32
7 sept. 2009 à 22:32
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
7 sept. 2009 à 22:58
7 sept. 2009 à 22:58
non
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ok voici le rapport.
Rapport GenProc 2.623 [2] - 07/09/2009 à 23:13:24
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]
~~ CM DISK ERROR ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:34, on 07/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Nino Cioli_GenProc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Rapport GenProc 2.623 [2] - 07/09/2009 à 23:13:24
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]
~~ CM DISK ERROR ~~
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:34, on 07/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Nino Cioli_GenProc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
7 sept. 2009 à 23:22
7 sept. 2009 à 23:22
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
OK c'est fait. Voici le résultat.
ComboFix 09-09-06.06 - Nino Cioli 07/09/2009 23:30.3.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.586 [GMT 2:00]
Running from: c:\documents and settings\Nino Cioli\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.
2009-09-07 20:58 . 2009-09-07 21:13 -------- d-----w- C:\GenProc
2009-09-04 15:51 . 2009-09-04 15:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 15:50 . 2009-09-04 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 15:50 . 2009-09-04 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:01 . 2009-09-07 14:55 -------- d-----w- C:\FindyKill
2009-09-03 22:55 . 2009-09-03 22:57 -------- d-----w- c:\windows\avxoscan
2009-09-03 22:51 . 2009-09-03 22:51 -------- d-----w- c:\windows\BDOSCAN8
2009-09-03 22:49 . 2009-09-03 22:49 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Winamp Toolbar
2009-09-03 11:59 . 2009-09-04 10:14 -------- d-----w- c:\program files\C4U
2009-09-03 11:59 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
2009-09-03 11:59 . 2009-09-03 11:59 -------- d-----w- c:\documents and settings\Nino Cioli\WINDOWS
2009-08-31 16:44 . 2009-08-31 16:44 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\dvdcss
2009-08-31 16:44 . 2009-09-01 14:12 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\vlc
2009-08-31 16:43 . 2009-08-31 16:43 -------- d-----w- c:\program files\VideoLAN
2009-08-21 08:43 . 2009-08-21 08:43 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 21:13 . 2009-05-12 21:31 76482 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-07 21:13 . 2009-05-12 21:31 468608 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-07 13:28 . 2009-09-07 13:23 -------- d-----w- c:\program files\SpywareGuard
2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-08-31 16:28 . 2009-07-28 21:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Winamp
2009-08-27 09:46 . 2009-05-12 20:49 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-07 13:13 . 2009-08-07 13:01 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Apple Computer
2009-08-07 13:03 . 2009-08-07 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iTunes
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iPod
2009-08-07 13:00 . 2009-08-07 12:58 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\Bonjour
2009-08-07 13:00 . 2009-08-07 12:59 -------- d-----w- c:\program files\QuickTime
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\program files\Apple Software Update
2009-07-31 19:15 . 2009-07-31 19:15 -------- d-----w- c:\program files\MSXML 4.0
2009-07-31 17:26 . 2009-07-31 17:25 -------- d-----w- c:\program files\ZC2.10
2009-07-29 10:41 . 2009-07-28 13:57 -------- d-----w- c:\program files\lg_fwupdate
2009-07-28 21:53 . 2009-07-28 21:51 -------- d-----w- c:\program files\Winamp
2009-07-28 21:52 . 2009-07-28 21:52 -------- d-----w- c:\program files\Winamp Toolbar
2009-07-28 21:52 . 2009-07-28 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-07-28 14:01 . 2009-05-12 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 14:00 . 2009-07-28 13:45 -------- d-----w- c:\program files\CyberLink
2009-07-28 13:59 . 2009-07-28 13:54 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\program files\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-28 13:48 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-28 13:46 . 2009-07-28 13:46 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\CyberLink
2009-07-28 13:44 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-27 14:19 . 2009-07-27 14:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-09 10:16 . 2009-08-07 12:59 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-08-07 12:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-29 15:57 . 2009-05-12 21:31 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2009-05-12 21:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2009-05-12 21:31 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2009-05-12 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2009-05-12 21:31 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-03-21 14:07 . 2009-05-12 21:31 170505 --sha-r- c:\windows\system32\hsyos.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-04_15.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 21:31 . 2009-09-07 21:13 62934 c:\windows\system32\perfc009.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 62934 c:\windows\system32\perfc009.dat
