Probleme de pub IE
Résolu/Fermé
A voir également:
- Probleme de pub IE
- Bloqueur de pub youtube - Guide
- Netflix standard avec pub - Guide
- Youtube sans pub - Guide
- YT Siphon : une extension pour contourner la pub sur YouTube - Guide
- Stop pub gratuit - Télécharger - Divers Utilitaires
143 réponses
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:01
29 nov. 2008 à 02:01
oui alors je fait quoi?
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:01
29 nov. 2008 à 02:01
non
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
29 nov. 2008 à 02:08
29 nov. 2008 à 02:08
cite moi les s il te plait....exe , dll , ensuite
vois si tu peux analyser tout le dossier ici :
https://www.virustotal.com/gui/
vois si tu peux analyser tout le dossier ici :
https://www.virustotal.com/gui/
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:11
29 nov. 2008 à 02:11
d abord il y a un sous dossier language avec
Arabic.bmp
Arabic.ini
English.bmp
English.ini
puis dans le dossier en lui meme il y a:
chiefzip.dll
icon.bmp
isxdl.dll
Partner.inf
rkverify.exe
unins000.dat
unins000.exe
vc.exe
vcs.chm
vcs.skn
wmfdist.exe
wmpcdcs8.exe
Arabic.bmp
Arabic.ini
English.bmp
English.ini
puis dans le dossier en lui meme il y a:
chiefzip.dll
icon.bmp
isxdl.dll
Partner.inf
rkverify.exe
unins000.dat
unins000.exe
vc.exe
vcs.chm
vcs.skn
wmfdist.exe
wmpcdcs8.exe
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:14
29 nov. 2008 à 02:14
un ciseaux
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:16
29 nov. 2008 à 02:16
nn je sais meme pas sa veux dire quoi ripper
Utilisateur anonyme
29 nov. 2008 à 02:24
29 nov. 2008 à 02:24
apres fais aussi analuser ceci :
c:\users\maud\AppData\Roaming\wklnhst.dat
c:\users\maud\AppData\Roaming\wklnhst.dat
Utilisateur anonyme
29 nov. 2008 à 02:24
29 nov. 2008 à 02:24
en faire suauter la securite et en faire la copie (illegal bien sur)=
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:26
29 nov. 2008 à 02:26
alors je doit faire quoi en gros?
Utilisateur anonyme
29 nov. 2008 à 02:49
29 nov. 2008 à 02:49
je peux avoir le rapport de Lop S&D option 2 s il te plait ??????
Utilisateur anonyme
29 nov. 2008 à 02:51
29 nov. 2008 à 02:51
c:\users\maud\AppData\Roaming\wklnhst.dat
c:\program files\SoftwareClub.ws
a analyser sur :
https://www.virustotal.com/gui/
c:\program files\SoftwareClub.ws
a analyser sur :
https://www.virustotal.com/gui/
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:51
29 nov. 2008 à 02:51
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
USER : maud ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:455 Go (Free:239 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - FAT32 - Total:74 Go (Free:23 Go)
N:\ (CD or DVD)
O:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 29/11/2008| 2:49 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[22/07/2008|21:24] C:\Users\maud\AppData\Local\Adobe
[19/07/2008|20:31] C:\Users\maud\AppData\Local\Ahead
[03/07/2008|11:14] C:\Users\maud\AppData\Local\Apple
[17/07/2008|22:00] C:\Users\maud\AppData\Local\Apple Computer
[11/02/2008|17:30] C:\Users\maud\AppData\Local\Application Data
[18/07/2008|00:56] C:\Users\maud\AppData\Local\assembly
[11/02/2008|17:34] C:\Users\maud\AppData\Local\ATI
[12/11/2008|19:04] C:\Users\maud\AppData\Local\Autodesk
[19/02/2008|11:18] C:\Users\maud\AppData\Local\d3d9caps.dat
[28/11/2008|18:57] C:\Users\maud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[28/09/2008|20:18] C:\Users\maud\AppData\Local\DNA
[04/07/2008|19:20] C:\Users\maud\AppData\Local\eMule
[05/08/2008|20:22] C:\Users\maud\AppData\Local\free-downloads.net
[12/11/2008|19:09] C:\Users\maud\AppData\Local\GDIPFONTCACHEV1.DAT
[04/08/2008|19:00] C:\Users\maud\AppData\Local\Google
[11/02/2008|17:34] C:\Users\maud\AppData\Local\Hewlett-Packard
[11/02/2008|17:30] C:\Users\maud\AppData\Local\Historique
[26/11/2008|23:22] C:\Users\maud\AppData\Local\Microsoft
[11/10/2008|17:30] C:\Users\maud\AppData\Local\Microsoft Games
[09/09/2008|18:56] C:\Users\maud\AppData\Local\Microsoft Help
[02/07/2008|20:42] C:\Users\maud\AppData\Local\Mozilla
[09/10/2008|19:19] C:\Users\maud\AppData\Local\Nero
[30/09/2008|18:38] C:\Users\maud\AppData\Local\NFS Underground 2
[13/10/2008|20:30] C:\Users\maud\AppData\Local\Readon_Technology
[29/11/2008|02:49] C:\Users\maud\AppData\Local\Temp
[11/02/2008|17:30] C:\Users\maud\AppData\Local\Temporary Internet Files
[11/08/2008|18:55] C:\Users\maud\AppData\Local\Thinstall
[02/07/2008|22:27] C:\Users\maud\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[28/11/2008 22:20][--ah-----] C:\Windows\tasks\SA.DAT
[28/11/2008 22:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[11/10/2008|19:15] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[22/07/2008|21:33] C:\ProgramData\Adobe
[03/07/2008|11:14] C:\ProgramData\Apple
[01/08/2008|20:58] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[26/11/2007|18:14] C:\ProgramData\ATI
[18/11/2008|19:31] C:\ProgramData\Autodesk
[25/11/2008|19:41] C:\ProgramData\Avira
[11/02/2008|17:24] C:\ProgramData\Bureau
[09/10/2008|20:53] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[09/10/2008|22:10] C:\ProgramData\Droppix
[23/10/2008|11:30] C:\ProgramData\EmailNotifier
[28/09/2008|20:23] C:\ProgramData\eMule
[04/08/2008|16:58] C:\ProgramData\EPSON
[11/02/2008|17:24] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[04/08/2008|19:00] C:\ProgramData\Google
[28/11/2008|16:50] C:\ProgramData\Google Updater
[05/08/2008|23:46] C:\ProgramData\Grisoft
[11/02/2008|17:34] C:\ProgramData\Hewlett-Packard
[26/11/2007|18:15] C:\ProgramData\HP
[26/11/2007|18:15] C:\ProgramData\hpzinstall.log
[05/08/2008|22:07] C:\ProgramData\Laconic Software
[18/07/2008|01:37] C:\ProgramData\Lavasoft
[09/10/2008|12:49] C:\ProgramData\LightScribe
[23/10/2008|11:30] C:\ProgramData\Megaupload
[11/02/2008|17:24] C:\ProgramData\Menu D‚marrer
[18/07/2008|00:51] C:\ProgramData\Messenger Plus!
