C:\WINDOWS\system32\vbsdfe0.dll
Résolu
thony
-
chimay8 Messages postés 7947 Statut Contributeur sécurité -
chimay8 Messages postés 7947 Statut Contributeur sécurité -
Bonjour,
Je pense avoir été infecté, suite à l'utilisation d'une clé USB, par un virus, après 4-5 mn connecté sur internet, avast m'ouvre une fenêtre avec
C:\WINDOWS\system32\vbsdfe0.dll rookit.
j'ai eu en même temps un virus "kavos", plus d'ouverture des disques durs, plus d 'expolration des disques, probleme d'affichage des dossier cachés....cette partie est je pense résolu reste celui-ci, que je supprime à chaque detection mais qui revient à chaque ouverture d'une page internet.
un peu d'aide serait le bienvenue..
merci d'avance.
Je pense avoir été infecté, suite à l'utilisation d'une clé USB, par un virus, après 4-5 mn connecté sur internet, avast m'ouvre une fenêtre avec
C:\WINDOWS\system32\vbsdfe0.dll rookit.
j'ai eu en même temps un virus "kavos", plus d'ouverture des disques durs, plus d 'expolration des disques, probleme d'affichage des dossier cachés....cette partie est je pense résolu reste celui-ci, que je supprime à chaque detection mais qui revient à chaque ouverture d'une page internet.
un peu d'aide serait le bienvenue..
merci d'avance.
49 réponses
je ne trouve pas cet onglet
- Au moment de choisir la cible à analyser, clique sur le bouton Paramètres d'analyse
- Dans la nouvelle fenêtre, coche "étendu" au milieu puis clique sur OK.
- Au moment de choisir la cible à analyser, clique sur le bouton Paramètres d'analyse
- Dans la nouvelle fenêtre, coche "étendu" au milieu puis clique sur OK.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, December 23, 2008 4:54:04 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 23/12/2008
Enregistrements dans la base antivirus Kaspersky : 1504099
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Statistiques de l'analyse:
Total d'objets analysés: 135043
Nombre de virus trouvés: 2
Nombre d'objets infectés: 8 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:49:01
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
C:\Program Files\Save\ACM.dll Infecté : not-a-virus:WebToolbar.Win32.WhenU.g ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{A8C3ED07-7F85-4A2E-AED2-33DF3F4765B1}\RP1398\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\atapi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\mmf.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\GoogleToolbarInstaller2.log L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_198.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_724.dat L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{A8C3ED07-7F85-4A2E-AED2-33DF3F4765B1}\RP1398\change.log L'objet est verrouillé ignoré
F:\System Volume Information\_restore{A8C3ED07-7F85-4A2E-AED2-33DF3F4765B1}\RP1398\change.log L'objet est verrouillé ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab/server.exe Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe Rsrc-Package: infecté - 2 ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab/server.exe Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar RAR: infecté - 3 ignoré
Analyse terminée.
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, December 23, 2008 4:54:04 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 23/12/2008
Enregistrements dans la base antivirus Kaspersky : 1504099
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Statistiques de l'analyse:
Total d'objets analysés: 135043
Nombre de virus trouvés: 2
Nombre d'objets infectés: 8 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:49:01
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anthony\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
C:\Program Files\Save\ACM.dll Infecté : not-a-virus:WebToolbar.Win32.WhenU.g ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{A8C3ED07-7F85-4A2E-AED2-33DF3F4765B1}\RP1398\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\atapi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\mmf.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\GoogleToolbarInstaller2.log L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_198.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_724.dat L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{A8C3ED07-7F85-4A2E-AED2-33DF3F4765B1}\RP1398\change.log L'objet est verrouillé ignoré
F:\System Volume Information\_restore{A8C3ED07-7F85-4A2E-AED2-33DF3F4765B1}\RP1398\change.log L'objet est verrouillé ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab/server.exe Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe Rsrc-Package: infecté - 2 ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab/server.exe Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe Infecté : Backdoor.Win32.Optix.Pro.i ignoré
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar RAR: infecté - 3 ignoré
Analyse terminée.
et bien entendu,avast n'a rien vu!!!