+ 2009-09-04 16:31 . 2009-09-04 16:31 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-09-07 14:30 . 2009-09-07 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 401272 c:\windows\system32\perfh009.dat
+ 2009-05-12 21:31 . 2009-09-07 21:13 401272 c:\windows\system32\perfh009.dat
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-09-04 16:31 . 2009-09-04 16:31 1232896 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-09-07 14:30 . 2009-09-07 14:30 1232896 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 15:39 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2009-03-10 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-04-07 210216]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-27 17881088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nino Cioli\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-12 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2432:TCP"= 2432:TCP:yxavcvq
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/05/2009 22:58 55152]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [28/02/2008 17:39 53032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [12/05/2009 22:08 10752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 03:59 38912]
S2 gaailca;Driver Support;c:\windows\system32\svchost.exe -k netsvcs [12/05/2009 23:31 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/05/2009 22:04 1684736]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/05/2009 22:06 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/05/2009 23:14 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 07:47 39040]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gaailca
.
Contents of the 'Scheduled Tasks' folder
2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Nino Cioli\Application Data\Mozilla\Firefox\Profiles\l3r2ppwg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 23:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaailca]
"ServiceDll"="c:\windows\system32\hsyos.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-09-07 23:37
ComboFix-quarantined-files.txt 2009-09-07 21:37
ComboFix2.txt 2009-09-07 14:24
ComboFix3.txt 2009-09-04 15:44
Pre-Run: 67 020 992 512 octets libres
Post-Run: 66 991 054 848 octets libres
198 --- E O F --- 2009-07-31 19:16
ComboFix 09-09-06.06 - Nino Cioli 07/09/2009 23:30.3.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.586 [GMT 2:00]
Running from: c:\documents and settings\Nino Cioli\Bureau\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.
2009-09-07 20:58 . 2009-09-07 21:13 -------- d-----w- C:\GenProc
2009-09-04 15:51 . 2009-09-04 15:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 15:50 . 2009-09-04 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 15:50 . 2009-09-04 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:01 . 2009-09-07 14:55 -------- d-----w- C:\FindyKill
2009-09-03 22:55 . 2009-09-03 22:57 -------- d-----w- c:\windows\avxoscan
2009-09-03 22:51 . 2009-09-03 22:51 -------- d-----w- c:\windows\BDOSCAN8
2009-09-03 22:49 . 2009-09-03 22:49 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Winamp Toolbar
2009-09-03 11:59 . 2009-09-04 10:14 -------- d-----w- c:\program files\C4U
2009-09-03 11:59 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
2009-09-03 11:59 . 2009-09-03 11:59 -------- d-----w- c:\documents and settings\Nino Cioli\WINDOWS
2009-08-31 16:44 . 2009-08-31 16:44 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\dvdcss
2009-08-31 16:44 . 2009-09-01 14:12 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\vlc
2009-08-31 16:43 . 2009-08-31 16:43 -------- d-----w- c:\program files\VideoLAN
2009-08-21 08:43 . 2009-08-21 08:43 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 21:13 . 2009-05-12 21:31 76482 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-07 21:13 . 2009-05-12 21:31 468608 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-07 13:28 . 2009-09-07 13:23 -------- d-----w- c:\program files\SpywareGuard
2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-08-31 16:28 . 2009-07-28 21:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Winamp
2009-08-27 09:46 . 2009-05-12 20:49 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-07 13:13 . 2009-08-07 13:01 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Apple Computer
2009-08-07 13:03 . 2009-08-07 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iTunes
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iPod
2009-08-07 13:00 . 2009-08-07 12:58 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\Bonjour
2009-08-07 13:00 . 2009-08-07 12:59 -------- d-----w- c:\program files\QuickTime
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\program files\Apple Software Update