[27/10/2008|16:56] C:\ProgramData\Microsoft
[09/09/2008|19:00] C:\ProgramData\Microsoft Help
[11/02/2008|17:24] C:\ProgramData\ModŠles
[26/11/2007|18:21] C:\ProgramData\muvee Technologies
[09/10/2008|20:24] C:\ProgramData\Nero
[28/11/2008|21:31] C:\ProgramData\ntuser.pol
[26/11/2007|18:26] C:\ProgramData\PC-Doctor
[04/08/2008|19:09] C:\ProgramData\Skype
[28/11/2008|18:58] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/07/2008|20:53] C:\ProgramData\Symantec
[02/11/2006|14:02] C:\ProgramData\Templates
[04/08/2008|17:03] C:\ProgramData\UDL
[08/10/2008|19:51] C:\ProgramData\vsosdk
[20/06/2008|14:27] C:\ProgramData\WildTangent
[03/08/2008|22:56] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[03/11/2008|22:09] C:\Program Files\Adobe
[29/11/2008|00:15] C:\Program Files\Ad-remover
[05/08/2008|10:23] C:\Program Files\Alcohol Soft
[11/08/2008|16:22] C:\Program Files\Apple Software Update
[03/11/2008|22:01] C:\Program Files\ArcSoft
[26/11/2007|18:10] C:\Program Files\ATI
[26/11/2007|18:11] C:\Program Files\ATI Technologies
[05/07/2008|06:26] C:\Program Files\Audacity
[12/11/2008|19:08] C:\Program Files\AutoCAD 2008
[12/11/2008|19:03] C:\Program Files\Autodesk
[12/11/2008|18:54] C:\Program Files\Autodesk Network License Manager
[25/11/2008|19:41] C:\Program Files\Avira
[09/10/2008|21:18] C:\Program Files\BitTorrent
[11/10/2008|19:14] C:\Program Files\Bonjour
[27/11/2008|00:01] C:\Program Files\Common Files
[05/08/2008|10:23] C:\Program Files\Conduit
[22/10/2008|22:12] C:\Program Files\Counter-Strike Source
[26/11/2007|18:21] C:\Program Files\CyberLink
[03/07/2008|19:08] C:\Program Files\DD PlayCam
[28/09/2008|20:18] C:\Program Files\DNA
[09/10/2008|22:10] C:\Program Files\Droppix
[27/11/2007|02:07] C:\Program Files\EasyBits
[06/08/2008|17:49] C:\Program Files\EasyBits For Kids
[30/09/2008|21:56] C:\Program Files\Electronic Arts
[04/07/2008|19:18] C:\Program Files\eMule
[22/07/2008|23:34] C:\Program Files\EoRezo
[04/08/2008|17:01] C:\Program Files\epson
[04/07/2008|16:13] C:\Program Files\Exact Audio Copy
[11/02/2008|17:24] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[05/08/2008|10:23] C:\Program Files\free-downloads.net
[28/11/2008|22:17] C:\Program Files\Google
[26/11/2007|18:28] C:\Program Files\Hewlett-Packard
[26/11/2007|18:23] C:\Program Files\HP
[26/11/2007|18:31] C:\Program Files\HP Games
[08/10/2008|19:01] C:\Program Files\HT MPEG Encoder 7.0 Trial
[26/11/2008|23:44] C:\Program Files\InstallShield Installation Information
[26/11/2007|18:10] C:\Program Files\Intel
[04/07/2008|19:50] C:\Program Files\Internet Explorer
[11/10/2008|19:15] C:\Program Files\iPod
[11/10/2008|19:15] C:\Program Files\iTunes
[27/11/2008|17:44] C:\Program Files\Java
[04/08/2008|22:47] C:\Program Files\Kick Shot Pool
[18/07/2008|01:35] C:\Program Files\Lavasoft
[06/10/2008|21:21] C:\Program Files\LimeWire
[28/11/2008|20:05] C:\Program Files\Lopxp
[09/10/2008|21:16] C:\Program Files\LuckyTender
[05/08/2008|20:04] C:\Program Files\MediaCoder
[23/10/2008|11:29] C:\Program Files\Megaupload
[23/10/2008|11:30] C:\Program Files\MegauploadToolbar
[04/09/2008|14:00] C:\Program Files\Messenger Plus! Live
[09/10/2008|18:35] C:\Program Files\Micro Application
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[12/11/2008|19:02] C:\Program Files\Microsoft Office
[21/10/2008|16:25] C:\Program Files\Microsoft Silverlight
[09/09/2008|18:59] C:\Program Files\Microsoft Visual Studio
[09/09/2008|18:58] C:\Program Files\Microsoft Works
[09/09/2008|18:58] C:\Program Files\Microsoft.NET
[04/07/2008|19:50] C:\Program Files\Movie Maker
[25/11/2008|17:14] C:\Program Files\Mozilla Firefox
[09/09/2008|18:59] C:\Program Files\MSBuild
[03/07/2008|19:09] C:\Program Files\MSXML 4.0
[26/11/2007|18:21] C:\Program Files\muvee Technologies
[09/10/2008|20:06] C:\Program Files\Nero
[14/10/2008|16:39] C:\Program Files\OpenOffice.org 2.4
[27/11/2008|00:01] C:\Program Files\OrangeHSS
[26/11/2007|18:39] C:\Program Files\PC-Doctor 5 for Windows
[10/09/2008|20:45] C:\Program Files\QuickTime
[26/11/2007|18:13] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[04/08/2008|22:47] C:\Program Files\ReflexiveArcade
[05/08/2008|22:42] C:\Program Files\RelevantKnowledge
[05/07/2008|06:10] C:\Program Files\Replay Music
[26/11/2008|23:44] C:\Program Files\SAGEM
[26/11/2007|18:32] C:\Program Files\Services en ligne
[04/08/2008|19:09] C:\Program Files\Skype
[03/08/2008|22:41] C:\Program Files\SoftwareClub.ws
[26/11/2008|23:47] C:\Program Files\Spybot - Search & Destroy
[22/07/2008|23:35] C:\Program Files\Steam
[28/11/2008|22:50] C:\Program Files\trend micro
[18/07/2008|00:55] C:\Program Files\Tronics
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[03/07/2008|19:18] C:\Program Files\VideoCAM Trek
[14/07/2008|20:58] C:\Program Files\VideoLAN
[04/07/2008|19:50] C:\Program Files\Windows Calendar
[04/07/2008|19:50] C:\Program Files\Windows Collaboration
[04/07/2008|19:50] C:\Program Files\Windows Defender
[04/07/2008|19:50] C:\Program Files\Windows Journal
[02/07/2008|21:53] C:\Program Files\Windows Live
[16/10/2008|18:44] C:\Program Files\Windows Mail
[04/11/2008|19:38] C:\Program Files\Windows Media Components
[04/07/2008|19:50] C:\Program Files\Windows Media Player
[11/02/2008|17:24] C:\Program Files\Windows NT
[04/07/2008|19:50] C:\Program Files\Windows Photo Gallery
[04/07/2008|19:50] C:\Program Files\Windows Sidebar
[02/07/2008|22:00] C:\Program Files\WinRAR
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[03/11/2008|22:09] C:\Program Files\Common Files\Adobe
[09/10/2008|20:33] C:\Program Files\Common Files\Ahead
[10/09/2008|20:45] C:\Program Files\Common Files\Apple
[12/11/2008|19:08] C:\Program Files\Common Files\Autodesk Shared
[09/10/2008|19:44] C:\Program Files\Common Files\Codejock Software
