Suppresion Rogue.InternetAntiVirus impossible
Résolu
marionette48
Messages postés
147
Date d'inscription
Statut
Membre
Dernière intervention
-
marionette48 Messages postés 147 Date d'inscription Statut Membre Dernière intervention -
marionette48 Messages postés 147 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
voilà, je n'arrive pas à me débarasser de cette infection détectée par malwarebytes anti malware, voicile rapport:
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828
08/12/2009 08:40:13
mbam-log-2009-12-08 (08-40-13).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 302366
Temps écoulé: 2 hour(s), 7 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\parametername (Rogue.InternetAntiVirus) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
j'attends votre aide avec impatience!
merci
voilà, je n'arrive pas à me débarasser de cette infection détectée par malwarebytes anti malware, voicile rapport:
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3289
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828
08/12/2009 08:40:13
mbam-log-2009-12-08 (08-40-13).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 302366
Temps écoulé: 2 hour(s), 7 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\parametername (Rogue.InternetAntiVirus) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
j'attends votre aide avec impatience!
merci
127 réponses
bon. je ne veut pas embrouiller le topic , mais comme il n'a pas l'air de repondre :
=> refait un scan avec rsit puis on sera fixé.
je pense que tu n'a plus rien
=> refait un scan avec rsit puis on sera fixé.
je pense que tu n'a plus rien
Logfile of random's system information tool 1.06 (written by random/random)
Run by rose at 2009-12-10 17:45:24
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 2046 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:41, on 10/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\rose\Desktop\RSIT(2).exe
C:\Program Files\trend micro\rose.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Run by rose at 2009-12-10 17:45:24
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 2046 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:41, on 10/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\rose\Desktop\RSIT(2).exe
C:\Program Files\trend micro\rose.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
"Bien et j'ai toujours mon problème de clef windows, c'est à dire que là je n'utilise apparament qu'une copie, or avant je n'avais pas ce problème, ne pensez-vous pas que c'est du à quelque chose que vous m'avez fait supprimer"
j'aimerais une réponse pour ce problème! SVP
j'aimerais une réponse pour ce problème! SVP
tu a des toolbars ?
vide ta quarentaine.
ensuite , tu n'a plus qu'une chose a faire :
=> telecharger toolscleaner de AceRothstein & Dj Quiou
=> le demmarer
=> faire recherche et ne rien toucher
=> cliquer sur suppresion
=> puis sur quitter
=> poster le rapport ici : C:\TCleaner.txt
vide ta quarentaine.
ensuite , tu n'a plus qu'une chose a faire :
=> telecharger toolscleaner de AceRothstein & Dj Quiou
=> le demmarer
=> faire recherche et ne rien toucher
=> cliquer sur suppresion
=> puis sur quitter
=> poster le rapport ici : C:\TCleaner.txt
Re,
servabat: la même remarque que gen-hackman t'a dit: tu joues à quoi ?
évite de t'incruster comme ça dans les topics stp.
(désolé si je suis un peu agressif, mais là ...)
nathandre: AD-R a été déjà passé, reviens à la page 1. Il suffit juste de fixer la ligne, on verra après.
======
On est loin d'être terminés!
Il y a une infection qui revient sans cesse:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\parametername (Rogue.InternetAntiVirus) -> Delete on reboot.
"Bien et j'ai toujours mon problème de clef windows, c'est à dire que là je n'utilise apparament qu'une copie, or avant je n'avais pas ce problème, ne pensez-vous pas que c'est du à quelque chose que vous m'avez fait supprimer"
Une copie, c'est à dire? tu as le CD original de windows? tu as activé ton windows? depuis quand tu possède ce PC? c'est un portable?
=======
Si vous êtes sous Vista Désactivez l'UAC
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS /!\
_________________________________________________________________
>>>>>>>>>> ! Le logiciel qui suit n'est pas a utiliser a la légère ! <<<<<<<<<<
> /!\ Ce logiciel est TRÈS PUISSANT et peut causer des dégâts sur ton système /!\ <
>>>>>>>> ! Prends ton temps pour lire les tutoriels et les indications ! <<<<<<<<
=========================================================
==========>>> !! A lire, Impératif !! <<<==========
Télécharge ComboFix (de sUBs) et enregistre le sur ton bureau et pas ailleurs.
AVANT d'utiliser ComboFix :
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
( Tutoriel si besoin )
▶ Double clique sur ComboFix.exe afin de le lancer (Sous Vista: Clique droit et choisir " Exécuter en tant qu'administrateur")
▶ Note :
Sous XP : L'outil va te demander si tu souhaite installer la console de récupération (image) .
Reconnecte toi , Puis clique sur "YES" , et une fois la console installée :
! Déconnecte toi d'internet , (très important) !.
▶ Répond par Oui / Yes au message d'avertissement , pour que le programme commence à procéder à l'analyse du pc.
!!!!! NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS, CLAVIER.....) !!!!!
▶ A la fin du scan , il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection , laisse le travailler.
▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc Notes en fin d'analyse,
▶ Réactive toutes tes défenses , reviens sur le forum puis copie et colle le rapport dans ton a ta prochaine réponse
* Note :
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
+
servabat: la même remarque que gen-hackman t'a dit: tu joues à quoi ?
évite de t'incruster comme ça dans les topics stp.
(désolé si je suis un peu agressif, mais là ...)
nathandre: AD-R a été déjà passé, reviens à la page 1. Il suffit juste de fixer la ligne, on verra après.
======
On est loin d'être terminés!
Il y a une infection qui revient sans cesse:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\parametername (Rogue.InternetAntiVirus) -> Delete on reboot.
"Bien et j'ai toujours mon problème de clef windows, c'est à dire que là je n'utilise apparament qu'une copie, or avant je n'avais pas ce problème, ne pensez-vous pas que c'est du à quelque chose que vous m'avez fait supprimer"
Une copie, c'est à dire? tu as le CD original de windows? tu as activé ton windows? depuis quand tu possède ce PC? c'est un portable?
=======
Si vous êtes sous Vista Désactivez l'UAC
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS /!\
_________________________________________________________________
>>>>>>>>>> ! Le logiciel qui suit n'est pas a utiliser a la légère ! <<<<<<<<<<
> /!\ Ce logiciel est TRÈS PUISSANT et peut causer des dégâts sur ton système /!\ <
>>>>>>>> ! Prends ton temps pour lire les tutoriels et les indications ! <<<<<<<<
=========================================================
==========>>> !! A lire, Impératif !! <<<==========
Télécharge ComboFix (de sUBs) et enregistre le sur ton bureau et pas ailleurs.
AVANT d'utiliser ComboFix :
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
( Tutoriel si besoin )
▶ Double clique sur ComboFix.exe afin de le lancer (Sous Vista: Clique droit et choisir " Exécuter en tant qu'administrateur")
▶ Note :
Sous XP : L'outil va te demander si tu souhaite installer la console de récupération (image) .
Reconnecte toi , Puis clique sur "YES" , et une fois la console installée :
! Déconnecte toi d'internet , (très important) !.
▶ Répond par Oui / Yes au message d'avertissement , pour que le programme commence à procéder à l'analyse du pc.
!!!!! NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS, CLAVIER.....) !!!!!
▶ A la fin du scan , il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection , laisse le travailler.
▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc Notes en fin d'analyse,
▶ Réactive toutes tes défenses , reviens sur le forum puis copie et colle le rapport dans ton a ta prochaine réponse
* Note :
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
+
ComboFix 09-12-09.04 - rose 10/12/2009 20:01:42.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1400 [GMT 1:00]
Lancé depuis: c:\users\rose\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-10 au 2009-12-10 ))))))))))))))))))))))))))))))))))))
.