2009-07-31 19:15 . 2009-07-31 19:15 -------- d-----w- c:\program files\MSXML 4.0
2009-07-31 17:26 . 2009-07-31 17:25 -------- d-----w- c:\program files\ZC2.10
2009-07-29 10:41 . 2009-07-28 13:57 -------- d-----w- c:\program files\lg_fwupdate
2009-07-28 21:53 . 2009-07-28 21:51 -------- d-----w- c:\program files\Winamp
2009-07-28 21:52 . 2009-07-28 21:52 -------- d-----w- c:\program files\Winamp Toolbar
2009-07-28 21:52 . 2009-07-28 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2009-07-28 14:01 . 2009-05-12 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 14:00 . 2009-07-28 13:45 -------- d-----w- c:\program files\CyberLink
2009-07-28 13:59 . 2009-07-28 13:54 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\program files\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-28 13:48 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-28 13:46 . 2009-07-28 13:46 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\CyberLink
2009-07-28 13:44 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-27 14:19 . 2009-07-27 14:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-09 10:16 . 2009-08-07 12:59 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-08-07 12:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-29 15:57 . 2009-05-12 21:31 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2009-05-12 21:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2009-05-12 21:31 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2009-05-12 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2009-05-12 21:31 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-03-21 14:07 . 2009-05-12 21:31 170505 --sha-r- c:\windows\system32\hsyos.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-04_15.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 21:31 . 2009-09-07 21:13 62934 c:\windows\system32\perfc009.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 62934 c:\windows\system32\perfc009.dat
+ 2009-09-04 16:31 . 2009-09-04 16:31 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-09-07 14:30 . 2009-09-07 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 401272 c:\windows\system32\perfh009.dat
+ 2009-05-12 21:31 . 2009-09-07 21:13 401272 c:\windows\system32\perfh009.dat
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-09-04 16:31 . 2009-09-04 16:31 1232896 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-09-07 14:30 . 2009-09-07 14:30 1232896 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 15:39 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2009-03-10 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-04-07 210216]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-27 17881088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nino Cioli\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-12 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2432:TCP"= 2432:TCP:yxavcvq
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/05/2009 22:58 55152]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [28/02/2008 17:39 53032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [12/05/2009 22:08 10752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 03:59 38912]
S2 gaailca;Driver Support;c:\windows\system32\svchost.exe -k netsvcs [12/05/2009 23:31 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/05/2009 22:04 1684736]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/05/2009 22:06 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/05/2009 23:14 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 07:47 39040]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gaailca
.
Contents of the 'Scheduled Tasks' folder
2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Nino Cioli\Application Data\Mozilla\Firefox\Profiles\l3r2ppwg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 23:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaailca]
"ServiceDll"="c:\windows\system32\hsyos.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-09-07 23:37
ComboFix-quarantined-files.txt 2009-09-07 21:37
ComboFix2.txt 2009-09-07 14:24
ComboFix3.txt 2009-09-04 15:44
Pre-Run: 67 020 992 512 octets libres
Post-Run: 66 991 054 848 octets libres
198 --- E O F --- 2009-07-31 19:16
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
7 sept. 2009 à 23:55
7 sept. 2009 à 23:55
tu arrive de quel forum?
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
8 sept. 2009 à 00:03
8 sept. 2009 à 00:03
Y'a plus d'espoir c'est ça ?
avec moi non
avec moi non
BESOIN-D-AIDE-ME-VOILA
Messages postés
10
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
8 septembre 2009
13
8 sept. 2009 à 00:08
8 sept. 2009 à 00:08
alors as-tu attrapé le virus après avoir télécharger un Keygen si c'est la cas tu n'as plus qu'a formater j'ai déjà eu le coup moralité apres avoir formater ma carte mere a cramé coïncidence ou pas j'ai étais puni par la loi du peer to peer du coup j'achète cela fait ch... mes au moin plus de virus
Je vais pas jouer les agneaux innocents. C'est clair que j'ai pas dû choper que des trucs certifiés Microsoft...