[12/11/2008|19:02] C:\Program Files\Common Files\DESIGNER
[09/10/2008|22:11] C:\Program Files\Common Files\Droppix
[26/11/2007|18:15] C:\Program Files\Common Files\HP
[04/08/2008|17:05] C:\Program Files\Common Files\InstallShield
[26/11/2007|18:23] C:\Program Files\Common Files\Java
[08/10/2008|20:36] C:\Program Files\Common Files\LightScribe
[26/11/2007|18:21] C:\Program Files\Common Files\LS Getting Started
[12/11/2008|19:02] C:\Program Files\Common Files\microsoft shared
[26/11/2007|18:21] C:\Program Files\Common Files\muvee Technologies
[09/10/2008|20:24] C:\Program Files\Common Files\Nero
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[04/08/2008|19:09] C:\Program Files\Common Files\Skype
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[02/07/2008|21:03] C:\Program Files\Common Files\Symantec Shared
[09/09/2008|18:57] C:\Program Files\Common Files\System
[10/10/2008|23:08] C:\Program Files\Common Files\Totem Shared
[03/07/2008|19:18] C:\Program Files\Common Files\VCAMTrek
[02/07/2008|21:49] C:\Program Files\Common Files\WindowsLiveInstaller
[26/11/2008|21:41] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 65 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 02:50:07
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\maud\AppData\Roaming\LimeWire\.AppSpecialShare\Kaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE.torrent
C:\Users\maud\AppData\Roaming\Microsoft\Office\Recent\crack nocd nfs need for speed carbon fr.LNK
C:\Users\maud\AppData\Roaming\Microsoft\Windows\Recent\Bluetooth Remote Control 2.0 RC6 Regged no serial(crack).lnk
C:\Users\maud\Music\Eminem\VA-Eminem_Presents_The_Re-Up-2006-RNS\VA-Eminem_Presents_The_Re-Up-2006-RNS\08-eminem_and_50_cent-jimmy_crack_corn.mp3
C:\Users\maud\Music\Rockin-Squat\Rockin__Squat_-_Too_Hot_For_TV-2007-BY_POPOF\Rockin' Squat - Too Hot For TV-2007-BY POPOF\05 Crack game.mp3
[F:64][D:375]-> C:\Users\maud\AppData\Local\Temp
[F:120][D:1]-> C:\Users\maud\AppData\Roaming\MICROS~1\Windows\Cookies
[F:7][D:4]-> C:\Users\maud\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:64][D:15]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 29/11/2008| 0:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 29/11/2008| 0:51 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 29/11/2008| 2:51 - Option : [2]
--------------------\\ Fin du rapport a 2:51:24
[ UAC => 1 ]
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
USER : maud ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:455 Go (Free:239 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - FAT32 - Total:74 Go (Free:23 Go)
N:\ (CD or DVD)
O:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 29/11/2008| 2:49 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[22/07/2008|21:24] C:\Users\maud\AppData\Local\Adobe
[19/07/2008|20:31] C:\Users\maud\AppData\Local\Ahead
[03/07/2008|11:14] C:\Users\maud\AppData\Local\Apple
[17/07/2008|22:00] C:\Users\maud\AppData\Local\Apple Computer
[11/02/2008|17:30] C:\Users\maud\AppData\Local\Application Data
[18/07/2008|00:56] C:\Users\maud\AppData\Local\assembly
[11/02/2008|17:34] C:\Users\maud\AppData\Local\ATI
[12/11/2008|19:04] C:\Users\maud\AppData\Local\Autodesk
[19/02/2008|11:18] C:\Users\maud\AppData\Local\d3d9caps.dat
[28/11/2008|18:57] C:\Users\maud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[28/09/2008|20:18] C:\Users\maud\AppData\Local\DNA
[04/07/2008|19:20] C:\Users\maud\AppData\Local\eMule
[05/08/2008|20:22] C:\Users\maud\AppData\Local\free-downloads.net
[12/11/2008|19:09] C:\Users\maud\AppData\Local\GDIPFONTCACHEV1.DAT
[04/08/2008|19:00] C:\Users\maud\AppData\Local\Google
[11/02/2008|17:34] C:\Users\maud\AppData\Local\Hewlett-Packard
[11/02/2008|17:30] C:\Users\maud\AppData\Local\Historique
[26/11/2008|23:22] C:\Users\maud\AppData\Local\Microsoft
[11/10/2008|17:30] C:\Users\maud\AppData\Local\Microsoft Games
[09/09/2008|18:56] C:\Users\maud\AppData\Local\Microsoft Help
[02/07/2008|20:42] C:\Users\maud\AppData\Local\Mozilla
[09/10/2008|19:19] C:\Users\maud\AppData\Local\Nero
[30/09/2008|18:38] C:\Users\maud\AppData\Local\NFS Underground 2
[13/10/2008|20:30] C:\Users\maud\AppData\Local\Readon_Technology
[29/11/2008|02:49] C:\Users\maud\AppData\Local\Temp
[11/02/2008|17:30] C:\Users\maud\AppData\Local\Temporary Internet Files
[11/08/2008|18:55] C:\Users\maud\AppData\Local\Thinstall
[02/07/2008|22:27] C:\Users\maud\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[28/11/2008 22:20][--ah-----] C:\Windows\tasks\SA.DAT
[28/11/2008 22:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[11/10/2008|19:15] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[22/07/2008|21:33] C:\ProgramData\Adobe
[03/07/2008|11:14] C:\ProgramData\Apple
[01/08/2008|20:58] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[26/11/2007|18:14] C:\ProgramData\ATI
[18/11/2008|19:31] C:\ProgramData\Autodesk
[25/11/2008|19:41] C:\ProgramData\Avira
[11/02/2008|17:24] C:\ProgramData\Bureau
[09/10/2008|20:53] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[09/10/2008|22:10] C:\ProgramData\Droppix
[23/10/2008|11:30] C:\ProgramData\EmailNotifier
[28/09/2008|20:23] C:\ProgramData\eMule
[04/08/2008|16:58] C:\ProgramData\EPSON
[11/02/2008|17:24] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[04/08/2008|19:00] C:\ProgramData\Google
[28/11/2008|16:50] C:\ProgramData\Google Updater
[05/08/2008|23:46] C:\ProgramData\Grisoft
[11/02/2008|17:34] C:\ProgramData\Hewlett-Packard
[26/11/2007|18:15] C:\ProgramData\HP
[26/11/2007|18:15] C:\ProgramData\hpzinstall.log
[05/08/2008|22:07] C:\ProgramData\Laconic Software
[18/07/2008|01:37] C:\ProgramData\Lavasoft
[09/10/2008|12:49] C:\ProgramData\LightScribe
[23/10/2008|11:30] C:\ProgramData\Megaupload
[11/02/2008|17:24] C:\ProgramData\Menu D‚marrer
[18/07/2008|00:51] C:\ProgramData\Messenger Plus!