Copie les lignes en gras qui se trouvent en dessous :
:Processes
explorer.exe
:Files
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab/server.exe
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe Rsrc-Package
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab/server.exe
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar
:Commands
[emptytemp]
[start explorer]
[Reboot]
et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
-Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )
/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître, dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi sur l'onglet "Processus". Clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
Tape "explorer.exe"(sans les guillemèts) et valide. Cela fera réapparaître le Bureau.
ensuite
Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton Bureau.
https://www.malwarebytes.com/
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )
A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône "Download_mbam-setup.exe" sur ton bureau pour démarrer le programme d'installation.
Pendant l'installation, suis les indications n'apporte aucune modification aux réglages par défaut et en fin d'installation, vérifie que les options "Update Malwarebytes' Anti-Malware" et "Launch Malwarebytes' Anti-Malware" soit cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
La fenêtre principale de MBAM s'affiche :
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur.
L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares sont détectés, leur liste s'affiche.
***EN CLIQUANT SUR SUPPRESSION(?)FAIT LE*** , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse
Copie les lignes en gras qui se trouvent en dessous :
:Processes
explorer.exe
:Files
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab/server.exe
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe Rsrc-Package
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab/server.exe
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe
F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar
:Commands
[emptytemp]
[start explorer]
[Reboot]
et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
-Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )
/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître, dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi sur l'onglet "Processus". Clique en haut à gauche sur "Fichiers" et choisis "Exécuter"
Tape "explorer.exe"(sans les guillemèts) et valide. Cela fera réapparaître le Bureau.
ensuite
Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton Bureau.
https://www.malwarebytes.com/
(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )
A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône "Download_mbam-setup.exe" sur ton bureau pour démarrer le programme d'installation.
Pendant l'installation, suis les indications n'apporte aucune modification aux réglages par défaut et en fin d'installation, vérifie que les options "Update Malwarebytes' Anti-Malware" et "Launch Malwarebytes' Anti-Malware" soit cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
La fenêtre principale de MBAM s'affiche :
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur.
L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares sont détectés, leur liste s'affiche.
***EN CLIQUANT SUR SUPPRESSION(?)FAIT LE*** , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse
Bonsoir,
J'ai le même soucis qu'anthony, virus vbsdfe0.dll, avast me le supprime mais dès que je reboot il réapparait. Que dois je faire. Je ne suis pas un génie de l'informatique, je voulais jsute savoir si il y avait une méthode TRES simple du genre isntaller un logiciel, le faire tourner en mode sans échec et hop c'est finit!
Bonne fête de noel quand même
et merci pour votre aide
J'ai le même soucis qu'anthony, virus vbsdfe0.dll, avast me le supprime mais dès que je reboot il réapparait. Que dois je faire. Je ne suis pas un génie de l'informatique, je voulais jsute savoir si il y avait une méthode TRES simple du genre isntaller un logiciel, le faire tourner en mode sans échec et hop c'est finit!
Bonne fête de noel quand même
et merci pour votre aide
Salut
Il serait préférable que tu crées ton propre « topik » message personnel. Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
Donc
Fais ce qui suit, SVP (poste ce titre:virus vbsdfe0.dll
Merci
http://img139.imageshack.us/img139/8973/notdistrimq9.jpg
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
À bientôt!
A++
Il serait préférable que tu crées ton propre « topik » message personnel. Cela rendra le poste (ici) plus compréhensible, et nous pourrons traiter ton soucis avec plus d’efficacité.
Donc
Fais ce qui suit, SVP (poste ce titre:virus vbsdfe0.dll
Merci
http://img139.imageshack.us/img139/8973/notdistrimq9.jpg
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
http://perso.orange.fr/rginformatique/section%20virus/demofairesontmessage.htm
À bientôt!