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\rose\AppData\Local\temp
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\marion\AppData\Local\temp
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-10 11:19 . 2009-12-10 11:19 -------- d-----w- C:\_OTL
2009-12-10 02:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 14:51 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 09:25 . 2009-12-09 09:27 -------- d-----w- c:\users\rose\.housecall6.6
2009-12-09 09:25 . 2009-12-09 09:25 -------- d-----w- c:\windows\Sun
2009-12-08 22:14 . 2009-12-08 22:14 -------- d-----w- c:\users\rose\AppData\Roaming\Uniblue
2009-12-08 18:35 . 2009-12-09 14:38 81592 ----a-w- c:\users\rose\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-07 10:37 . 2009-12-07 10:37 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 00:31 . 2009-12-05 00:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-03 12:51 . 2009-12-07 10:16 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-02 15:00 . 2009-12-02 15:00 -------- d-----w- c:\users\rose\AppData\Roaming\Broad Intelligence
2009-12-02 14:40 . 2009-12-09 10:08 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-02 14:04 . 2009-12-02 14:04 -------- d-----w- c:\users\rose\AppData\Roaming\STOIK
2009-12-01 13:52 . 2009-12-01 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 14:02 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-11-29 14:02 . 2009-11-29 14:05 -------- d-----w- c:\program files\PDFCreator
2009-11-29 14:02 . 1998-07-13 01:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-11-29 14:02 . 1998-07-13 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-11-29 14:02 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\programdata\ma-config.com
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\program files\ma-config.com
2009-11-28 18:18 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-28 18:18 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-28 18:18 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-28 18:18 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-28 18:18 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-28 18:18 . 2009-11-28 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-25 02:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 19:31 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:31 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 19:25 . 2009-12-10 15:17 -------- d-----w- c:\users\rose\Tracing
2009-11-21 15:42 . 2009-11-23 17:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:42 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\programdata\Avira
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\program files\Avira
2009-11-20 17:43 . 2009-12-09 09:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-20 17:38 . 2009-12-10 18:43 -------- d-----w- c:\program files\Trend Micro
2009-11-20 16:35 . 2009-04-11 06:32 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-20 16:35 . 2009-04-11 06:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 12:17 . 2009-11-20 12:17 -------- d-sh--w- c:\users\rose\AppData\Roaming\%APPDATA%
2009-11-20 10:23 . 2009-10-29 14:39 679936 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-20 10:23 . 2009-10-29 14:39 614400 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-19 11:52 . 2009-11-19 11:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-17 02:20 . 2009-11-17 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\users\rose\AppData\Local\TechSmith
2009-11-11 16:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 16:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 12:41 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-10 12:41 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:18 . 2006-08-20 10:18 -------- d-----w- c:\users\rose\AppData\Roaming\dvdcss
2009-12-09 09:45 . 2008-11-28 09:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-08 08:09 . 2009-05-21 09:36 -------- d-----w- c:\program files\CCleaner
2009-12-07 10:39 . 2009-10-13 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 07:55 . 2007-04-18 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-03 15:14 . 2009-10-13 16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-13 16:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 16:16 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 13:44 . 2007-04-18 05:44 -------- d-----w- c:\program files\Java
2009-11-28 20:45 . 2006-08-17 20:32 -------- d-----w- c:\users\rose\AppData\Roaming\Media Player Classic
2009-11-21 15:35 . 2008-04-14 15:34 -------- d-----w- c:\program files\Alwil Software
2009-11-21 06:40 . 2009-12-09 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 14:05 . 2008-11-28 06:18 -------- d-----w- c:\users\rose\AppData\Roaming\Audacity
2009-11-20 09:26 . 2009-10-13 17:19 183356 ----a-w- c:\users\rose\AppData\Roaming\HouseCall 6.6\Uninstaller.exe
2009-11-17 02:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 02:20 . 2009-11-17 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 02:19 . 2009-11-17 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 08:49 . 2009-11-06 08:49 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:49 . 2008-04-05 13:51 -------- d-----w- c:\program files\Windows Live
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 17:08 . 2009-10-19 17:08 -------- d-----w- c:\programdata\TechSmith
2009-10-17 14:10 . 2009-10-17 14:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 19:40 . 2009-10-16 19:40 -------- d-----w- c:\programdata\eMule
2009-10-16 19:32 . 2009-10-15 14:30 -------- d-----w- c:\program files\Canon
2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\users\rose\AppData\Roaming\Canon
2009-10-15 14:29 . 2009-10-15 14:29 -------- d-----w- c:\program files\Common Files\Canon
2009-10-15 11:45 . 2009-10-15 11:45 -------- d-----w- c:\users\rose\AppData\Roaming\Ulead Systems
2009-10-14 06:34 . 2009-10-14 06:34 -------- d-----w- c:\program files\eMule
2009-10-13 22:41 . 2009-10-13 22:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-13 22:24 . 2009-10-13 06:16 -------- d-----w- c:\users\rose\AppData\Roaming\GeoVid
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\users\rose\AppData\Roaming\Malwarebytes
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-13 15:50 . 2009-05-21 08:34 -------- d-----w- c:\program files\MSECACHE
2009-10-13 15:42 . 2009-01-04 17:55 -------- d-----w- c:\program files\Gadwin Systems
2009-10-13 06:15 . 2009-10-13 06:15 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-12 10:10 . 2009-10-03 10:13 -------- d-----w- c:\users\rose\AppData\Roaming\Eltima Software
2009-10-10 16:22 . 2009-10-10 16:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-10 16:22 . 2009-10-10 16:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-06 10:22 . 2009-10-06 10:22 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-10-01 01:02 . 2009-11-17 02:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 02:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 02:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 02:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 02:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 02:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 02:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 02:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 02:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 02:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 02:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 02:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 02:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 02:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-17 02:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 02:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 02:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 06:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe -autorun [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive]
2008-09-02 12:43 141312 ----a-w- c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application]
2008-09-23 11:18 201304 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-01 13:45 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,31,25,6c,94,3b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458629341-677713502-4177817849-1000]
"EnableNotificationsRef"=dword:0000000d
R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04/02/2009 10:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04/02/2009 10:22 19456]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2009 16:42 108289]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/05/2009 11:46 721904]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/06/2008 07:27 21504]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 08:23 150528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
FF - ProfilePath - c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Gadwin PrintScreen Pro - c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 20:13
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP00000023BF1A5BA1D8559E4A 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro Tryout\\Settings\\DV - PAL\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-12-10 20:20:11
ComboFix-quarantined-files.txt 2009-12-10 19:20
Avant-CF: 12 331 196 416 octets libres
Après-CF: 13 163 663 360 octets libres
- - End Of File - - 1FF0F4C25CABC7DF1B9A035708E49DFF
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1400 [GMT 1:00]
Lancé depuis: c:\users\rose\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-10 au 2009-12-10 ))))))))))))))))))))))))))))))))))))
.