Alors ok, c'est pas bien, je suis prêt à marcher pieds nus sur des charbons ardents mais il doit bien y avoir une solution adaptée autre que la purification de mon âme...
Pitié, aidez-moi. Je vous rappelle que j'ai des vieilles dames en otage !
Alors ok, c'est pas bien, je suis prêt à marcher pieds nus sur des charbons ardents mais il doit bien y avoir une solution adaptée autre que la purification de mon âme...
Pitié, aidez-moi. Je vous rappelle que j'ai des vieilles dames en otage !
BESOIN-D-AIDE-ME-VOILA
Messages postés
10
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
8 septembre 2009
13
8 sept. 2009 à 00:27
8 sept. 2009 à 00:27
dans l'éventualité fait une copie des fichiers important et formate moi perso j'ai testé au moins 40 antivirus sans exagérée virus c'est beagle je crois regard sur google au moins apres le formatage tes tranquille et tu repart sur de bonne base bonne chance dans ta lutte contre les petits co.. qui mette des virus partout
Voilà le rapport.
ComboFix 09-09-06.06 - Nino Cioli 08/09/2009 0:56.4.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.635 [GMT 2:00]
Running from: c:\documents and settings\Nino Cioli\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Nino Cioli\Bureau\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\hsyos.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
c:\documents and settings\All Users\Application Data\Winamp Toolbar
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alert.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.css
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\defaultButtons.xml
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\searchedit.bmp
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_left.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_left_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_right.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_right_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_buy.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_buy_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_enqall_off.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_enqall_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_info.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_info_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_play.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_play_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playall_off.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playall_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playlist.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playlist_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\qap.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.css
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\staf.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\staf.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\about.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton_confirm.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addsearch.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\ani_media_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blocker.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\branding.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedowndisabled.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedowndown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedownover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedownup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupdisabled.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupdown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextdown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevdown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttonManager.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttons.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttons_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\clearprints.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\clearprints_confirm.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content_header01.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content_header02.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\custom_button.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\custombutton.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\customize_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\defaultsearch.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\disabled_input_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\disabled_input_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\dot.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\dropcustombutton.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\firsttimepage.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\footprints.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\footprints_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\general_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_down_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_down_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_over_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_over_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\latest.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\metrics.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\olderversion.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\options_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_left.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_right.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_left_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_right_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_bot.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_large.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_bot.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_large.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popup_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popups_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popups_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\preferences.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\preferences.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\privacy_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\renamecustombutton.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\resettoolbar.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabActive.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabNormal.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabOver.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_bg.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_bottom.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_left.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_top.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\stylesheet.css
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\winamptb.cfg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
c:\windows\system32\hsyos.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GAAILCA
-------\Service_gaailca
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.