A++
Soucis avec la 1er partie
:Processes
explorer.exe
pour le reste :
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab/server.exe> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe Rsrc-Package> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab/server.exe> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\Google Toolbar\gtb22.tmp.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Google Toolbar\gtm23.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\GoogleToolbarInstaller2.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_198.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_724.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_192937
Files moved on Reboot...
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\Google Toolbar\gtb22.tmp.exe not found!
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Google Toolbar\gtm23.tmp not found!
C:\WINDOWS\temp\GoogleToolbarInstaller2.log moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_198.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_724.dat not found!
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\XUL.mfl moved successfully.
:Processes
explorer.exe
pour le reste :
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab/server.exe> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe/data0000.cab> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\RelicCOH.exe Rsrc-Package> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab/server.exe> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe/data0000.cab> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar/RelicCOH.exe> in the current context!
Error: Unable to interpret <F:\telechargeur\eDonkey\incoming\jeux\Company of Heroes NoCD Crack + Serial\Company of Heroes NoCD Crack + Serial.rar> in the current context!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\Google Toolbar\gtb22.tmp.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Google Toolbar\gtm23.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\GoogleToolbarInstaller2.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_198.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_724.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_192937
Files moved on Reboot...
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\Google Toolbar\gtb22.tmp.exe not found!
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Google Toolbar\gtm23.tmp not found!
C:\WINDOWS\temp\GoogleToolbarInstaller2.log moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_198.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_724.dat not found!
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\XUL.mfl moved successfully.
arf
c'est de ma faute
fais ceci stp
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes
Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
-----------------------------------------------------
installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)
Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:
https://support.microsoft.com/en-us/help/310994
descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.
enregistre le sur ton bureau.
fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Combofix va installer la console de récupération sur ton pc
a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
c'est de ma faute
fais ceci stp
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes
Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
-----------------------------------------------------
installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)
Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:
https://support.microsoft.com/en-us/help/310994
descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.
enregistre le sur ton bureau.
fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Combofix va installer la console de récupération sur ton pc
a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1537
Windows 5.1.2600 Service Pack 3
23/12/2008 20:37:34
mbam-log-2008-12-23 (20-37-34).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|)
Eléments examinés: 176571
Temps écoulé: 53 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Telehargeur\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
Version de la base de données: 1537
Windows 5.1.2600 Service Pack 3
23/12/2008 20:37:34
mbam-log-2008-12-23 (20-37-34).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|)
Eléments examinés: 176571
Temps écoulé: 53 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Telehargeur\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
ComboFix 08-12-23.01 - Anthony 2008-12-23 20:43:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.603 [GMT 1:00]
Lancé depuis: c:\documents and settings\Anthony\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\rnaph.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 19:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 12:52 . 2008-12-23 12:52 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-23 12:31 . 2008-12-23 12:31 <REP> d-------- C:\_OTMoveIt
2008-12-22 22:31 . 2008-12-22 22:32 <REP> d-------- C:\rsit
2008-12-22 22:21 . 2008-12-22 22:24 <REP> d-------- c:\program files\UsbFix
2008-12-22 15:03 . 2008-12-22 22:31 <REP> d-------- c:\program files\Trend Micro
2008-12-13 15:38 . 2008-12-13 15:38 <REP> d-------- c:\documents and settings\Anthony\Application Data\Leadertech
2008-12-01 14:51 . 2008-12-01 14:51 <REP> d-------- c:\documents and settings\Anthony\Application Data\Disney Interactive Studios
2008-12-01 14:27 . 2008-12-01 14:27 <REP> d-------- c:\program files\Disney Interactive Studios
2008-12-01 14:26 . 2008-12-01 14:26 <REP> d-------- c:\windows\Logs
2008-12-01 14:26 . 2008-12-01 14:50 1,001 --a------ c:\windows\disney.ini