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\rose\AppData\Local\temp
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\marion\AppData\Local\temp
2009-12-10 19:13 . 2009-12-10 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-10 11:19 . 2009-12-10 11:19 -------- d-----w- C:\_OTL
2009-12-10 02:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 14:51 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 09:25 . 2009-12-09 09:27 -------- d-----w- c:\users\rose\.housecall6.6
2009-12-09 09:25 . 2009-12-09 09:25 -------- d-----w- c:\windows\Sun
2009-12-08 22:14 . 2009-12-08 22:14 -------- d-----w- c:\users\rose\AppData\Roaming\Uniblue
2009-12-08 18:35 . 2009-12-09 14:38 81592 ----a-w- c:\users\rose\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-07 10:37 . 2009-12-07 10:37 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 00:31 . 2009-12-05 00:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-03 12:51 . 2009-12-07 10:16 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-02 15:00 . 2009-12-02 15:00 -------- d-----w- c:\users\rose\AppData\Roaming\Broad Intelligence
2009-12-02 14:40 . 2009-12-09 10:08 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-02 14:04 . 2009-12-02 14:04 -------- d-----w- c:\users\rose\AppData\Roaming\STOIK
2009-12-01 13:52 . 2009-12-01 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 14:02 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-11-29 14:02 . 2009-11-29 14:05 -------- d-----w- c:\program files\PDFCreator
2009-11-29 14:02 . 1998-07-13 01:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-11-29 14:02 . 1998-07-13 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-11-29 14:02 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\programdata\ma-config.com
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\program files\ma-config.com
2009-11-28 18:18 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-28 18:18 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-28 18:18 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-28 18:18 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-28 18:18 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-28 18:18 . 2009-11-28 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-25 02:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 19:31 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:31 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 19:25 . 2009-12-10 15:17 -------- d-----w- c:\users\rose\Tracing
2009-11-21 15:42 . 2009-11-23 17:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:42 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\programdata\Avira
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\program files\Avira
2009-11-20 17:43 . 2009-12-09 09:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-20 17:38 . 2009-12-10 18:43 -------- d-----w- c:\program files\Trend Micro
2009-11-20 16:35 . 2009-04-11 06:32 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-20 16:35 . 2009-04-11 06:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 12:17 . 2009-11-20 12:17 -------- d-sh--w- c:\users\rose\AppData\Roaming\%APPDATA%
2009-11-20 10:23 . 2009-10-29 14:39 679936 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-20 10:23 . 2009-10-29 14:39 614400 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-19 11:52 . 2009-11-19 11:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-17 02:20 . 2009-11-17 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\users\rose\AppData\Local\TechSmith
2009-11-11 16:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 16:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 12:41 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-10 12:41 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:18 . 2006-08-20 10:18 -------- d-----w- c:\users\rose\AppData\Roaming\dvdcss
2009-12-09 09:45 . 2008-11-28 09:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-08 08:09 . 2009-05-21 09:36 -------- d-----w- c:\program files\CCleaner
2009-12-07 10:39 . 2009-10-13 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 07:55 . 2007-04-18 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-03 15:14 . 2009-10-13 16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-13 16:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 16:16 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 13:44 . 2007-04-18 05:44 -------- d-----w- c:\program files\Java
2009-11-28 20:45 . 2006-08-17 20:32 -------- d-----w- c:\users\rose\AppData\Roaming\Media Player Classic
2009-11-21 15:35 . 2008-04-14 15:34 -------- d-----w- c:\program files\Alwil Software
2009-11-21 06:40 . 2009-12-09 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 14:05 . 2008-11-28 06:18 -------- d-----w- c:\users\rose\AppData\Roaming\Audacity
2009-11-20 09:26 . 2009-10-13 17:19 183356 ----a-w- c:\users\rose\AppData\Roaming\HouseCall 6.6\Uninstaller.exe
2009-11-17 02:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 02:20 . 2009-11-17 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 02:19 . 2009-11-17 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 08:49 . 2009-11-06 08:49 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:49 . 2008-04-05 13:51 -------- d-----w- c:\program files\Windows Live
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 17:08 . 2009-10-19 17:08 -------- d-----w- c:\programdata\TechSmith
2009-10-17 14:10 . 2009-10-17 14:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 19:40 . 2009-10-16 19:40 -------- d-----w- c:\programdata\eMule
2009-10-16 19:32 . 2009-10-15 14:30 -------- d-----w- c:\program files\Canon
2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\users\rose\AppData\Roaming\Canon
2009-10-15 14:29 . 2009-10-15 14:29 -------- d-----w- c:\program files\Common Files\Canon
2009-10-15 11:45 . 2009-10-15 11:45 -------- d-----w- c:\users\rose\AppData\Roaming\Ulead Systems
2009-10-14 06:34 . 2009-10-14 06:34 -------- d-----w- c:\program files\eMule
2009-10-13 22:41 . 2009-10-13 22:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-13 22:24 . 2009-10-13 06:16 -------- d-----w- c:\users\rose\AppData\Roaming\GeoVid
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\users\rose\AppData\Roaming\Malwarebytes
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-13 15:50 . 2009-05-21 08:34 -------- d-----w- c:\program files\MSECACHE
2009-10-13 15:42 . 2009-01-04 17:55 -------- d-----w- c:\program files\Gadwin Systems
2009-10-13 06:15 . 2009-10-13 06:15 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-12 10:10 . 2009-10-03 10:13 -------- d-----w- c:\users\rose\AppData\Roaming\Eltima Software
2009-10-10 16:22 . 2009-10-10 16:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-10 16:22 . 2009-10-10 16:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-06 10:22 . 2009-10-06 10:22 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-10-01 01:02 . 2009-11-17 02:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 02:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 02:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 02:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 02:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 02:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 02:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 02:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 02:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 02:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 02:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 02:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 02:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 02:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-17 02:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 02:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 02:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 06:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe -autorun [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive]
2008-09-02 12:43 141312 ----a-w- c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application]
2008-09-23 11:18 201304 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-01 13:45 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,31,25,6c,94,3b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458629341-677713502-4177817849-1000]
"EnableNotificationsRef"=dword:0000000d
R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04/02/2009 10:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04/02/2009 10:22 19456]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2009 16:42 108289]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/05/2009 11:46 721904]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/06/2008 07:27 21504]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 08:23 150528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
FF - ProfilePath - c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Gadwin PrintScreen Pro - c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 20:13
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP00000023BF1A5BA1D8559E4A 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro Tryout\\Settings\\DV - PAL\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-12-10 20:20:11
ComboFix-quarantined-files.txt 2009-12-10 19:20
Avant-CF: 12 331 196 416 octets libres
Après-CF: 13 163 663 360 octets libres
- - End Of File - - 1FF0F4C25CABC7DF1B9A035708E49DFF
Désinstalle :
- Avast : https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#avast
- Unibule
- Trend micro : https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#pc-cillin-de-trend-micro
- Norton : https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#norton-antivirus-et-norton-internet-security
==========
/!\ ATTENTION /!\ : Cette procédure a été crée spécialement pour CET UTILISATEUR, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.
▶ Copie le texte ci-dessous :
KillAll::
File::
c:\windows\TEMP\TMP00000023BF1A5BA1D8559E4A
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé /!\
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
- Avast : https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#avast
- Unibule
- Trend micro : https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#pc-cillin-de-trend-micro
- Norton : https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#norton-antivirus-et-norton-internet-security
==========
/!\ ATTENTION /!\ : Cette procédure a été crée spécialement pour CET UTILISATEUR, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.
▶ Copie le texte ci-dessous :
KillAll::
File::
c:\windows\TEMP\TMP00000023BF1A5BA1D8559E4A
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé /!\
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
ComboFix 09-12-09.04 - rose 11/12/2009 11:44:59.4.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1184 [GMT 1:00]
Lancé depuis: c:\users\rose\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\rose\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\TEMP\TMP00000023BF1A5BA1D8559E4A"
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-11 au 2009-12-11 ))))))))))))))))))))))))))))))))))))
.