[27/10/2008|16:56] C:\ProgramData\Microsoft
[09/09/2008|19:00] C:\ProgramData\Microsoft Help
[11/02/2008|17:24] C:\ProgramData\ModŠles
[26/11/2007|18:21] C:\ProgramData\muvee Technologies
[09/10/2008|20:24] C:\ProgramData\Nero
[28/11/2008|21:31] C:\ProgramData\ntuser.pol
[26/11/2007|18:26] C:\ProgramData\PC-Doctor
[04/08/2008|19:09] C:\ProgramData\Skype
[28/11/2008|18:58] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/07/2008|20:53] C:\ProgramData\Symantec
[02/11/2006|14:02] C:\ProgramData\Templates
[04/08/2008|17:03] C:\ProgramData\UDL
[08/10/2008|19:51] C:\ProgramData\vsosdk
[20/06/2008|14:27] C:\ProgramData\WildTangent
[03/08/2008|22:56] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[03/11/2008|22:09] C:\Program Files\Adobe
[29/11/2008|00:15] C:\Program Files\Ad-remover
[05/08/2008|10:23] C:\Program Files\Alcohol Soft
[11/08/2008|16:22] C:\Program Files\Apple Software Update
[03/11/2008|22:01] C:\Program Files\ArcSoft
[26/11/2007|18:10] C:\Program Files\ATI
[26/11/2007|18:11] C:\Program Files\ATI Technologies
[05/07/2008|06:26] C:\Program Files\Audacity
[12/11/2008|19:08] C:\Program Files\AutoCAD 2008
[12/11/2008|19:03] C:\Program Files\Autodesk
[12/11/2008|18:54] C:\Program Files\Autodesk Network License Manager
[25/11/2008|19:41] C:\Program Files\Avira
[09/10/2008|21:18] C:\Program Files\BitTorrent
[11/10/2008|19:14] C:\Program Files\Bonjour
[27/11/2008|00:01] C:\Program Files\Common Files
[05/08/2008|10:23] C:\Program Files\Conduit
[22/10/2008|22:12] C:\Program Files\Counter-Strike Source
[26/11/2007|18:21] C:\Program Files\CyberLink
[03/07/2008|19:08] C:\Program Files\DD PlayCam
[28/09/2008|20:18] C:\Program Files\DNA
[09/10/2008|22:10] C:\Program Files\Droppix
[27/11/2007|02:07] C:\Program Files\EasyBits
[06/08/2008|17:49] C:\Program Files\EasyBits For Kids
[30/09/2008|21:56] C:\Program Files\Electronic Arts
[04/07/2008|19:18] C:\Program Files\eMule
[22/07/2008|23:34] C:\Program Files\EoRezo
[04/08/2008|17:01] C:\Program Files\epson
[04/07/2008|16:13] C:\Program Files\Exact Audio Copy
[11/02/2008|17:24] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[05/08/2008|10:23] C:\Program Files\free-downloads.net
[28/11/2008|22:17] C:\Program Files\Google
[26/11/2007|18:28] C:\Program Files\Hewlett-Packard
[26/11/2007|18:23] C:\Program Files\HP
[26/11/2007|18:31] C:\Program Files\HP Games
[08/10/2008|19:01] C:\Program Files\HT MPEG Encoder 7.0 Trial
[26/11/2008|23:44] C:\Program Files\InstallShield Installation Information
[26/11/2007|18:10] C:\Program Files\Intel
[04/07/2008|19:50] C:\Program Files\Internet Explorer
[11/10/2008|19:15] C:\Program Files\iPod
[11/10/2008|19:15] C:\Program Files\iTunes
[27/11/2008|17:44] C:\Program Files\Java
[04/08/2008|22:47] C:\Program Files\Kick Shot Pool
[18/07/2008|01:35] C:\Program Files\Lavasoft
[06/10/2008|21:21] C:\Program Files\LimeWire
[28/11/2008|20:05] C:\Program Files\Lopxp
[09/10/2008|21:16] C:\Program Files\LuckyTender
[05/08/2008|20:04] C:\Program Files\MediaCoder
[23/10/2008|11:29] C:\Program Files\Megaupload
[23/10/2008|11:30] C:\Program Files\MegauploadToolbar
[04/09/2008|14:00] C:\Program Files\Messenger Plus! Live
[09/10/2008|18:35] C:\Program Files\Micro Application
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[12/11/2008|19:02] C:\Program Files\Microsoft Office
[21/10/2008|16:25] C:\Program Files\Microsoft Silverlight
[09/09/2008|18:59] C:\Program Files\Microsoft Visual Studio
[09/09/2008|18:58] C:\Program Files\Microsoft Works
[09/09/2008|18:58] C:\Program Files\Microsoft.NET
[04/07/2008|19:50] C:\Program Files\Movie Maker
[25/11/2008|17:14] C:\Program Files\Mozilla Firefox
[09/09/2008|18:59] C:\Program Files\MSBuild
[03/07/2008|19:09] C:\Program Files\MSXML 4.0
[26/11/2007|18:21] C:\Program Files\muvee Technologies
[09/10/2008|20:06] C:\Program Files\Nero
[14/10/2008|16:39] C:\Program Files\OpenOffice.org 2.4
[27/11/2008|00:01] C:\Program Files\OrangeHSS
[26/11/2007|18:39] C:\Program Files\PC-Doctor 5 for Windows
[10/09/2008|20:45] C:\Program Files\QuickTime
[26/11/2007|18:13] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[04/08/2008|22:47] C:\Program Files\ReflexiveArcade
[05/08/2008|22:42] C:\Program Files\RelevantKnowledge
[05/07/2008|06:10] C:\Program Files\Replay Music
[26/11/2008|23:44] C:\Program Files\SAGEM
[26/11/2007|18:32] C:\Program Files\Services en ligne
[04/08/2008|19:09] C:\Program Files\Skype
[03/08/2008|22:41] C:\Program Files\SoftwareClub.ws
[26/11/2008|23:47] C:\Program Files\Spybot - Search & Destroy
[22/07/2008|23:35] C:\Program Files\Steam
[28/11/2008|22:50] C:\Program Files\trend micro
[18/07/2008|00:55] C:\Program Files\Tronics
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[03/07/2008|19:18] C:\Program Files\VideoCAM Trek
[14/07/2008|20:58] C:\Program Files\VideoLAN
[04/07/2008|19:50] C:\Program Files\Windows Calendar
[04/07/2008|19:50] C:\Program Files\Windows Collaboration
[04/07/2008|19:50] C:\Program Files\Windows Defender
[04/07/2008|19:50] C:\Program Files\Windows Journal
[02/07/2008|21:53] C:\Program Files\Windows Live
[16/10/2008|18:44] C:\Program Files\Windows Mail
[04/11/2008|19:38] C:\Program Files\Windows Media Components
[04/07/2008|19:50] C:\Program Files\Windows Media Player
[11/02/2008|17:24] C:\Program Files\Windows NT
[04/07/2008|19:50] C:\Program Files\Windows Photo Gallery
[04/07/2008|19:50] C:\Program Files\Windows Sidebar
[02/07/2008|22:00] C:\Program Files\WinRAR
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[03/11/2008|22:09] C:\Program Files\Common Files\Adobe
[09/10/2008|20:33] C:\Program Files\Common Files\Ahead
[10/09/2008|20:45] C:\Program Files\Common Files\Apple
[12/11/2008|19:08] C:\Program Files\Common Files\Autodesk Shared
[09/10/2008|19:44] C:\Program Files\Common Files\Codejock Software
[12/11/2008|19:02] C:\Program Files\Common Files\DESIGNER
[09/10/2008|22:11] C:\Program Files\Common Files\Droppix
[26/11/2007|18:15] C:\Program Files\Common Files\HP
[04/08/2008|17:05] C:\Program Files\Common Files\InstallShield
[26/11/2007|18:23] C:\Program Files\Common Files\Java
[08/10/2008|20:36] C:\Program Files\Common Files\LightScribe
[26/11/2007|18:21] C:\Program Files\Common Files\LS Getting Started
[12/11/2008|19:02] C:\Program Files\Common Files\microsoft shared
[26/11/2007|18:21] C:\Program Files\Common Files\muvee Technologies
[09/10/2008|20:24] C:\Program Files\Common Files\Nero
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[04/08/2008|19:09] C:\Program Files\Common Files\Skype
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[02/07/2008|21:03] C:\Program Files\Common Files\Symantec Shared
[09/09/2008|18:57] C:\Program Files\Common Files\System
[10/10/2008|23:08] C:\Program Files\Common Files\Totem Shared
[03/07/2008|19:18] C:\Program Files\Common Files\VCAMTrek
[02/07/2008|21:49] C:\Program Files\Common Files\WindowsLiveInstaller
[26/11/2008|21:41] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 65 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 02:50:07
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\maud\AppData\Roaming\LimeWire\.AppSpecialShare\Kaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE.torrent
C:\Users\maud\AppData\Roaming\Microsoft\Office\Recent\crack nocd nfs need for speed carbon fr.LNK
C:\Users\maud\AppData\Roaming\Microsoft\Windows\Recent\Bluetooth Remote Control 2.0 RC6 Regged no serial(crack).lnk
C:\Users\maud\Music\Eminem\VA-Eminem_Presents_The_Re-Up-2006-RNS\VA-Eminem_Presents_The_Re-Up-2006-RNS\08-eminem_and_50_cent-jimmy_crack_corn.mp3
C:\Users\maud\Music\Rockin-Squat\Rockin__Squat_-_Too_Hot_For_TV-2007-BY_POPOF\Rockin' Squat - Too Hot For TV-2007-BY POPOF\05 Crack game.mp3
[F:64][D:375]-> C:\Users\maud\AppData\Local\Temp