2008-12-01 14:23 . 2008-12-01 14:23 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-12-01 14:20 . 2008-12-01 14:20 <REP> d-------- c:\documents and settings\Anthony\Application Data\DAEMON Tools
2008-11-30 09:37 . 2008-11-30 09:37 <REP> d-------- c:\documents and settings\Anthony\Application Data\fltk.org
2008-11-29 09:13 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 18:30 --------- d-----w c:\program files\Google
2008-12-22 20:59 --------- d-----w c:\program files\Java
2008-12-22 18:57 --------- d-----w c:\documents and settings\Anthony\Application Data\Azureus
2008-12-17 22:13 --------- d-----w c:\program files\Microsoft Money
2008-12-01 13:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 13:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-01 13:20 --------- d-----w c:\program files\DAEMON Tools
2008-11-21 16:38 --------- d-----w c:\program files\Vuze
2008-11-20 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-26 14:55 --------- d-----w c:\program files\ESTsoft
2008-10-26 14:55 --------- d-----w c:\documents and settings\Anthony\Application Data\ESTsoft
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2000-12-20 08:12 99,008 ------w c:\program files\Win2000PPAHotfix.exe
2007-09-05 17:19 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-12-20 19:20 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-20 19:20 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-20 19:20 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Active Disk"="c:\program files\Iomega\AutoDisk\AD2KClient.exe" [2001-09-13 45056]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-17 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 61440]
"WinampAgent"="c:\program files\Musique\Winamp\winampa.exe" [2004-12-20 33792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-05 1838592]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 181488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-15 108544]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Anthony^Menu Démarrer^Programmes^Démarrage^ForeverPES v1.0.lnk]
path=c:\documents and settings\Anthony\Menu Démarrer\Programmes\Démarrage\ForeverPES v1.0.lnk
backup=c:\windows\pss\ForeverPES v1.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Telehargeur\\eDonkey2000\\edonkey2000.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
"d:\\Jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Jeux\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Telehargeur\\eChanblard\\emule.exe"=
"c:\\Program Files\\Telehargeur\\eDonkey2000-0.53\\edonkey2000.exe"=
"d:\\Jeux\\battlefield 1942\\BF1942.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\zuma\\Zuma Deluxe\\Zuma.exe"=
"d:\\Jeux\\flat out 2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"f:\\jeux\\Medieval II Total War\\medieval2.exe"=
"f:\\jeux\\ghost recon\\GRAW.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"f:\\jeux\\toca3\\RD3.exe"=
"f:\\jeux\\coh\\RelicCOH.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Jeux\\PES2009\\pes2009.exe"=
"d:\\Program files\\Bohemia Interactive\\ArmA\\arma.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2005-01-19 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys [2005-09-20 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-01-31 2560]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys []
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2005-03-12 4448]
S3 lredbooo;lredbooo;\??\c:\docume~1\Anthony\LOCALS~1\Temp\lredbooo.sys []
S3 PciCon;PciCon;\??\G:\PciCon.sys []
S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys [2005-12-07 48928]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2005-03-12 3328]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MessagerStarter Wanadoo - c:\progra~1\MESSAG~1\StartMessager.exe
MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\Shell.exe
MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\\components\GoogleDesktopMozilla.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.warnOnCloseOther", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.commandDispatcher", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerForCommand", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.insertControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.appendController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerId", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerById", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerCount", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onFocus.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onBlur.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("startup.homepage_override_url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.details", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.download", 86400);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.restart", 1800);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("keyword.URL", "https://www.google.com/doodles");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.link.open_newwindow", 2);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_flip", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.history", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.formdata", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.passwords", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.downloads", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cache", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.siteprefs", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.sessions", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.denyRemovedCookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.display.screen_resolution", 96);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 20:45:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\_av_proI.tm~a02716