2009-12-11 10:53 . 2009-12-11 10:57 -------- d-----w- c:\users\rose\AppData\Local\temp
2009-12-11 10:53 . 2009-12-11 10:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-11 10:53 . 2009-12-11 10:53 -------- d-----w- c:\users\marion\AppData\Local\temp
2009-12-11 10:53 . 2009-12-11 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-10 11:19 . 2009-12-10 11:19 -------- d-----w- C:\_OTL
2009-12-10 02:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 14:51 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 09:25 . 2009-12-09 09:25 -------- d-----w- c:\windows\Sun
2009-12-08 22:14 . 2009-12-08 22:14 -------- d-----w- c:\users\rose\AppData\Roaming\Uniblue
2009-12-08 18:35 . 2009-12-09 14:38 81592 ----a-w- c:\users\rose\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-05 00:31 . 2009-12-05 00:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-03 12:51 . 2009-12-07 10:16 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-02 15:00 . 2009-12-02 15:00 -------- d-----w- c:\users\rose\AppData\Roaming\Broad Intelligence
2009-12-02 14:40 . 2009-12-09 10:08 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-02 14:04 . 2009-12-02 14:04 -------- d-----w- c:\users\rose\AppData\Roaming\STOIK
2009-12-01 13:52 . 2009-12-01 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 14:02 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-11-29 14:02 . 2009-11-29 14:05 -------- d-----w- c:\program files\PDFCreator
2009-11-29 14:02 . 1998-07-13 01:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-11-29 14:02 . 1998-07-13 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-11-29 14:02 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\programdata\ma-config.com
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\program files\ma-config.com
2009-11-28 18:18 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-28 18:18 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-28 18:18 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-28 18:18 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-28 18:18 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-28 18:18 . 2009-11-28 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-25 02:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 19:31 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:31 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 19:25 . 2009-12-10 21:18 -------- d-----w- c:\users\rose\Tracing
2009-11-21 15:42 . 2009-11-23 17:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:42 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\programdata\Avira
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\program files\Avira
2009-11-20 17:43 . 2009-12-09 09:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-20 17:38 . 2009-12-10 20:06 -------- d-----w- c:\program files\Trend Micro
2009-11-20 16:35 . 2009-04-11 06:32 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-20 16:35 . 2009-04-11 06:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 12:17 . 2009-11-20 12:17 -------- d-sh--w- c:\users\rose\AppData\Roaming\%APPDATA%
2009-11-19 11:52 . 2009-11-19 11:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-17 02:20 . 2009-11-17 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\users\rose\AppData\Local\TechSmith
2009-11-11 16:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 16:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 23:59 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-10 23:59 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:18 . 2006-08-20 10:18 -------- d-----w- c:\users\rose\AppData\Roaming\dvdcss
2009-12-09 09:45 . 2008-11-28 09:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-08 08:09 . 2009-05-21 09:36 -------- d-----w- c:\program files\CCleaner
2009-12-07 10:39 . 2009-10-13 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 10:37 . 2009-12-07 10:37 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 07:55 . 2007-04-18 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-03 15:14 . 2009-10-13 16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-13 16:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 16:16 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 13:44 . 2007-04-18 05:44 -------- d-----w- c:\program files\Java
2009-11-28 20:45 . 2006-08-17 20:32 -------- d-----w- c:\users\rose\AppData\Roaming\Media Player Classic
2009-11-21 15:35 . 2008-04-14 15:34 -------- d-----w- c:\program files\Alwil Software
2009-11-21 06:40 . 2009-12-09 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 14:05 . 2008-11-28 06:18 -------- d-----w- c:\users\rose\AppData\Roaming\Audacity
2009-11-20 09:26 . 2009-10-13 17:19 183356 ----a-w- c:\users\rose\AppData\Roaming\HouseCall 6.6\Uninstaller.exe
2009-11-17 02:20 . 2009-11-17 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 02:19 . 2009-11-17 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 08:49 . 2009-11-06 08:49 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:49 . 2008-04-05 13:51 -------- d-----w- c:\program files\Windows Live
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 14:39 . 2009-11-20 10:23 679936 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-10-29 14:39 . 2009-11-20 10:23 614400 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-10-19 17:08 . 2009-10-19 17:08 -------- d-----w- c:\programdata\TechSmith
2009-10-17 14:10 . 2009-10-17 14:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 19:40 . 2009-10-16 19:40 -------- d-----w- c:\programdata\eMule
2009-10-16 19:32 . 2009-10-15 14:30 -------- d-----w- c:\program files\Canon
2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\users\rose\AppData\Roaming\Canon
2009-10-15 14:29 . 2009-10-15 14:29 -------- d-----w- c:\program files\Common Files\Canon
2009-10-15 11:45 . 2009-10-15 11:45 -------- d-----w- c:\users\rose\AppData\Roaming\Ulead Systems
2009-10-14 06:34 . 2009-10-14 06:34 -------- d-----w- c:\program files\eMule
2009-10-13 22:41 . 2009-10-13 22:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-13 22:24 . 2009-10-13 06:16 -------- d-----w- c:\users\rose\AppData\Roaming\GeoVid
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\users\rose\AppData\Roaming\Malwarebytes
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-13 15:50 . 2009-05-21 08:34 -------- d-----w- c:\program files\MSECACHE
2009-10-13 15:42 . 2009-01-04 17:55 -------- d-----w- c:\program files\Gadwin Systems
2009-10-13 06:15 . 2009-10-13 06:15 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-10 16:22 . 2009-10-10 16:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-10 16:22 . 2009-10-10 16:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-06 10:22 . 2009-10-06 10:22 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-10-01 01:02 . 2009-11-17 02:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 02:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 02:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 02:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 02:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 02:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 02:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 02:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 02:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 02:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 02:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 02:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 02:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 02:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-17 02:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 02:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 02:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 06:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe -autorun [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive]
2008-09-02 12:43 141312 ----a-w- c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application]
2008-09-23 11:18 201304 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-01 13:45 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,31,25,6c,94,3b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458629341-677713502-4177817849-1000]
"EnableNotificationsRef"=dword:0000000d
R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04/02/2009 10:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04/02/2009 10:22 19456]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2009 16:42 108289]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/06/2008 07:27 21504]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 08:23 150528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
FF - ProfilePath - c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro Tryout\\Settings\\DV - PAL\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-12-11 12:07:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-11 11:07
ComboFix2.txt 2009-12-10 19:20
Avant-CF: 9 848 209 408 octets libres
Après-CF: 9 698 766 848 octets libres
- - End Of File - - 3C3889EB094186B35963FBA6E3537237
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1184 [GMT 1:00]
Lancé depuis: c:\users\rose\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\rose\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\TEMP\TMP00000023BF1A5BA1D8559E4A"
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-11 au 2009-12-11 ))))))))))))))))))))))))))))))))))))
.
2009-12-11 10:53 . 2009-12-11 10:57 -------- d-----w- c:\users\rose\AppData\Local\temp
2009-12-11 10:53 . 2009-12-11 10:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-11 10:53 . 2009-12-11 10:53 -------- d-----w- c:\users\marion\AppData\Local\temp
2009-12-11 10:53 . 2009-12-11 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-10 11:19 . 2009-12-10 11:19 -------- d-----w- C:\_OTL
2009-12-10 02:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 14:51 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 09:25 . 2009-12-09 09:25 -------- d-----w- c:\windows\Sun
2009-12-08 22:14 . 2009-12-08 22:14 -------- d-----w- c:\users\rose\AppData\Roaming\Uniblue
2009-12-08 18:35 . 2009-12-09 14:38 81592 ----a-w- c:\users\rose\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-05 00:31 . 2009-12-05 00:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-03 12:51 . 2009-12-07 10:16 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-02 15:00 . 2009-12-02 15:00 -------- d-----w- c:\users\rose\AppData\Roaming\Broad Intelligence
2009-12-02 14:40 . 2009-12-09 10:08 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-02 14:04 . 2009-12-02 14:04 -------- d-----w- c:\users\rose\AppData\Roaming\STOIK
2009-12-01 13:52 . 2009-12-01 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 14:02 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-11-29 14:02 . 2009-11-29 14:05 -------- d-----w- c:\program files\PDFCreator
2009-11-29 14:02 . 1998-07-13 01:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-11-29 14:02 . 1998-07-13 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-11-29 14:02 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\programdata\ma-config.com