2009-09-07 20:58 . 2009-09-07 21:13 -------- d-----w- C:\GenProc
2009-09-04 15:51 . 2009-09-04 15:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 15:50 . 2009-09-04 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 15:50 . 2009-09-04 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:01 . 2009-09-07 14:55 -------- d-----w- C:\FindyKill
2009-09-03 22:55 . 2009-09-03 22:57 -------- d-----w- c:\windows\avxoscan
2009-09-03 22:51 . 2009-09-03 22:51 -------- d-----w- c:\windows\BDOSCAN8
2009-09-03 22:49 . 2009-09-03 22:49 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Winamp Toolbar
2009-09-03 11:59 . 2009-09-04 10:14 -------- d-----w- c:\program files\C4U
2009-09-03 11:59 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
2009-09-03 11:59 . 2009-09-03 11:59 -------- d-----w- c:\documents and settings\Nino Cioli\WINDOWS
2009-08-31 16:44 . 2009-08-31 16:44 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\dvdcss
2009-08-31 16:44 . 2009-09-01 14:12 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\vlc
2009-08-31 16:43 . 2009-08-31 16:43 -------- d-----w- c:\program files\VideoLAN
2009-08-21 08:43 . 2009-08-21 08:43 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 22:47 . 2009-05-12 21:31 76482 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-07 22:47 . 2009-05-12 21:31 468608 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-07 13:28 . 2009-09-07 13:23 -------- d-----w- c:\program files\SpywareGuard
2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-08-31 16:28 . 2009-07-28 21:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Winamp
2009-08-27 09:46 . 2009-05-12 20:49 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-07 13:13 . 2009-08-07 13:01 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Apple Computer
2009-08-07 13:03 . 2009-08-07 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iTunes
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iPod
2009-08-07 13:00 . 2009-08-07 12:58 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\Bonjour
2009-08-07 13:00 . 2009-08-07 12:59 -------- d-----w- c:\program files\QuickTime
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\program files\Apple Software Update
2009-07-31 19:15 . 2009-07-31 19:15 -------- d-----w- c:\program files\MSXML 4.0
2009-07-31 17:26 . 2009-07-31 17:25 -------- d-----w- c:\program files\ZC2.10
2009-07-29 10:41 . 2009-07-28 13:57 -------- d-----w- c:\program files\lg_fwupdate
2009-07-28 21:53 . 2009-07-28 21:51 -------- d-----w- c:\program files\Winamp
2009-07-28 14:01 . 2009-05-12 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 14:00 . 2009-07-28 13:45 -------- d-----w- c:\program files\CyberLink
2009-07-28 13:59 . 2009-07-28 13:54 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\program files\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-28 13:48 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-28 13:46 . 2009-07-28 13:46 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\CyberLink
2009-07-28 13:44 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-27 14:19 . 2009-07-27 14:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-09 10:16 . 2009-08-07 12:59 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-08-07 12:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-29 15:57 . 2009-05-12 21:31 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2009-05-12 21:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2009-05-12 21:31 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2009-05-12 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2009-05-12 21:31 81920 ----a-w- c:\windows\system32\fontsub.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-04_15.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 21:31 . 2009-09-07 22:47 62934 c:\windows\system32\perfc009.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 62934 c:\windows\system32\perfc009.dat
+ 2009-09-04 16:31 . 2009-09-04 16:31 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-09-07 14:30 . 2009-09-07 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 401272 c:\windows\system32\perfh009.dat
+ 2009-05-12 21:31 . 2009-09-07 22:47 401272 c:\windows\system32\perfh009.dat
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-09-04 16:31 . 2009-09-04 16:31 1232896 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-09-07 14:30 . 2009-09-07 14:30 1232896 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 15:39 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2009-03-10 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-04-07 210216]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-27 17881088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nino Cioli\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-12 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2432:TCP"= 2432:TCP:yxavcvq
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/05/2009 22:58 55152]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [28/02/2008 17:39 53032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [12/05/2009 22:08 10752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 03:59 38912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/05/2009 22:04 1684736]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/05/2009 22:06 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/05/2009 23:14 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 07:47 39040]
.