c:\windows\TEMP\_av_proI.tm~a02716\setup.lok 0 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\Iomega\System32\ActivityDisk.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-23 20:48:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-23 19:48:31
Avant-CF: 3 753 594 880 octets libres
Après-CF: 3,686,559,744 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
299 --- E O F --- 2008-12-18 23:19:58
Logfile of random's system information tool 1.05 (written by random/random)
Run by Anthony at 2008-12-23 20:51:03
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (12%) free of 30 GB
Total RAM: 1023 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:07, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Musique\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony\Bureau\RSIT.exe
C:\Program Files\trend micro\Anthony.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Musique\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thoni1971.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thoni1971.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://laredoute.pixawin.com/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.603 [GMT 1:00]
Lancé depuis: c:\documents and settings\Anthony\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\rnaph.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 19:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 12:52 . 2008-12-23 12:52 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-23 12:31 . 2008-12-23 12:31 <REP> d-------- C:\_OTMoveIt
2008-12-22 22:31 . 2008-12-22 22:32 <REP> d-------- C:\rsit
2008-12-22 22:21 . 2008-12-22 22:24 <REP> d-------- c:\program files\UsbFix
2008-12-22 15:03 . 2008-12-22 22:31 <REP> d-------- c:\program files\Trend Micro
2008-12-13 15:38 . 2008-12-13 15:38 <REP> d-------- c:\documents and settings\Anthony\Application Data\Leadertech
2008-12-01 14:51 . 2008-12-01 14:51 <REP> d-------- c:\documents and settings\Anthony\Application Data\Disney Interactive Studios
2008-12-01 14:27 . 2008-12-01 14:27 <REP> d-------- c:\program files\Disney Interactive Studios
2008-12-01 14:26 . 2008-12-01 14:26 <REP> d-------- c:\windows\Logs
2008-12-01 14:26 . 2008-12-01 14:50 1,001 --a------ c:\windows\disney.ini
2008-12-01 14:23 . 2008-12-01 14:23 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-12-01 14:20 . 2008-12-01 14:20 <REP> d-------- c:\documents and settings\Anthony\Application Data\DAEMON Tools
2008-11-30 09:37 . 2008-11-30 09:37 <REP> d-------- c:\documents and settings\Anthony\Application Data\fltk.org
2008-11-29 09:13 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 18:30 --------- d-----w c:\program files\Google
2008-12-22 20:59 --------- d-----w c:\program files\Java
2008-12-22 18:57 --------- d-----w c:\documents and settings\Anthony\Application Data\Azureus
2008-12-17 22:13 --------- d-----w c:\program files\Microsoft Money
2008-12-01 13:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 13:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-01 13:20 --------- d-----w c:\program files\DAEMON Tools
2008-11-21 16:38 --------- d-----w c:\program files\Vuze
2008-11-20 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-26 14:55 --------- d-----w c:\program files\ESTsoft
2008-10-26 14:55 --------- d-----w c:\documents and settings\Anthony\Application Data\ESTsoft
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2000-12-20 08:12 99,008 ------w c:\program files\Win2000PPAHotfix.exe
2007-09-05 17:19 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-12-20 19:20 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-20 19:20 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-20 19:20 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Active Disk"="c:\program files\Iomega\AutoDisk\AD2KClient.exe" [2001-09-13 45056]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-17 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 61440]
"WinampAgent"="c:\program files\Musique\Winamp\winampa.exe" [2004-12-20 33792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-05 1838592]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 181488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-15 108544]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Anthony^Menu Démarrer^Programmes^Démarrage^ForeverPES v1.0.lnk]
path=c:\documents and settings\Anthony\Menu Démarrer\Programmes\Démarrage\ForeverPES v1.0.lnk
backup=c:\windows\pss\ForeverPES v1.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Telehargeur\\eDonkey2000\\edonkey2000.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
"d:\\Jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Jeux\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Telehargeur\\eChanblard\\emule.exe"=
"c:\\Program Files\\Telehargeur\\eDonkey2000-0.53\\edonkey2000.exe"=
"d:\\Jeux\\battlefield 1942\\BF1942.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\zuma\\Zuma Deluxe\\Zuma.exe"=
"d:\\Jeux\\flat out 2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"f:\\jeux\\Medieval II Total War\\medieval2.exe"=
"f:\\jeux\\ghost recon\\GRAW.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"f:\\jeux\\toca3\\RD3.exe"=
"f:\\jeux\\coh\\RelicCOH.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Jeux\\PES2009\\pes2009.exe"=
"d:\\Program files\\Bohemia Interactive\\ArmA\\arma.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2005-01-19 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys [2005-09-20 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-01-31 2560]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys []
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2005-03-12 4448]