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\program files\ma-config.com
2009-11-28 18:18 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-28 18:18 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-28 18:18 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-28 18:18 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-28 18:18 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-28 18:18 . 2009-11-28 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-25 02:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 19:31 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:31 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 19:25 . 2009-12-10 21:18 -------- d-----w- c:\users\rose\Tracing
2009-11-21 15:42 . 2009-11-23 17:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:42 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\programdata\Avira
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\program files\Avira
2009-11-20 17:43 . 2009-12-09 09:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-20 17:38 . 2009-12-10 20:06 -------- d-----w- c:\program files\Trend Micro
2009-11-20 16:35 . 2009-04-11 06:32 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-20 16:35 . 2009-04-11 06:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 12:17 . 2009-11-20 12:17 -------- d-sh--w- c:\users\rose\AppData\Roaming\%APPDATA%
2009-11-19 11:52 . 2009-11-19 11:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-17 02:20 . 2009-11-17 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\users\rose\AppData\Local\TechSmith
2009-11-11 16:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 16:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 23:59 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-10 23:59 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:18 . 2006-08-20 10:18 -------- d-----w- c:\users\rose\AppData\Roaming\dvdcss
2009-12-09 09:45 . 2008-11-28 09:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-08 08:09 . 2009-05-21 09:36 -------- d-----w- c:\program files\CCleaner
2009-12-07 10:39 . 2009-10-13 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 10:37 . 2009-12-07 10:37 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 07:55 . 2007-04-18 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-03 15:14 . 2009-10-13 16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-13 16:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 16:16 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 13:44 . 2007-04-18 05:44 -------- d-----w- c:\program files\Java
2009-11-28 20:45 . 2006-08-17 20:32 -------- d-----w- c:\users\rose\AppData\Roaming\Media Player Classic
2009-11-21 15:35 . 2008-04-14 15:34 -------- d-----w- c:\program files\Alwil Software
2009-11-21 06:40 . 2009-12-09 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 14:05 . 2008-11-28 06:18 -------- d-----w- c:\users\rose\AppData\Roaming\Audacity
2009-11-20 09:26 . 2009-10-13 17:19 183356 ----a-w- c:\users\rose\AppData\Roaming\HouseCall 6.6\Uninstaller.exe
2009-11-17 02:20 . 2009-11-17 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 02:19 . 2009-11-17 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 08:49 . 2009-11-06 08:49 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:49 . 2008-04-05 13:51 -------- d-----w- c:\program files\Windows Live
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 14:39 . 2009-11-20 10:23 679936 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-10-29 14:39 . 2009-11-20 10:23 614400 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-10-19 17:08 . 2009-10-19 17:08 -------- d-----w- c:\programdata\TechSmith
2009-10-17 14:10 . 2009-10-17 14:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 19:40 . 2009-10-16 19:40 -------- d-----w- c:\programdata\eMule
2009-10-16 19:32 . 2009-10-15 14:30 -------- d-----w- c:\program files\Canon
2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\users\rose\AppData\Roaming\Canon
2009-10-15 14:29 . 2009-10-15 14:29 -------- d-----w- c:\program files\Common Files\Canon
2009-10-15 11:45 . 2009-10-15 11:45 -------- d-----w- c:\users\rose\AppData\Roaming\Ulead Systems
2009-10-14 06:34 . 2009-10-14 06:34 -------- d-----w- c:\program files\eMule
2009-10-13 22:41 . 2009-10-13 22:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-13 22:24 . 2009-10-13 06:16 -------- d-----w- c:\users\rose\AppData\Roaming\GeoVid
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\users\rose\AppData\Roaming\Malwarebytes
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-13 15:50 . 2009-05-21 08:34 -------- d-----w- c:\program files\MSECACHE
2009-10-13 15:42 . 2009-01-04 17:55 -------- d-----w- c:\program files\Gadwin Systems
2009-10-13 06:15 . 2009-10-13 06:15 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-10 16:22 . 2009-10-10 16:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-10 16:22 . 2009-10-10 16:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-06 10:22 . 2009-10-06 10:22 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-10-01 01:02 . 2009-11-17 02:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 02:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 02:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 02:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 02:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 02:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 02:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 02:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 02:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 02:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 02:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 02:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 02:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 02:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-17 02:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 02:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 02:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 06:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe -autorun [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive]
2008-09-02 12:43 141312 ----a-w- c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application]
2008-09-23 11:18 201304 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-01 13:45 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,31,25,6c,94,3b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458629341-677713502-4177817849-1000]
"EnableNotificationsRef"=dword:0000000d
R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04/02/2009 10:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04/02/2009 10:22 19456]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2009 16:42 108289]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/06/2008 07:27 21504]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 08:23 150528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
FF - ProfilePath - c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro Tryout\\Settings\\DV - PAL\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-12-11 12:07:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-11 11:07
ComboFix2.txt 2009-12-10 19:20
Avant-CF: 9 848 209 408 octets libres
Après-CF: 9 698 766 848 octets libres
- - End Of File - - 3C3889EB094186B35963FBA6E3537237
Re,
Petite question: avant de faire la manip du CFScript, tu as désinstallé les logiciels sités comme expliqué?
Petite question: avant de faire la manip du CFScript, tu as désinstallé les logiciels sités comme expliqué?
On dirai que tu as rien désinstallé ^^
/!\ ATTENTION /!\ : Cette procédure a été crée spécialement pour CET UTILISATEUR, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.
▶ Copie le texte ci-dessous :
Folder::
c:\users\rose\AppData\Roaming\Uniblue
c:\program files\Alwil Software
c:\program files\Trend Micro
File::
c:\windows\system32\drivers\tmcomm.sys
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé /!\
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
===========
Télécharge List&Kill'em (par Gen-Hackman) et enregistre l'exécutable sur ton bureau.
! Désactive ton antivirus le temps de la manip ainsi que ton Pare-feu si présent !
! Déconnecte toi ferme toutes tes applications en cours !
▶ Dézippe List&kill'em.
▶ Double-clic sur l'icône présente sur le bureau pour le lancer (sous vista : clic droit > "exécuter en tant qu'administrateur").
▶ Choisis la langue souhaitée et valide par "entrée".
▶ Au second menu choisis l'option 1 : Mode Recherche
▶ Laisse travailler l'outil.
-> Un rapport du nom de catchme apparait sur ton bureau, ignore-le, mais ne le supprime pas pour l instant.
▶ Une fois le scan Terminé ,un rapport s'ouvre .
▶ Copie colle le contenu dans ta réponse.
/!\ ATTENTION /!\ : Cette procédure a été crée spécialement pour CET UTILISATEUR, toute copie sur sur un autre système peut entrainer des dysfonctionnements graves.
▶ Copie le texte ci-dessous :
Folder::
c:\users\rose\AppData\Roaming\Uniblue
c:\program files\Alwil Software
c:\program files\Trend Micro
File::
c:\windows\system32\drivers\tmcomm.sys
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé /!\
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
===========
Télécharge List&Kill'em (par Gen-Hackman) et enregistre l'exécutable sur ton bureau.
! Désactive ton antivirus le temps de la manip ainsi que ton Pare-feu si présent !
! Déconnecte toi ferme toutes tes applications en cours !
▶ Dézippe List&kill'em.
▶ Double-clic sur l'icône présente sur le bureau pour le lancer (sous vista : clic droit > "exécuter en tant qu'administrateur").
▶ Choisis la langue souhaitée et valide par "entrée".
▶ Au second menu choisis l'option 1 : Mode Recherche
▶ Laisse travailler l'outil.
-> Un rapport du nom de catchme apparait sur ton bureau, ignore-le, mais ne le supprime pas pour l instant.
▶ Une fois le scan Terminé ,un rapport s'ouvre .
▶ Copie colle le contenu dans ta réponse.
ComboFix 09-12-09.04 - rose 11/12/2009 13:32:06.5.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1416 [GMT 1:00]
Lancé depuis: c:\users\rose\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\rose\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\tmcomm.sys"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Alwil Software
c:\program files\Trend Micro
c:\program files\Trend Micro\rose.exe
c:\users\rose\AppData\Roaming\Uniblue
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\backup\091208.231953.zip
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\error.log
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\history\091208-231627_repair.xml
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\last_scan.dat
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\settings.dat
c:\windows\system32\drivers\tmcomm.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-11 au 2009-12-11 ))))))))))))))))))))))))))))))))))))
.