[F:120][D:1]-> C:\Users\maud\AppData\Roaming\MICROS~1\Windows\Cookies
[F:7][D:4]-> C:\Users\maud\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:64][D:15]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 29/11/2008| 0:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 29/11/2008| 0:51 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 29/11/2008| 2:51 - Option : [2]
--------------------\\ Fin du rapport a 2:51:24
[ UAC => 1 ]
Utilisateur anonyme
29 nov. 2008 à 02:57
29 nov. 2008 à 02:57
et bien je crois qu il va falloir repasser Combofix en mode sans echec
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 02:58
29 nov. 2008 à 02:58
encore mais c est quoi que j ai dans le pc grrrrrr
Utilisateur anonyme
29 nov. 2008 à 03:23
29 nov. 2008 à 03:23
je t explique une chose ...tu as dit ne pas savoir ripper ??????
alors le logiciel SoftwareClub.ws est un logiciel de RIP +
une fois le cd rippe il suffit de lire ton RSIT pour voir avec quoi la copie est faite .....:
Droppix DVD Maker 1.5.0-->"C:\Program Files\Droppix\Droppix DVD Maker\unins000.exe"
Droppix Label Maker 2.9.2-->"C:\Program Files\Droppix\Droppix Label Maker\unins000.exe"
peu importe
essaie de le compresser en sans echec et supprime
alors le logiciel SoftwareClub.ws est un logiciel de RIP +
une fois le cd rippe il suffit de lire ton RSIT pour voir avec quoi la copie est faite .....:
Droppix DVD Maker 1.5.0-->"C:\Program Files\Droppix\Droppix DVD Maker\unins000.exe"
Droppix Label Maker 2.9.2-->"C:\Program Files\Droppix\Droppix Label Maker\unins000.exe"
peu importe
essaie de le compresser en sans echec et supprime
delire-69
Messages postés
54
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
26 mai 2010
29 nov. 2008 à 03:27
29 nov. 2008 à 03:27
ComboFix 08-11-28.02 - maud 2008-11-29 3:14:56.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.250.1036.18.2586 [GMT 1:00]
Running from: c:\users\maud\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 00:29 --------- d-----w c:\users\maud\AppData\Roaming\LimeWire
2008-11-28 23:15 --------- d-----w c:\program files\Ad-remover
2008-11-28 21:50 --------- d-----w c:\program files\trend micro
2008-11-28 21:17 691 ----a-w c:\users\maud\AppData\Roaming\GetValue.vbs
2008-11-28 21:17 35 ----a-w c:\users\maud\AppData\Roaming\SetValue.bat
2008-11-28 21:17 --------- d-----w c:\program files\Google
2008-11-28 19:05 --------- d-----w c:\program files\Lopxp
2008-11-28 17:58 --------- d-----w c:\progra~2\Spybot - Search & Destroy
2008-11-28 15:50 --------- d-----w c:\progra~2\Google Updater
2008-11-28 15:46 --------- d-----w c:\users\maud\AppData\Roaming\Twain
2008-11-27 16:44 410,976 ----a-w c:\windows\System32\deploytk.dll
2008-11-27 16:44 --------- d-----w c:\program files\Java
2008-11-27 14:15 --------- d-----w c:\users\maud\AppData\Roaming\OpenOffice.org2
2008-11-27 14:01 --------- d-----w c:\users\maud\AppData\Roaming\BitTorrent
2008-11-26 23:01 --------- d-----w c:\program files\OrangeHSS
2008-11-26 22:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 22:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 22:44 --------- d-----w c:\program files\SAGEM
2008-11-26 20:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-26 18:01 --------- d-----w c:\users\maud\AppData\Roaming\vghd
2008-11-25 18:41 --------- d-----w c:\program files\Avira
2008-11-25 18:41 --------- d-----w c:\progra~2\Avira
2008-11-25 16:26 109,249 ----a-w c:\program files\MSWINSCK.OCX
2008-11-25 16:12 152,904 ----a-w c:\windows\System32\vghd.scr
2008-11-20 15:57 4,942 ----a-w c:\users\maud\AppData\Roaming\wklnhst.dat
2008-11-20 11:31 297,327 ----a-w c:\windows\System32\SpywareRemover.exe
2008-11-18 18:31 --------- d-----w c:\users\maud\AppData\Roaming\Autodesk
2008-11-18 18:31 --------- d-----w c:\progra~2\Autodesk
2008-11-12 18:08 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-12 18:08 --------- d-----w c:\program files\AutoCAD 2008
2008-11-12 18:03 --------- d-----w c:\program files\Autodesk
2008-11-12 17:54 --------- d-----w c:\program files\Autodesk Network License Manager
2008-11-04 18:38 --------- d-----w c:\program files\Windows Media Components
2008-11-03 21:09 --------- d-----w c:\users\maud\AppData\Roaming\InterTrust
2008-11-03 21:09 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 21:01 --------- d-----w c:\program files\ArcSoft
2008-11-03 20:49 0 ---ha-w c:\windows\system32\drivers\Msft_User_UsbDr_01_00_00.Wdf
2008-10-27 16:11 --------- d-----w c:\users\maud\AppData\Roaming\DNA
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\MegauploadToolbar
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\Megaupload
2008-10-23 10:30 --------- d-----w c:\program files\MegauploadToolbar
2008-10-23 10:30 --------- d-----w c:\progra~2\Megaupload
2008-10-23 10:30 --------- d-----w c:\progra~2\EmailNotifier
2008-10-23 10:29 --------- d-----w c:\program files\Megaupload
2008-10-22 21:12 --------- d-----w c:\program files\Counter-Strike Source
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 15:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 17:44 --------- d-----w c:\program files\Windows Mail
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-14 15:39 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-11 18:15 --------- d-----w c:\program files\iTunes
2008-10-11 18:15 --------- d-----w c:\program files\iPod
2008-10-11 18:15 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 18:14 --------- d-----w c:\program files\Bonjour
2008-10-10 22:08 --------- d-----w c:\program files\Common Files\Totem Shared
2008-10-10 21:01 47,360 ----a-w c:\users\maud\AppData\Roaming\pcouffin.sys
2008-10-10 21:01 --------- d-----w c:\users\maud\AppData\Roaming\Vso
2008-10-09 21:11 --------- d-----w c:\program files\Common Files\Droppix
2008-10-09 21:10 --------- d-----w c:\program files\Droppix
2008-10-09 21:10 --------- d-----w c:\progra~2\Droppix
2008-10-09 20:18 --------- d-----w c:\program files\BitTorrent
2008-10-09 20:16 --------- d-----w c:\program files\LuckyTender
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\dvdcss
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\CyberLink
2008-10-09 19:53 --------- d-----w c:\progra~2\CyberLink
2008-10-09 19:33 --------- d-----w c:\program files\Common Files\Ahead
2008-10-09 19:24 --------- d-----w c:\program files\Common Files\Nero
2008-10-09 19:24 --------- d-----w c:\progra~2\Nero
2008-10-09 19:06 --------- d-----w c:\program files\Nero
2008-10-09 18:44 --------- d-----w c:\users\maud\AppData\Roaming\Droppix
2008-10-09 18:44 --------- d-----w c:\program files\Common Files\Codejock Software
2008-10-09 17:35 --------- d-----w c:\program files\Micro Application
2008-10-09 11:49 --------- d-----w c:\progra~2\LightScribe
2008-10-08 20:19 --------- d-----w c:\users\maud\AppData\Roaming\Nero
2008-10-08 19:36 --------- d---a-w c:\program files\Common Files\LightScribe
2008-10-08 18:51 --------- d-----w c:\progra~2\vsosdk
2008-10-08 18:18 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-08 18:01 --------- d-----w c:\program files\HT MPEG Encoder 7.0 Trial
2008-10-06 20:21 --------- d-----w c:\program files\LimeWire
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 20:56 --------- d-----w c:\program files\Electronic Arts
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 19:23 --------- d-----w c:\progra~2\eMule
2008-09-28 19:18 --------- d-----w c:\program files\DNA
