rapport combofix:
ComboFix 09-07-14.08 - FABRICE WININGER 19/07/2009 12:46.1.2 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1500 [GMT 2:00]
Running from: c:\documents and settings\FABRICE WININGER\Bureau\fabwin.exe
AV: AVG Internet Security On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall enabled {8decf618-9569-4340-b34a-d78d28969b66}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\emMON.exe
c:\windows\Installer\166bc6.msp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
D:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-19 06:40 . 2009-07-19 06:40 -------- d-----w- c:\windows\BDOSCAN8
2009-07-18 16:45 . 2009-07-18 16:45 -------- d-----w- C:\ToolBar SD
2009-07-18 15:51 . 2009-07-18 15:51 -------- d-----w- c:\program files\trend micro
2009-07-18 15:51 . 2009-07-18 15:51 -------- d-----w- C:\rsit
2009-07-18 15:10 . 2009-07-18 15:10 -------- d-----w- c:\program files\RogueRemover FREE
2009-07-18 15:06 . 2009-07-18 15:06 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\Malwarebytes
2009-07-18 15:06 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 15:06 . 2009-07-18 15:06 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-07-18 15:06 . 2009-07-18 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 15:06 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 10:36 . 2009-07-18 10:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-18 10:36 . 2009-07-18 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-18 09:28 . 2009-07-18 09:28 16896 ----a-w- c:\windows\system32\mspgw.exe
2009-07-18 06:45 . 2009-07-18 06:45 -------- d-----w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data\Temp
2009-07-13 14:23 . 2009-07-13 14:23 -------- d-----w- c:\program files\FirefoxPortable
2009-07-11 19:43 . 2009-07-11 19:43 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\vlc
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\zteusbvoice.sys
2009-07-07 09:56 . 2008-09-15 12:26 110080 ----a-r- c:\windows\system32\drivers\ZTEusbnet.sys
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-07-07 09:56 . 2008-09-15 12:26 104960 ----a-r- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\Vodafone
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
2009-07-07 09:55 . 2008-09-15 12:26 7680 ----a-r- c:\windows\system32\drivers\massfilter.sys
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\program files\Vodafone
2009-07-07 09:55 . 2009-07-07 09:55 -------- d-----w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data{BAD7C248-517D-4CE1-B65A-829C01BEFDB1}
2009-06-22 17:42 . 2009-06-22 17:42 -------- d-----w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data\Zattoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 17:34 . 2006-08-24 11:45 95594 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-18 17:34 . 2006-08-24 11:45 537790 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-04 16:30 . 2009-02-27 15:26 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-18 17:38 . 2009-06-18 17:38 -------- d-----w- c:\program files\Makayama Interactive
2009-06-16 15:22 . 2009-02-27 15:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:40 . 2004-08-05 03:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 18:40 . 2009-03-09 18:36 625488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-09 16:23 . 2009-06-09 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-09 16:23 . 2009-06-09 16:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-04 17:38 . 2009-06-04 17:38 -------- d-----w- c:\program files\iPod
2009-06-04 17:38 . 2009-06-04 17:38 -------- d-----w- c:\program files\iTunes
2009-06-04 17:37 . 2009-06-04 17:37 -------- d-----w- c:\program files\QuickTime
2009-06-04 17:31 . 2009-06-04 17:31 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 19:10 . 2004-08-05 03:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 19:12 . 2009-06-02 19:12 -------- d-----w- c:\documents and settings\FABRICE WININGER\Application Data\U3
2009-06-02 11:38 . 2009-06-10 06:25 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 13:59 . 2009-05-21 13:59 1017344 ----a-w- c:\windows\system32\libeay32.dll
2009-05-21 13:59 . 2009-05-21 13:59 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-05-13 05:04 . 2006-01-09 18:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2004-11-18 08:42 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-09 16:29 . 2009-02-24 06:18 107192 ----a-w- c:\documents and settings\FABRICE WININGER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 15:33 . 2004-08-05 03:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-28 16:08 . 2009-04-28 16:08 116048 ----a-w- c:\documents and settings\All Users\Application Data\Skyline\TEDetect.dll
2009-04-27 15:52 . 2009-02-27 15:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-27 15:51 . 2009-02-27 15:27 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-27 15:51 . 2009-02-27 15:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-04-27 15:51 . 2009-02-27 15:25 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-04-27 15:51 . 2009-02-27 15:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-22 17:13 . 2009-06-18 20:34 98304 ----a-w- c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-22 17:13 . 2009-06-18 20:34 77824 ----a-w- c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-07-18 06:49 . 2009-02-24 15:44 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 14:08 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\wcescomm.exe” [2006-11-13 1289000]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“preload”=“c:\windows\RUNXMLPL.exe” [2005-05-19 32768]
“AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2005-06-11 53248]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 786521]
“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE” [2004-08-05 208952]
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe” [2006-08-08 634880]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-01-30 86016]
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe” [2009-06-09 1948440]
“ePower_DMC”=“c:\acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-07-18 438272]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-01-30 13594624]
“MobileConnect”=“c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe” [2008-09-22 2073088]
“Manage Program Gateway”=“c:\windows\system32\mspgw.exe” [2009-07-18 16896]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-05-26 413696]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” - c:\windows\KHALMNPR.Exe [2007-11-29 55824]
c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 789008]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 10:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-27 15:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
“Debugger”=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
“Debugger”=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^officejet 6100.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Streaming Server.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Streaming Server.lnk
backup=c:\windows\pss\Pinnacle Streaming Server.lnkCommon Startup
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Acer\Acer Arcade\PCMService.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\Program Files\AVG\AVG8\avgam.exe”=
“c:\Program Files\AVG\AVG8\avgupd.exe”=
“c:\Program Files\AVG\AVG8\avgnsx.exe”=
“c:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe”=
“c:\Program Files\Steam\steamapps\fabwin1973\race07 demo\SteamProxy.exe”=
“c:\Program Files\Steam\steamapps\fabwin1973\race07 demo\RaceConfig_Steam.exe”=
“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“c:\Program Files\Steam\steamapps\COMMON\smashingtoys_demo\SmashingToys.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27/02/2009 17:27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27/02/2009 17:26 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27/02/2009 17:27 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/02/2009 17:26 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [27/04/2009 17:51 1368952]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [05/08/2004 05:00 14336]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [22/09/2008 13:40 14336]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [27/02/2009 17:25 29208]
S2 gupdate1c9a6ebd8afaf4c;Service Google Update (gupdate1c9a6ebd8afaf4c);c:\program files\Google\Update\GoogleUpdate.exe [17/03/2009 11:33 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [27/02/2009 17:25 29208]
S3 AVHybrid;AVHybrid service;c:\windows\system32\drivers\AVHybrid.sys [04/04/2009 20:34 1024576]
S3 epindd;epindd;c:\windows\system32\drivers\EPINDD.SYS [24/02/2009 07:11 8448]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07/07/2009 11:55 7680]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [24/02/2009 19:23 13440]
S3 VAGUSB;VAGUSB.SYS USB Driver;c:\windows\system32\drivers\VAGUSB.sys [15/12/2005 15:27 34639]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [07/07/2009 11:56 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [07/07/2009 11:56 104960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contents of the ‘Scheduled Tasks’ folder
2009-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 05:48]
2009-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-06-14 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF236112486.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-26 23:46]
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 09:33]
2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 09:33]
2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{0575D345-112F-4C43-AB4D-04B92B393531}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
-
HKCU-Run-PMCRemote - (no file)
.
------- Supplementary Scan -------
.
uStart Page = mail.eu.sodexonet.com…
uDefault_Search_URL = www.google.com…
uSearchURL,(Default) = www.google.com…
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - www.bitdefender.fr…
FF - ProfilePath - c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - news.google.fr…
FF - component: c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\FABRICE WININGER\Application Data\Mozilla\Firefox\Profiles\fbiayap8.default\extensions{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.enforce_same_site_origin”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.cache_size”, 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.ogg.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.wave.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.autoplay.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.urlbar.autocomplete.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“capability.policy.mailnews.*.wholeText”, “noAccess”);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.storage.default_quota”, 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“content.sink.event_probe_rate”, 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.http.prompt-temp-redirect”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.dpi”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.devPixelsPerPx”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“gestures.enable_single_finger_input”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.max_chrome_script_run_time”, 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.tcp.sendbuffer”, 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“geo.