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\rose\AppData\Local\temp
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\marion\AppData\Local\temp
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-10 11:19 . 2009-12-10 11:19 -------- d-----w- C:\_OTL
2009-12-10 02:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 14:51 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 09:25 . 2009-12-09 09:25 -------- d-----w- c:\windows\Sun
2009-12-08 18:35 . 2009-12-09 14:38 81592 ----a-w- c:\users\rose\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-07 10:37 . 2009-12-07 10:37 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 00:31 . 2009-12-05 00:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-03 12:51 . 2009-12-07 10:16 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-02 15:00 . 2009-12-02 15:00 -------- d-----w- c:\users\rose\AppData\Roaming\Broad Intelligence
2009-12-02 14:40 . 2009-12-09 10:08 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-02 14:04 . 2009-12-02 14:04 -------- d-----w- c:\users\rose\AppData\Roaming\STOIK
2009-12-01 13:52 . 2009-12-01 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 14:02 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-11-29 14:02 . 2009-11-29 14:05 -------- d-----w- c:\program files\PDFCreator
2009-11-29 14:02 . 1998-07-13 01:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-11-29 14:02 . 1998-07-13 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-11-29 14:02 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\programdata\ma-config.com
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\program files\ma-config.com
2009-11-28 18:18 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-28 18:18 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-28 18:18 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-28 18:18 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-28 18:18 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-28 18:18 . 2009-11-28 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-25 02:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 19:31 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:31 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 19:25 . 2009-12-11 11:23 -------- d-----w- c:\users\rose\Tracing
2009-11-21 15:42 . 2009-11-23 17:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:42 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\programdata\Avira
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\program files\Avira
2009-11-20 16:35 . 2009-04-11 06:32 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-20 16:35 . 2009-04-11 06:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 12:17 . 2009-11-20 12:17 -------- d-sh--w- c:\users\rose\AppData\Roaming\%APPDATA%
2009-11-20 10:23 . 2009-10-29 14:39 679936 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-20 10:23 . 2009-10-29 14:39 614400 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-19 11:52 . 2009-11-19 11:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-17 02:20 . 2009-11-17 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\users\rose\AppData\Local\TechSmith
2009-11-11 16:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 16:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 23:59 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-10 23:59 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:18 . 2006-08-20 10:18 -------- d-----w- c:\users\rose\AppData\Roaming\dvdcss
2009-12-09 09:45 . 2008-11-28 09:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-08 08:09 . 2009-05-21 09:36 -------- d-----w- c:\program files\CCleaner
2009-12-07 10:39 . 2009-10-13 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 07:55 . 2007-04-18 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-03 15:14 . 2009-10-13 16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-13 16:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 16:16 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 13:44 . 2007-04-18 05:44 -------- d-----w- c:\program files\Java
2009-11-28 20:45 . 2006-08-17 20:32 -------- d-----w- c:\users\rose\AppData\Roaming\Media Player Classic
2009-11-21 06:40 . 2009-12-09 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 14:05 . 2008-11-28 06:18 -------- d-----w- c:\users\rose\AppData\Roaming\Audacity
2009-11-20 09:26 . 2009-10-13 17:19 183356 ----a-w- c:\users\rose\AppData\Roaming\HouseCall 6.6\Uninstaller.exe
2009-11-17 02:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 02:20 . 2009-11-17 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 02:19 . 2009-11-17 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 08:49 . 2009-11-06 08:49 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:49 . 2008-04-05 13:51 -------- d-----w- c:\program files\Windows Live
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 17:08 . 2009-10-19 17:08 -------- d-----w- c:\programdata\TechSmith
2009-10-17 14:10 . 2009-10-17 14:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 19:40 . 2009-10-16 19:40 -------- d-----w- c:\programdata\eMule
2009-10-16 19:32 . 2009-10-15 14:30 -------- d-----w- c:\program files\Canon
2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\users\rose\AppData\Roaming\Canon
2009-10-15 14:29 . 2009-10-15 14:29 -------- d-----w- c:\program files\Common Files\Canon
2009-10-15 11:45 . 2009-10-15 11:45 -------- d-----w- c:\users\rose\AppData\Roaming\Ulead Systems
2009-10-14 06:34 . 2009-10-14 06:34 -------- d-----w- c:\program files\eMule
2009-10-13 22:41 . 2009-10-13 22:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-13 22:24 . 2009-10-13 06:16 -------- d-----w- c:\users\rose\AppData\Roaming\GeoVid
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\users\rose\AppData\Roaming\Malwarebytes
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-13 15:50 . 2009-05-21 08:34 -------- d-----w- c:\program files\MSECACHE
2009-10-13 15:42 . 2009-01-04 17:55 -------- d-----w- c:\program files\Gadwin Systems
2009-10-13 06:15 . 2009-10-13 06:15 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-10 16:22 . 2009-10-10 16:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-10 16:22 . 2009-10-10 16:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-06 10:22 . 2009-10-06 10:22 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-10-01 01:02 . 2009-11-17 02:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 02:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 02:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 02:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 02:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 02:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 02:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 02:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 02:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 02:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 02:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 02:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 02:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 02:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-17 02:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 02:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 02:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 06:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe -autorun [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive]
2008-09-02 12:43 141312 ----a-w- c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application]
2008-09-23 11:18 201304 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-01 13:45 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,31,25,6c,94,3b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458629341-677713502-4177817849-1000]
"EnableNotificationsRef"=dword:0000000d
R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04/02/2009 10:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04/02/2009 10:22 19456]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2009 16:42 108289]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/05/2009 11:46 721904]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/06/2008 07:27 21504]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 08:23 150528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
FF - ProfilePath - c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 13:41
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro Tryout\\Settings\\DV - PAL\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-12-11 13:47:47
ComboFix-quarantined-files.txt 2009-12-11 12:47
ComboFix2.txt 2009-12-11 11:07
ComboFix3.txt 2009-12-10 19:20
Avant-CF: 9 635 840 000 octets libres
Après-CF: 9 494 056 960 octets libres
- - End Of File - - F4ED158357BE07FA032E9AB410ABB744
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1416 [GMT 1:00]
Lancé depuis: c:\users\rose\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\rose\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\tmcomm.sys"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Alwil Software
c:\program files\Trend Micro
c:\program files\Trend Micro\rose.exe
c:\users\rose\AppData\Roaming\Uniblue
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\backup\091208.231953.zip
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\error.log
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\history\091208-231627_repair.xml
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\last_scan.dat
c:\users\rose\AppData\Roaming\Uniblue\RegistryBooster\settings.dat
c:\windows\system32\drivers\tmcomm.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-11 au 2009-12-11 ))))))))))))))))))))))))))))))))))))
.
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\rose\AppData\Local\temp
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\marion\AppData\Local\temp
2009-12-11 12:41 . 2009-12-11 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-10 11:19 . 2009-12-10 11:19 -------- d-----w- C:\_OTL
2009-12-10 02:03 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 02:03 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 02:03 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 14:51 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 09:25 . 2009-12-09 09:25 -------- d-----w- c:\windows\Sun
2009-12-08 18:35 . 2009-12-09 14:38 81592 ----a-w- c:\users\rose\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-07 10:37 . 2009-12-07 10:37 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 00:31 . 2009-12-05 00:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-03 12:51 . 2009-12-07 10:16 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-02 15:00 . 2009-12-02 15:00 -------- d-----w- c:\users\rose\AppData\Roaming\Broad Intelligence
2009-12-02 14:40 . 2009-12-09 10:08 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-02 14:04 . 2009-12-02 14:04 -------- d-----w- c:\users\rose\AppData\Roaming\STOIK
2009-12-01 13:52 . 2009-12-01 13:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-29 14:02 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-11-29 14:02 . 2009-11-29 14:05 -------- d-----w- c:\program files\PDFCreator
2009-11-29 14:02 . 1998-07-13 01:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2009-11-29 14:02 . 1998-07-13 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-11-29 14:02 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\programdata\ma-config.com
2009-11-28 18:45 . 2009-12-08 22:22 -------- d-----w- c:\program files\ma-config.com