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-09-05 05:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-07-02 20:15 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-26_23.24.56.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-26 22:21:40 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-26 22:21:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-26 21:34:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-28 18:41:28 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-26 21:34:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-28 18:41:28 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-26 21:34:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-28 18:41:28 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-28 20:46:22 28,224 ----a-w c:\windows\System32\drivers\PCAMp50.sys
+ 2006-11-28 20:46:20 27,072 ----a-w c:\windows\System32\drivers\PCASp50.sys
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\System32\java.exe
+ 2008-11-27 16:44:44 144,792 ----a-w c:\windows\System32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\System32\javaw.exe
+ 2008-11-27 16:44:44 144,792 ----a-w c:\windows\System32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\System32\javaws.exe
+ 2008-11-27 16:44:44 148,888 ----a-w c:\windows\System32\javaws.exe
- 2008-11-26 21:54:37 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-28 23:11:57 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-26 21:54:37 122,778 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-28 23:11:57 122,778 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-26 21:54:37 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-28 23:11:57 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-26 21:54:37 658,982 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-28 23:11:57 658,982 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-26 21:50:07 9,290 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3924789491-1858010640-2389584126-1000_UserData.bin
+ 2008-11-28 21:22:23 9,822 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3924789491-1858010640-2389584126-1000_UserData.bin
- 2008-11-26 21:50:06 70,884 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 21:22:22 71,524 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-26 21:50:03 45,414 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 21:22:20 46,412 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 --a------ c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-20 297327]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-06-18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
[HKLM\~\startupfolder\C:^Users^maud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\maud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-09-11 15:51 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-09-28 21:04 289088 c:\users\maud\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
--a------ 2007-03-01 07:01 180736 c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-04 19:00 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-03 18:02 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 19:10 21898024 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 08:21 648072 c:\windows\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2A13FD50-7C0E-45D0-BE41-9AA064C25C31}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1C960DB5-C071-4C67-94F3-73E5F8188271}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{843D7A5A-5F16-40A4-9689-9177FC672F9D}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{9F4AD292-52BB-42E0-B6AA-6F205D7F9951}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{C5EF3E05-313B-4B9C-860E-3B0D51E7E2D6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{178DA06D-4B2F-4931-8403-7B477E9A3694}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F319C5A2-F703-476B-83D5-C3B1DC9541A2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{AA4F021C-DFE3-4540-95E6-E3A5C66E9574}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{7266D896-699B-4D41-805A-7A90184AFF2C}c:\\users\\maud\\videos\\emule\\emule.exe"= UDP:c:\users\maud\videos\emule\emule.exe:emule.exe
"UDP Query User{C8308E38-6714-47D4-AD0C-6CC07C54DF34}c:\\users\\maud\\videos\\emule\\emule.exe"= TCP:c:\users\maud\videos\emule\emule.exe:emule.exe
"{72AFBBA3-FCD4-4C93-BD6E-963CB3541B32}"= UDP:34823:Emule
"{F79F2CF8-CA46-4105-B7A1-4592FE3DE24D}"= TCP:41812:Emule
"{43B9118F-CA78-4CBE-9411-414FE272A1E5}"= UDP:c:\windows\Temp\~os6152.tmp\ossproxy.exe:ossproxy.exe
"{A822532A-0AC0-4239-B1BD-3299FAB995C3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FCC6BC8A-1557-45A7-8DF8-0346F6A913A6}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{60ACB9B1-D2FA-4BCA-935C-C6296B03B6A3}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{1A95C0D2-309A-4478-A821-DF4AC7675F87}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5906BBB-D3EC-4E8D-B40B-9DB31D6EFD67}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{09B24350-E89B-4F84-812C-64E2BB1BB339}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{60D68592-CAFD-4665-9260-6CDA57AB10A6}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{878A604A-4232-4A48-8B16-45C223406FCA}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{6A5909B6-C4EB-4B1E-8957-3600A00A89F4}c:\\kav\\kav8.0\\french\\setup.exe"= UDP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{54FC41B9-9355-4D82-8608-AF6E00AB3FC7}c:\\kav\\kav8.0\\french\\setup.exe"= TCP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"{5BABE5D7-9426-4EC5-B5F8-F20869C7F7F2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{2DA1DCF7-D533-489C-96E0-25C5CA5D60BE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{408AEB7E-890C-479E-BBD5-9E3D5BA593CD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{F93A0F73-80AC-4E0B-8BFC-DD5EB86C2361}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{AA4F6B08-E405-424B-A2CC-2DB24D56E0DF}c:\\users\\maud\\program files\\dna\\btdna.exe"= UDP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"UDP Query User{F16F1BB3-0A83-417C-896D-9BF662220B01}c:\\users\\maud\\program files\\dna\\btdna.exe"= TCP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"TCP Query User{7114C21B-1AFE-40D2-9841-78EC86E83B6B}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"UDP Query User{259F00DC-528A-43CE-AE88-9989CEA94FB8}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"TCP Query User{322264AD-AF96-4933-8E6C-6561AD45EC7B}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"UDP Query User{0882CA1C-9CC1-4C42-99DB-E4C6F4C30DD8}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"{E637264D-B711-4B38-8E01-7284B6936BF6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE1F0106-1726-4206-A7C9-7D5C4F82C0F3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EC54280A-2FDB-4C52-9CC5-E51E8357C9FF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89F59DE9-0537-4298-A503-77E1E38A226D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{56E4123E-26BE-4953-A3EF-E6EC0C2E2680}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= UDP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
"UDP Query User{D548C160-D973-4B25-81B1-CCFDEE41234C}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= TCP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
S2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-06-18 33792]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-11-26 3151872]
S3 Droppix Service;Droppix Service;"c:\program files\Common Files\Droppix\DxService.exe" [2008-10-09 147456]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 29744]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-11-26 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2008-11-26 27072]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2008-11-03 10986]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06afdb03-49d6-11dd-a98d-806e6f6e6963}]
\shell\AutoRun\command - E:\installation_livebox.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e195451-3c3f-11dd-afe9-001e8c4dba9c}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542febc-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - N:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542fef1-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - O:\Autorun.exe