Contents of the 'Scheduled Tasks' folder
2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Nino Cioli\Application Data\Mozilla\Firefox\Profiles\l3r2ppwg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 01:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(2216)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-07 1:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 23:07
ComboFix2.txt 2009-09-07 21:37
ComboFix3.txt 2009-09-07 14:24
ComboFix4.txt 2009-09-04 15:44
Pre-Run: 66 976 440 320 octets libres
Post-Run: 66 875 072 512 octets libres
357 --- E O F --- 2009-07-31 19:16
ComboFix 09-09-06.06 - Nino Cioli 08/09/2009 0:56.4.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.635 [GMT 2:00]
Running from: c:\documents and settings\Nino Cioli\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Nino Cioli\Bureau\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\hsyos.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DIFxInstallLog.txt
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
c:\documents and settings\All Users\Application Data\Winamp Toolbar
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alert.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.css
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\alerts\alerts.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\defaultButtons.xml
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\buttons\searchedit.bmp
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_left.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_left_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_right.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\arrow_right_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_buy.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_buy_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_enqall_off.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_enqall_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_info.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_info_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_play.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_play_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playall_off.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playall_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playlist.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\images\qap_playlist_on.jpg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\mediamonitor\mediamonitor.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\menu.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\qap.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.css
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\rss.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\staf.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\rss\staf.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\about.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addcustombutton_confirm.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\addsearch.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\ani_media_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blocker.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_down_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_normal_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\blue_input_over_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\branding.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedowndisabled.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedowndown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedownover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_movedownup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupdisabled.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupdown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_moveupup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextdown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_nextup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevdown.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevover.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\button_prevup.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttonManager.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttons.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\buttons_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\clearprints.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\clearprints_confirm.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content_header01.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\content_header02.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\custom_button.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\custombutton.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\customize_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\defaultsearch.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\disabled_input_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\disabled_input_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\dot.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\dropcustombutton.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\firsttimepage.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\footprints.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\footprints_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\general_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_down_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_down_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_normal_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_over_1.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\green_input_over_2.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\latest.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\metrics.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\olderversion.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\options_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_left.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_right.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_bottom_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_left_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_right_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_bot.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_left_large.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_bot.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_right_large.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\pan_top_tile.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popup_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popups_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\popups_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\preferences.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\preferences.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\privacy_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\renamecustombutton.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\resettoolbar.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search.js
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search_frame.htm