2009-11-28 18:18 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-28 18:18 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-28 18:18 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-28 18:18 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-11-28 18:18 . 2009-11-09 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-28 18:18 . 2009-11-28 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-25 02:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 19:31 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 19:31 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 19:25 . 2009-12-11 11:23 -------- d-----w- c:\users\rose\Tracing
2009-11-21 15:42 . 2009-11-23 17:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 15:42 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\programdata\Avira
2009-11-21 15:42 . 2009-11-21 15:42 -------- d-----w- c:\program files\Avira
2009-11-20 16:35 . 2009-04-11 06:32 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-20 16:35 . 2009-04-11 06:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 12:17 . 2009-11-20 12:17 -------- d-sh--w- c:\users\rose\AppData\Roaming\%APPDATA%
2009-11-20 10:23 . 2009-10-29 14:39 679936 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-20 10:23 . 2009-10-29 14:39 614400 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-19 11:52 . 2009-11-19 11:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-17 02:20 . 2009-11-17 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\users\rose\AppData\Local\TechSmith
2009-11-11 16:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 16:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 23:59 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-10 23:59 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-10 02:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 17:18 . 2006-08-20 10:18 -------- d-----w- c:\users\rose\AppData\Roaming\dvdcss
2009-12-09 09:45 . 2008-11-28 09:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-08 08:09 . 2009-05-21 09:36 -------- d-----w- c:\program files\CCleaner
2009-12-07 10:39 . 2009-10-13 16:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 07:55 . 2007-04-18 07:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-03 15:14 . 2009-10-13 16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-10-13 16:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 16:16 . 2007-04-18 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 13:44 . 2007-04-18 05:44 -------- d-----w- c:\program files\Java
2009-11-28 20:45 . 2006-08-17 20:32 -------- d-----w- c:\users\rose\AppData\Roaming\Media Player Classic
2009-11-21 06:40 . 2009-12-09 14:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 14:05 . 2008-11-28 06:18 -------- d-----w- c:\users\rose\AppData\Roaming\Audacity
2009-11-20 09:26 . 2009-10-13 17:19 183356 ----a-w- c:\users\rose\AppData\Roaming\HouseCall 6.6\Uninstaller.exe
2009-11-17 02:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 02:20 . 2009-11-17 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 02:19 . 2009-11-17 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 08:49 . 2009-11-06 08:49 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:49 . 2008-04-05 13:51 -------- d-----w- c:\program files\Windows Live
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 17:08 . 2009-10-19 17:08 -------- d-----w- c:\programdata\TechSmith
2009-10-17 14:10 . 2009-10-17 14:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 19:40 . 2009-10-16 19:40 -------- d-----w- c:\programdata\eMule
2009-10-16 19:32 . 2009-10-15 14:30 -------- d-----w- c:\program files\Canon
2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\users\rose\AppData\Roaming\Canon
2009-10-15 14:29 . 2009-10-15 14:29 -------- d-----w- c:\program files\Common Files\Canon
2009-10-15 11:45 . 2009-10-15 11:45 -------- d-----w- c:\users\rose\AppData\Roaming\Ulead Systems
2009-10-14 06:34 . 2009-10-14 06:34 -------- d-----w- c:\program files\eMule
2009-10-13 22:41 . 2009-10-13 22:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-13 22:24 . 2009-10-13 06:16 -------- d-----w- c:\users\rose\AppData\Roaming\GeoVid
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\users\rose\AppData\Roaming\Malwarebytes
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-13 15:50 . 2009-05-21 08:34 -------- d-----w- c:\program files\MSECACHE
2009-10-13 15:42 . 2009-01-04 17:55 -------- d-----w- c:\program files\Gadwin Systems
2009-10-13 06:15 . 2009-10-13 06:15 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-10 16:22 . 2009-10-10 16:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-10 16:22 . 2009-10-10 16:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-06 10:22 . 2009-10-06 10:22 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-10-01 01:02 . 2009-11-17 02:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 02:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 02:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 02:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 02:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 02:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 02:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 02:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 02:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 02:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 02:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 02:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 02:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 02:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-17 02:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 02:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 02:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 06:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe -autorun [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe -atboottime [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-10 14:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive]
2008-09-02 12:43 141312 ----a-w- c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive application]
2008-09-23 11:18 201304 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDrive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-09-03 10:39 4702208 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-01 13:45 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,31,25,6c,94,3b,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458629341-677713502-4177817849-1000]
"EnableNotificationsRef"=dword:0000000d
R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04/02/2009 10:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04/02/2009 10:22 19456]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/11/2009 16:42 108289]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10/05/2009 11:46 721904]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/06/2008 07:27 21504]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 08:23 150528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
FF - ProfilePath - c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 13:41
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro Tryout\\Settings\\DV - PAL\\Standard 48kHz.prpreset"
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2009-12-11 13:47:47
ComboFix-quarantined-files.txt 2009-12-11 12:47
ComboFix2.txt 2009-12-11 11:07
ComboFix3.txt 2009-12-10 19:20
Avant-CF: 9 635 840 000 octets libres
Après-CF: 9 494 056 960 octets libres
- - End Of File - - F4ED158357BE07FA032E9AB410ABB744
List'em by g3n-h@ckm@n 1.1.5.0
Thx to Chiquitine29.....& CCM team
User : rose (Administrateurs) # PC-DE-ROSE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 13:53:03 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 74,52 Go (8,89 Go free) [Vista] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 73,06 Go (23,65 Go free) [Data] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 544
C:\Windows\system32\csrss.exe 620
C:\Windows\system32\wininit.exe 676
C:\Windows\system32\csrss.exe 688
C:\Windows\system32\services.exe 724
C:\Windows\system32\lsass.exe 740
C:\Windows\system32\lsm.exe 748
C:\Windows\system32\winlogon.exe 812
C:\Windows\system32\svchost.exe 936
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 1000
C:\Windows\system32\svchost.exe 1044
C:\Windows\System32\svchost.exe 1080
C:\Windows\system32\Ati2evxx.exe 1172
C:\Windows\System32\svchost.exe 1192
C:\Windows\System32\svchost.exe 1232
C:\Windows\system32\svchost.exe 1252
C:\Windows\system32\svchost.exe 1388
C:\Windows\system32\SLsvc.exe 1404
C:\Windows\system32\svchost.exe 1440
C:\Windows\system32\Ati2evxx.exe 1516
C:\Windows\system32\svchost.exe 1624
C:\Windows\System32\spoolsv.exe 1932
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1956
C:\Windows\system32\taskeng.exe 1964
C:\Windows\system32\svchost.exe 1984
C:\Windows\system32\agrsmsvc.exe 1664
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1776
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 1820
C:\Windows\system32\svchost.exe 2092
C:\Windows\system32\svchost.exe 2128
C:\Windows\system32\TODDSrv.exe 2320
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 2364
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 2404
C:\Windows\System32\svchost.exe 2468
C:\Windows\system32\SearchIndexer.exe 2504
C:\Windows\system32\Dwm.exe 2680
C:\Windows\system32\taskeng.exe 2820
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3672
C:\Windows\system32\conime.exe 244
C:\Windows\explorer.exe 3440
C:\Windows\explorer.exe 728
C:\Windows\system32\wbem\unsecapp.exe 3900
C:\Windows\system32\wbem\wmiprvse.exe 3944
C:\Windows\system32\SearchProtocolHost.exe 3888
C:\Windows\system32\SearchFilterHost.exe 3512
C:\Windows\system32\rundll32.exe 2932
C:\Users\rose\Desktop\List_Kill'em.scr 1948
C:\Windows\system32\cmd.exe 2112
C:\Windows\system32\wbem\wmiprvse.exe 2844
C:\Users\rose\AppData\Local\temp\6586.tmp\pv.exe 556
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
UacDisableNotify REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x2
Wlansvc : 0x2
SharedAccess : 0x2
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2
=========
=======
Drive :
=======
Défragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: Vista
Taille du volume = 74.52 Go
Espace libre = 8.90 Go
Étendue d'espace libre la plus grande = 203 Mo
Pourcentage de fragmentation des fichiers = 6 %
Remarque : sur les volumes NTFS, les fragments de fichiers de plus de 64 Mo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas nécessaire de défragmenter ce volume.
==========
Programs
==========
Adobe
AIST
Apple Software Update
ATI
ATI Technologies
Audacity 1.3 Beta (Unicode)
Auto-IP Publisher
Avira
AviSynth 2.5
AVS4YOU
Bonjour
Camera Assistant Software for Toshiba
Canon
CCleaner
Common Files
DAEMON Tools Lite
desktop.ini
DVD Shrink
eMule
Fichiers communs
Free Offers from Freeze.com
Gadwin Systems
IDM
InstallShield Installation Information
Intel
Internet Explorer
InterVideo
Java
K-Lite Codec Pack
ltmoh
ma-config.com
Macromedia
Malwarebytes' Anti-Malware
Mediafour
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Games
Microsoft Office
Microsoft Silverlight
Movie Maker
Mozilla Firefox
MSBuild
MSECACHE
MSXML 4.0
My Company Name
PDFCreator
QuickTime
Realtek
Reference Assemblies
Spybot - Search & Destroy
Starcraft
Synaptics
TechSmith
TOSHIBA
Ulead Systems
Uninstall Information
VideoLAN
Winamp
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Components
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
WinRAR
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Windows\mbr.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\drivers
C:\Windows\System32\log.txt
¤¤¤¤¤¤¤¤¤¤ Keys :
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 13:57:40
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:60,e8,36,ff,0b,8c,11,73,63,a7,c4,a4,e7,52,4e,08,1a,eb,01,19,30,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:3d,2f,46,dc,7e,96,68,3e,81,c5,2c,e3,12,4c,65,f0,39,f9,0c,39,5a,..