*Newly Created Service* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SystrayORAHSS - c:\program files\OrangeHSS\Systray\SystrayApp.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-au - c:\program files\Dealio\DealioAU.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\maud\AppData\Roaming\Mozilla\Firefox\Profiles\jrr3b55e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\users\maud\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 03:18:11
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-29 3:19:38
ComboFix-quarantined-files.txt 2008-11-29 02:19:36
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 260,932,034,560 octets libres
322 --- E O F --- 2008-11-28 15:46:34
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.250.1036.18.2586 [GMT 1:00]
Running from: c:\users\maud\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 00:29 --------- d-----w c:\users\maud\AppData\Roaming\LimeWire
2008-11-28 23:15 --------- d-----w c:\program files\Ad-remover
2008-11-28 21:50 --------- d-----w c:\program files\trend micro
2008-11-28 21:17 691 ----a-w c:\users\maud\AppData\Roaming\GetValue.vbs
2008-11-28 21:17 35 ----a-w c:\users\maud\AppData\Roaming\SetValue.bat
2008-11-28 21:17 --------- d-----w c:\program files\Google
2008-11-28 19:05 --------- d-----w c:\program files\Lopxp
2008-11-28 17:58 --------- d-----w c:\progra~2\Spybot - Search & Destroy
2008-11-28 15:50 --------- d-----w c:\progra~2\Google Updater
2008-11-28 15:46 --------- d-----w c:\users\maud\AppData\Roaming\Twain
2008-11-27 16:44 410,976 ----a-w c:\windows\System32\deploytk.dll
2008-11-27 16:44 --------- d-----w c:\program files\Java
2008-11-27 14:15 --------- d-----w c:\users\maud\AppData\Roaming\OpenOffice.org2
2008-11-27 14:01 --------- d-----w c:\users\maud\AppData\Roaming\BitTorrent
2008-11-26 23:01 --------- d-----w c:\program files\OrangeHSS
2008-11-26 22:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 22:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 22:44 --------- d-----w c:\program files\SAGEM
2008-11-26 20:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-26 18:01 --------- d-----w c:\users\maud\AppData\Roaming\vghd
2008-11-25 18:41 --------- d-----w c:\program files\Avira
2008-11-25 18:41 --------- d-----w c:\progra~2\Avira
2008-11-25 16:26 109,249 ----a-w c:\program files\MSWINSCK.OCX
2008-11-25 16:12 152,904 ----a-w c:\windows\System32\vghd.scr
2008-11-20 15:57 4,942 ----a-w c:\users\maud\AppData\Roaming\wklnhst.dat
2008-11-20 11:31 297,327 ----a-w c:\windows\System32\SpywareRemover.exe
2008-11-18 18:31 --------- d-----w c:\users\maud\AppData\Roaming\Autodesk
2008-11-18 18:31 --------- d-----w c:\progra~2\Autodesk
2008-11-12 18:08 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-11-12 18:08 --------- d-----w c:\program files\AutoCAD 2008
2008-11-12 18:03 --------- d-----w c:\program files\Autodesk
2008-11-12 17:54 --------- d-----w c:\program files\Autodesk Network License Manager
2008-11-04 18:38 --------- d-----w c:\program files\Windows Media Components
2008-11-03 21:09 --------- d-----w c:\users\maud\AppData\Roaming\InterTrust
2008-11-03 21:09 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 21:01 --------- d-----w c:\program files\ArcSoft
2008-11-03 20:49 0 ---ha-w c:\windows\system32\drivers\Msft_User_UsbDr_01_00_00.Wdf
2008-10-27 16:11 --------- d-----w c:\users\maud\AppData\Roaming\DNA
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\MegauploadToolbar
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\Megaupload
2008-10-23 10:30 --------- d-----w c:\program files\MegauploadToolbar
2008-10-23 10:30 --------- d-----w c:\progra~2\Megaupload
2008-10-23 10:30 --------- d-----w c:\progra~2\EmailNotifier
2008-10-23 10:29 --------- d-----w c:\program files\Megaupload
2008-10-22 21:12 --------- d-----w c:\program files\Counter-Strike Source
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 15:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 17:44 --------- d-----w c:\program files\Windows Mail
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-14 15:39 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-11 18:15 --------- d-----w c:\program files\iTunes
2008-10-11 18:15 --------- d-----w c:\program files\iPod
2008-10-11 18:15 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 18:14 --------- d-----w c:\program files\Bonjour
2008-10-10 22:08 --------- d-----w c:\program files\Common Files\Totem Shared
2008-10-10 21:01 47,360 ----a-w c:\users\maud\AppData\Roaming\pcouffin.sys
2008-10-10 21:01 --------- d-----w c:\users\maud\AppData\Roaming\Vso
2008-10-09 21:11 --------- d-----w c:\program files\Common Files\Droppix
2008-10-09 21:10 --------- d-----w c:\program files\Droppix
2008-10-09 21:10 --------- d-----w c:\progra~2\Droppix
2008-10-09 20:18 --------- d-----w c:\program files\BitTorrent
2008-10-09 20:16 --------- d-----w c:\program files\LuckyTender
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\dvdcss
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\CyberLink
2008-10-09 19:53 --------- d-----w c:\progra~2\CyberLink
2008-10-09 19:33 --------- d-----w c:\program files\Common Files\Ahead
2008-10-09 19:24 --------- d-----w c:\program files\Common Files\Nero
2008-10-09 19:24 --------- d-----w c:\progra~2\Nero
2008-10-09 19:06 --------- d-----w c:\program files\Nero
2008-10-09 18:44 --------- d-----w c:\users\maud\AppData\Roaming\Droppix
2008-10-09 18:44 --------- d-----w c:\program files\Common Files\Codejock Software
2008-10-09 17:35 --------- d-----w c:\program files\Micro Application
2008-10-09 11:49 --------- d-----w c:\progra~2\LightScribe
2008-10-08 20:19 --------- d-----w c:\users\maud\AppData\Roaming\Nero
2008-10-08 19:36 --------- d---a-w c:\program files\Common Files\LightScribe
2008-10-08 18:51 --------- d-----w c:\progra~2\vsosdk
2008-10-08 18:18 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-08 18:01 --------- d-----w c:\program files\HT MPEG Encoder 7.0 Trial
2008-10-06 20:21 --------- d-----w c:\program files\LimeWire
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 20:56 --------- d-----w c:\program files\Electronic Arts
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 19:23 --------- d-----w c:\progra~2\eMule
2008-09-28 19:18 --------- d-----w c:\program files\DNA
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-09-05 05:14 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2008-07-02 20:15 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-26_23.24.56.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-26 22:21:40 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-26 22:21:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-29 02:11:20 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-26 21:34:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-28 18:41:28 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-26 21:34:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-28 18:41:28 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-26 21:34:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-28 18:41:28 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-28 20:46:22 28,224 ----a-w c:\windows\System32\drivers\PCAMp50.sys
+ 2006-11-28 20:46:20 27,072 ----a-w c:\windows\System32\drivers\PCASp50.sys
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\System32\java.exe
+ 2008-11-27 16:44:44 144,792 ----a-w c:\windows\System32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\System32\javaw.exe
+ 2008-11-27 16:44:44 144,792 ----a-w c:\windows\System32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\System32\javaws.exe