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\search_icon.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabActive.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabNormal.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\SettingTabOver.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_bg.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_bottom.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_left.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\sidebar_top.gif
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\ui\stylesheet.css
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\winamptb.cfg
c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
c:\windows\system32\hsyos.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GAAILCA
-------\Service_gaailca
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.
2009-09-07 20:58 . 2009-09-07 21:13 -------- d-----w- C:\GenProc
2009-09-04 15:51 . 2009-09-04 15:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-04 15:50 . 2009-09-04 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 15:50 . 2009-09-04 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 15:50 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:01 . 2009-09-07 14:55 -------- d-----w- C:\FindyKill
2009-09-03 22:55 . 2009-09-03 22:57 -------- d-----w- c:\windows\avxoscan
2009-09-03 22:51 . 2009-09-03 22:51 -------- d-----w- c:\windows\BDOSCAN8
2009-09-03 22:49 . 2009-09-03 22:49 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Winamp Toolbar
2009-09-03 11:59 . 2009-09-04 10:14 -------- d-----w- c:\program files\C4U
2009-09-03 11:59 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
2009-09-03 11:59 . 2009-09-03 11:59 -------- d-----w- c:\documents and settings\Nino Cioli\WINDOWS
2009-08-31 16:44 . 2009-08-31 16:44 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\dvdcss
2009-08-31 16:44 . 2009-09-01 14:12 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\vlc
2009-08-31 16:43 . 2009-08-31 16:43 -------- d-----w- c:\program files\VideoLAN
2009-08-21 08:43 . 2009-08-21 08:43 -------- d-----w- c:\documents and settings\Nino Cioli\Local Settings\Application Data\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 22:47 . 2009-05-12 21:31 76482 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-07 22:47 . 2009-05-12 21:31 468608 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-07 13:28 . 2009-09-07 13:23 -------- d-----w- c:\program files\SpywareGuard
2009-09-04 15:56 . 2009-09-04 15:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-08-31 16:28 . 2009-07-28 21:51 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Winamp
2009-08-27 09:46 . 2009-05-12 20:49 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-07 13:13 . 2009-08-07 13:01 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\Apple Computer
2009-08-07 13:03 . 2009-08-07 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iTunes
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\iPod
2009-08-07 13:00 . 2009-08-07 12:58 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-07 13:00 . 2009-08-07 13:00 -------- d-----w- c:\program files\Bonjour
2009-08-07 13:00 . 2009-08-07 12:59 -------- d-----w- c:\program files\QuickTime
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-07 12:59 . 2009-08-07 12:59 -------- d-----w- c:\program files\Apple Software Update
2009-07-31 19:15 . 2009-07-31 19:15 -------- d-----w- c:\program files\MSXML 4.0
2009-07-31 17:26 . 2009-07-31 17:25 -------- d-----w- c:\program files\ZC2.10
2009-07-29 10:41 . 2009-07-28 13:57 -------- d-----w- c:\program files\lg_fwupdate
2009-07-28 21:53 . 2009-07-28 21:51 -------- d-----w- c:\program files\Winamp
2009-07-28 14:01 . 2009-05-12 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 14:00 . 2009-07-28 13:45 -------- d-----w- c:\program files\CyberLink
2009-07-28 13:59 . 2009-07-28 13:54 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\program files\Nero
2009-07-28 13:54 . 2009-07-28 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-07-28 13:48 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-28 13:46 . 2009-07-28 13:46 -------- d-----w- c:\documents and settings\Nino Cioli\Application Data\CyberLink
2009-07-28 13:44 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-27 14:19 . 2009-07-27 14:19 0 ----a-w- c:\windows\nsreg.dat
2009-07-09 10:16 . 2009-08-07 12:59 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-08-07 12:59 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-29 15:57 . 2009-05-12 21:31 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2009-05-12 21:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2009-05-12 21:31 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2009-05-12 21:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2009-05-12 21:31 81920 ----a-w- c:\windows\system32\fontsub.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-04_15.42.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 21:31 . 2009-09-07 22:47 62934 c:\windows\system32\perfc009.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 62934 c:\windows\system32\perfc009.dat
+ 2009-09-04 16:31 . 2009-09-04 16:31 8192 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-09-07 14:30 . 2009-09-07 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2009-05-12 21:31 . 2009-09-04 15:35 401272 c:\windows\system32\perfh009.dat
+ 2009-05-12 21:31 . 2009-09-07 22:47 401272 c:\windows\system32\perfh009.dat
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-09-04 16:31 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-09-04 16:31 . 2009-09-04 16:31 1232896 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-09-07 14:30 . 2009-09-07 14:30 1232896 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 15:39 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2009-03-10 570664]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-04-07 210216]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-04-27 17881088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nino Cioli\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-12 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2432:TCP"= 2432:TCP:yxavcvq
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [12/05/2009 22:58 55152]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [28/02/2008 17:39 53032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [12/05/2009 22:08 10752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28/04/2009 03:59 38912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/05/2009 22:04 1684736]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [12/05/2009 22:06 966912]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/05/2009 23:14 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [28/04/2009 07:47 39040]
.
Contents of the 'Scheduled Tasks' folder
2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Nino Cioli\Application Data\Mozilla\Firefox\Profiles\l3r2ppwg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 01:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\igfxdev.dll
- - - - - - - > 'explorer.exe'(2216)
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-07 1:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 23:07
ComboFix2.txt 2009-09-07 21:37
ComboFix3.txt 2009-09-07 14:24
ComboFix4.txt 2009-09-04 15:44
Pre-Run: 66 976 440 320 octets libres
Post-Run: 66 875 072 512 octets libres
357 --- E O F --- 2009-07-31 19:16
Je sais pas si tout est réglé mais je peux déjà te remercier pour avoir rétabli l'accès aux sites d'antivirus. Un truc à faire pour vérifier que tout est ok ? Un antivirus à télécharger ?
Utilisateur anonyme
8 sept. 2009 à 01:14
8 sept. 2009 à 01:14
Tu devrais de nouveau avoir acces aux sites des antivirus , tu confirmes ?