"a0"=hex:20,01,00,00,ca,93,b4,1e,d5,6b,cd,59,96,8b,13,ef,ba,bd,ef,07,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ed,ba,7a,17,95,6f,4c,58,bb,70,10,3b,01,1a,4f,76,6a,69,40,98,b1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:ce,d9,bc,06,51,6e,cf,08,75,a0,f3,ed,92,9d,c5,4c,cc,f7,00,7c,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:b1,4d,5c,c6,cc,c8,1e,7a,72,0f,fb,d6,61,92,1c,df,71,12,ce,69,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:9d,ba,b2,a1,8b,c3,c0,a9,94,e9,32,c3,38,33,53,49,a9,fa,0b,ce,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:60,e8,36,ff,0b,8c,11,73,63,a7,c4,a4,e7,52,4e,08,1a,eb,01,19,30,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:3d,2f,46,dc,7e,96,68,3e,81,c5,2c,e3,12,4c,65,f0,39,f9,0c,39,5a,..
"a0"=hex:20,01,00,00,ca,93,b4,1e,d5,6b,cd,59,96,8b,13,ef,ba,bd,ef,07,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ed,ba,7a,17,95,6f,4c,58,bb,70,10,3b,01,1a,4f,76,6a,69,40,98,b1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:ce,d9,bc,06,51,6e,cf,08,75,a0,f3,ed,92,9d,c5,4c,cc,f7,00,7c,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:b1,4d,5c,c6,cc,c8,1e,7a,72,0f,fb,d6,61,92,1c,df,71,12,ce,69,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:9d,ba,b2,a1,8b,c3,c0,a9,94,e9,32,c3,38,33,53,49,a9,fa,0b,ce,db,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Thx to Chiquitine29.....& CCM team
User : rose (Administrateurs) # PC-DE-ROSE
Update on 11/12/2009 by g3n-h@ckm@n ::::: 12:00
Start at: 13:53:03 | 11/12/2009
Contact : g3n-h@ckm@n sur CCM
Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 74,52 Go (8,89 Go free) [Vista] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 73,06 Go (23,65 Go free) [Data] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Windows\System32\smss.exe 544
C:\Windows\system32\csrss.exe 620
C:\Windows\system32\wininit.exe 676
C:\Windows\system32\csrss.exe 688
C:\Windows\system32\services.exe 724
C:\Windows\system32\lsass.exe 740
C:\Windows\system32\lsm.exe 748
C:\Windows\system32\winlogon.exe 812
C:\Windows\system32\svchost.exe 936
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 1000
C:\Windows\system32\svchost.exe 1044
C:\Windows\System32\svchost.exe 1080
C:\Windows\system32\Ati2evxx.exe 1172
C:\Windows\System32\svchost.exe 1192
C:\Windows\System32\svchost.exe 1232
C:\Windows\system32\svchost.exe 1252
C:\Windows\system32\svchost.exe 1388
C:\Windows\system32\SLsvc.exe 1404
C:\Windows\system32\svchost.exe 1440
C:\Windows\system32\Ati2evxx.exe 1516
C:\Windows\system32\svchost.exe 1624
C:\Windows\System32\spoolsv.exe 1932
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1956
C:\Windows\system32\taskeng.exe 1964
C:\Windows\system32\svchost.exe 1984
C:\Windows\system32\agrsmsvc.exe 1664
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1776
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 1820
C:\Windows\system32\svchost.exe 2092
C:\Windows\system32\svchost.exe 2128
C:\Windows\system32\TODDSrv.exe 2320
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 2364
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 2404
C:\Windows\System32\svchost.exe 2468
C:\Windows\system32\SearchIndexer.exe 2504
C:\Windows\system32\Dwm.exe 2680
C:\Windows\system32\taskeng.exe 2820
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3672
C:\Windows\system32\conime.exe 244
C:\Windows\explorer.exe 3440
C:\Windows\explorer.exe 728
C:\Windows\system32\wbem\unsecapp.exe 3900
C:\Windows\system32\wbem\wmiprvse.exe 3944
C:\Windows\system32\SearchProtocolHost.exe 3888
C:\Windows\system32\SearchFilterHost.exe 3512
C:\Windows\system32\rundll32.exe 2932
C:\Users\rose\Desktop\List_Kill'em.scr 1948
C:\Windows\system32\cmd.exe 2112
C:\Windows\system32\wbem\wmiprvse.exe 2844
C:\Users\rose\AppData\Local\temp\6586.tmp\pv.exe 556
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
UacDisableNotify REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDrives REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x2
Wlansvc : 0x2
SharedAccess : 0x2
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2
=========
=======
Drive :
=======
Défragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.
Rapport d'analyse pour le volume C: Vista
Taille du volume = 74.52 Go
Espace libre = 8.90 Go
Étendue d'espace libre la plus grande = 203 Mo
Pourcentage de fragmentation des fichiers = 6 %
Remarque : sur les volumes NTFS, les fragments de fichiers de plus de 64 Mo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas nécessaire de défragmenter ce volume.
==========
Programs
==========
Adobe
AIST
Apple Software Update
ATI
ATI Technologies
Audacity 1.3 Beta (Unicode)
Auto-IP Publisher
Avira
AviSynth 2.5
AVS4YOU
Bonjour
Camera Assistant Software for Toshiba
Canon
CCleaner
Common Files
DAEMON Tools Lite
desktop.ini
DVD Shrink
eMule
Fichiers communs
Free Offers from Freeze.com
Gadwin Systems
IDM
InstallShield Installation Information
Intel
Internet Explorer
InterVideo
Java
K-Lite Codec Pack
ltmoh
ma-config.com
Macromedia
Malwarebytes' Anti-Malware
Mediafour
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Games
Microsoft Office
Microsoft Silverlight
Movie Maker
Mozilla Firefox
MSBuild
MSECACHE
MSXML 4.0
My Company Name
PDFCreator
QuickTime
Realtek
Reference Assemblies
Spybot - Search & Destroy
Starcraft
Synaptics
TechSmith
TOSHIBA
Ulead Systems
Uninstall Information
VideoLAN
Winamp
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Components
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
WinRAR
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Windows\mbr.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\drivers
C:\Windows\System32\log.txt
¤¤¤¤¤¤¤¤¤¤ Keys :
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 13:57:40
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:60,e8,36,ff,0b,8c,11,73,63,a7,c4,a4,e7,52,4e,08,1a,eb,01,19,30,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:3d,2f,46,dc,7e,96,68,3e,81,c5,2c,e3,12,4c,65,f0,39,f9,0c,39,5a,..
"a0"=hex:20,01,00,00,ca,93,b4,1e,d5,6b,cd,59,96,8b,13,ef,ba,bd,ef,07,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ed,ba,7a,17,95,6f,4c,58,bb,70,10,3b,01,1a,4f,76,6a,69,40,98,b1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:ce,d9,bc,06,51,6e,cf,08,75,a0,f3,ed,92,9d,c5,4c,cc,f7,00,7c,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:b1,4d,5c,c6,cc,c8,1e,7a,72,0f,fb,d6,61,92,1c,df,71,12,ce,69,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:9d,ba,b2,a1,8b,c3,c0,a9,94,e9,32,c3,38,33,53,49,a9,fa,0b,ce,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:60,e8,36,ff,0b,8c,11,73,63,a7,c4,a4,e7,52,4e,08,1a,eb,01,19,30,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:3d,2f,46,dc,7e,96,68,3e,81,c5,2c,e3,12,4c,65,f0,39,f9,0c,39,5a,..
"a0"=hex:20,01,00,00,ca,93,b4,1e,d5,6b,cd,59,96,8b,13,ef,ba,bd,ef,07,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ed,ba,7a,17,95,6f,4c,58,bb,70,10,3b,01,1a,4f,76,6a,69,40,98,b1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:ce,d9,bc,06,51,6e,cf,08,75,a0,f3,ed,92,9d,c5,4c,cc,f7,00,7c,a2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:b1,4d,5c,c6,cc,c8,1e,7a,72,0f,fb,d6,61,92,1c,df,71,12,ce,69,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:9d,ba,b2,a1,8b,c3,c0,a9,94,e9,32,c3,38,33,53,49,a9,fa,0b,ce,db,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