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.remember_cert_checkbox_default_setting”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr”, “moz35”);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-cjkt”, “moz35”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.blocklist.level”, 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.restrict.typed”, “~”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.default.behavior”, 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.history”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.formdata”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.passwords”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.downloads”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cookies”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cache”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.sessions”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.offlineApps”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.siteSettings”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.history”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.formdata”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.passwords”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.downloads”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cookies”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cache”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.sessions”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.offlineApps”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.siteSettings”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.sanitize.migrateFx3Prefs”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.ssl_override_behavior”, 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“security.alternate_certificate_error_page”, “certerror”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.privatebrowsing.autostart”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.privatebrowsing.dont_prompt_on_enter”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“geo.wifi.uri”, “https://www.google.com/loc/json”);
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-07-19 12:54
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“cd042efbbd7f7af1647644e76e06692b”=hex:c8,28,51,af,b0,29,a3,98,ef,c3,0c,a1,fc,
a9,45,1e,c8,28,51,af,b0,29,a3,98,c3,59,af,6b,eb,14,7d,08,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“bca643cdc5c2726b20d2ecedcc62c59b”=hex:6a,9c,d6,61,af,45,84,18,0d,30,f5,a6,9e,
c5,fe,82,71,3b,04,66,8b,46,0d,96,f8,fd,a1,41,f8,b0,57,4c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“2c81e34222e8052573023a60d06dd016”=hex:25,da,ec,7e,55,20,c9,26,39,1e,a4,2a,94,
87,29,ac,25,da,ec,7e,55,20,c9,26,c3,57,fc,71,7b,ea,9a,31,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“2582ae41fb52324423be06337561aa48”=hex:86,8c,21,01,be,91,eb,e7,58,fd,f4,5d,bf,
96,2c,e7,3e,1e,9e,e0,57,5a,93,61,0a,69,20,ea,17,30,b2,70,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“caaeda5fd7a9ed7697d9686d4b818472”=hex:cd,44,cd,b9,a6,33,6c,cd,be,85,a5,5f,b7,
69,f2,cf,cd,44,cd,b9,a6,33,6c,cd,35,64,27,82,fd,66,b9,20,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“a4a1bcf2cc2b8bc3716b74b2b4522f5d”=hex:b0,18,ed,a7,3f,8d,37,a4,88,45,6d,6a,c0,
6d,43,99,b0,18,ed,a7,3f,8d,37,a4,bb,06,da,9a,4a,19,64,3a,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“4d370831d2c43cd13623e232fed27b7b”=hex:fb,a7,78,e6,12,2f,9a,ea,6e,6d,57,b6,08,
c5,29,6a,31,77,e1,ba,b1,f8,68,02,3b,e1,2a,cf,22,2e,94,4a,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“1d68fe701cdea33e477eb204b76f993d”=hex:01,3a,48,fc,e8,04,4a,f1,a4,52,54,2b,fc,
46,29,64,83,6c,56,8b,a0,85,96,ab,06,91,0d,90,ff,95,9e,98,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“1fac81b91d8e3c5aa4b0a51804d844a3”=hex:51,fa,6e,91,28,9e,14,cc,60,c5,89,0c,51,
b9,80,3a,51,fa,6e,91,28,9e,14,cc,7a,10,6d,f1,bf,2d,75,64,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“f5f62a6129303efb32fbe080bb27835b”=hex:3d,ce,ea,26,2d,45,aa,78,d2,a0,3b,4f,9b,
21,f5,6b,b1,cd,45,5a,a8,c4,f8,b9,fb,51,2a,2c,2d,d7,43,ab,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“fd4e2e1a3940b94dceb5a6a021f2e3c6”=hex:f8,31,0f,a9,5f,a0,ec,fb,38,13,84,7d,5c,
96,72,96,e3,0e,66,d5,eb,bc,2f,6b,3c,52,60,12,e4,e7,7e,93,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
“ThreadingModel”=“Apartment”
@=“c:\WINDOWS\system32\OLE32.DLL”
“8a8aec57dd6508a385616fbc86791ec2”=hex:05,73,21,dd,54,d8,4a,c5,be,93,e3,76,f6,
65,4c,9b,fa,ea,66,7f,d4,3b,6b,70,8f,b1,69,07,cb,03,70,bb,6c,43,2d,1e,aa,22,
.
--------------------- DLLs Loaded Under Running Processes ---------------------
-
-
-
-
-
-
-
‘winlogon.exe’(1520)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
-
-
-
-
-
-
-
‘explorer.exe’(3952)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\AVG\AVG8\AVGWDSVC.EXE
c:\program files\AVG\AVG8\AVGFWS8.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\GOOGLE\UPDATE\1.2.183.7\GOOGLECRASHHANDLER.EXE
c:\windows\SYSTEM32\SEARCHINDEXER.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
.
Completion time: 2009-07-19 12:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 10:59
Pre-Run: 3 370 582 016 octets libres
Post-Run: 3 243 573 248 octets libres
413 — E O F — 2009-07-15 17:08
j'ai toujours ces fenêtres intempestives!!! :@:@:@