+ 2008-11-27 16:44:44 148,888 ----a-w c:\windows\System32\javaws.exe
- 2008-11-26 21:54:37 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-28 23:11:57 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-26 21:54:37 122,778 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-11-28 23:11:57 122,778 ----a-w c:\windows\System32\perfc00C.dat
- 2008-11-26 21:54:37 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-28 23:11:57 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-26 21:54:37 658,982 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-11-28 23:11:57 658,982 ----a-w c:\windows\System32\perfh00C.dat
- 2008-11-26 21:50:07 9,290 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3924789491-1858010640-2389584126-1000_UserData.bin
+ 2008-11-28 21:22:23 9,822 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3924789491-1858010640-2389584126-1000_UserData.bin
- 2008-11-26 21:50:06 70,884 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 21:22:22 71,524 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-26 21:50:03 45,414 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-28 21:22:20 46,412 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 --a------ c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-20 297327]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-06-18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
[HKLM\~\startupfolder\C:^Users^maud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\maud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-09-11 15:51 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-09-28 21:04 289088 c:\users\maud\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
--a------ 2007-03-01 07:01 180736 c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-04 19:00 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-03 18:02 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 19:10 21898024 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 08:21 648072 c:\windows\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2A13FD50-7C0E-45D0-BE41-9AA064C25C31}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1C960DB5-C071-4C67-94F3-73E5F8188271}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{843D7A5A-5F16-40A4-9689-9177FC672F9D}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{9F4AD292-52BB-42E0-B6AA-6F205D7F9951}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{C5EF3E05-313B-4B9C-860E-3B0D51E7E2D6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{178DA06D-4B2F-4931-8403-7B477E9A3694}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F319C5A2-F703-476B-83D5-C3B1DC9541A2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{AA4F021C-DFE3-4540-95E6-E3A5C66E9574}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{7266D896-699B-4D41-805A-7A90184AFF2C}c:\\users\\maud\\videos\\emule\\emule.exe"= UDP:c:\users\maud\videos\emule\emule.exe:emule.exe
"UDP Query User{C8308E38-6714-47D4-AD0C-6CC07C54DF34}c:\\users\\maud\\videos\\emule\\emule.exe"= TCP:c:\users\maud\videos\emule\emule.exe:emule.exe
"{72AFBBA3-FCD4-4C93-BD6E-963CB3541B32}"= UDP:34823:Emule
"{F79F2CF8-CA46-4105-B7A1-4592FE3DE24D}"= TCP:41812:Emule
"{43B9118F-CA78-4CBE-9411-414FE272A1E5}"= UDP:c:\windows\Temp\~os6152.tmp\ossproxy.exe:ossproxy.exe
"{A822532A-0AC0-4239-B1BD-3299FAB995C3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FCC6BC8A-1557-45A7-8DF8-0346F6A913A6}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{60ACB9B1-D2FA-4BCA-935C-C6296B03B6A3}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{1A95C0D2-309A-4478-A821-DF4AC7675F87}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5906BBB-D3EC-4E8D-B40B-9DB31D6EFD67}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{09B24350-E89B-4F84-812C-64E2BB1BB339}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{60D68592-CAFD-4665-9260-6CDA57AB10A6}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{878A604A-4232-4A48-8B16-45C223406FCA}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{6A5909B6-C4EB-4B1E-8957-3600A00A89F4}c:\\kav\\kav8.0\\french\\setup.exe"= UDP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{54FC41B9-9355-4D82-8608-AF6E00AB3FC7}c:\\kav\\kav8.0\\french\\setup.exe"= TCP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"{5BABE5D7-9426-4EC5-B5F8-F20869C7F7F2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{2DA1DCF7-D533-489C-96E0-25C5CA5D60BE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{408AEB7E-890C-479E-BBD5-9E3D5BA593CD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{F93A0F73-80AC-4E0B-8BFC-DD5EB86C2361}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{AA4F6B08-E405-424B-A2CC-2DB24D56E0DF}c:\\users\\maud\\program files\\dna\\btdna.exe"= UDP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"UDP Query User{F16F1BB3-0A83-417C-896D-9BF662220B01}c:\\users\\maud\\program files\\dna\\btdna.exe"= TCP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"TCP Query User{7114C21B-1AFE-40D2-9841-78EC86E83B6B}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"UDP Query User{259F00DC-528A-43CE-AE88-9989CEA94FB8}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"TCP Query User{322264AD-AF96-4933-8E6C-6561AD45EC7B}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"UDP Query User{0882CA1C-9CC1-4C42-99DB-E4C6F4C30DD8}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"{E637264D-B711-4B38-8E01-7284B6936BF6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE1F0106-1726-4206-A7C9-7D5C4F82C0F3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EC54280A-2FDB-4C52-9CC5-E51E8357C9FF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89F59DE9-0537-4298-A503-77E1E38A226D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{56E4123E-26BE-4953-A3EF-E6EC0C2E2680}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= UDP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
"UDP Query User{D548C160-D973-4B25-81B1-CCFDEE41234C}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= TCP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
S2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-06-18 33792]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-11-26 3151872]
S3 Droppix Service;Droppix Service;"c:\program files\Common Files\Droppix\DxService.exe" [2008-10-09 147456]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 29744]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-11-26 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2008-11-26 27072]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2008-11-03 10986]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06afdb03-49d6-11dd-a98d-806e6f6e6963}]
\shell\AutoRun\command - E:\installation_livebox.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e195451-3c3f-11dd-afe9-001e8c4dba9c}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542febc-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - N:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542fef1-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - O:\Autorun.exe
*Newly Created Service* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SystrayORAHSS - c:\program files\OrangeHSS\Systray\SystrayApp.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-au - c:\program files\Dealio\DealioAU.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\maud\AppData\Roaming\Mozilla\Firefox\Profiles\jrr3b55e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\users\maud\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 03:18:11
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-29 3:19:38
ComboFix-quarantined-files.txt 2008-11-29 02:19:36
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 260,932,034,560 octets libres
322 --- E O F --- 2008-11-28 15:46:34