S3 lredbooo;lredbooo;\??\c:\docume~1\Anthony\LOCALS~1\Temp\lredbooo.sys []
S3 PciCon;PciCon;\??\G:\PciCon.sys []
S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys [2005-12-07 48928]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2005-03-12 3328]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MessagerStarter Wanadoo - c:\progra~1\MESSAG~1\StartMessager.exe
MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\Shell.exe
MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\\components\GoogleDesktopMozilla.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.warnOnCloseOther", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.commandDispatcher", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerForCommand", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.insertControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.appendController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerId", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerById", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerCount", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onFocus.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onBlur.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("startup.homepage_override_url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.details", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.download", 86400);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.restart", 1800);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("keyword.URL", "https://www.google.com/doodles");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.link.open_newwindow", 2);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_flip", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.history", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.formdata", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.passwords", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.downloads", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cache", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.siteprefs", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.sessions", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.denyRemovedCookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.display.screen_resolution", 96);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 20:45:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\_av_proI.tm~a02716
c:\windows\TEMP\_av_proI.tm~a02716\setup.lok 0 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\Iomega\System32\ActivityDisk.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-23 20:48:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-23 19:48:31
Avant-CF: 3 753 594 880 octets libres
Après-CF: 3,686,559,744 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
299 --- E O F --- 2008-12-18 23:19:58
Logfile of random's system information tool 1.05 (written by random/random)
Run by Anthony at 2008-12-23 20:51:03
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (12%) free of 30 GB
Total RAM: 1023 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:07, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Musique\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony\Bureau\RSIT.exe
C:\Program Files\trend micro\Anthony.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Musique\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thoni1971.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thoni1971.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://laredoute.pixawin.com/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Anthony at 2008-12-23 20:51:03
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (12%) free of 30 GB
Total RAM: 1023 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:07, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Musique\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony\Bureau\RSIT.exe
C:\Program Files\trend micro\Anthony.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Musique\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thoni1971.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thoni1971.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://laredoute.pixawin.com/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Run by Anthony at 2008-12-23 20:51:03
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (12%) free of 30 GB
Total RAM: 1023 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:07, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Musique\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anthony\Bureau\RSIT.exe
C:\Program Files\trend micro\Anthony.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Musique\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thoni1971.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thoni1971.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://laredoute.pixawin.com/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
ComboFix 08-12-23.01 - Anthony 2008-12-23 20:43:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.603 [GMT 1:00]
Lancé depuis: c:\documents and settings\Anthony\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\rnaph.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 19:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 12:52 . 2008-12-23 12:52 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-23 12:31 . 2008-12-23 12:31 <REP> d-------- C:\_OTMoveIt
2008-12-22 22:31 . 2008-12-22 22:32 <REP> d-------- C:\rsit
2008-12-22 22:21 . 2008-12-22 22:24 <REP> d-------- c:\program files\UsbFix
2008-12-22 15:03 . 2008-12-22 22:31 <REP> d-------- c:\program files\Trend Micro
2008-12-13 15:38 . 2008-12-13 15:38 <REP> d-------- c:\documents and settings\Anthony\Application Data\Leadertech
2008-12-01 14:51 . 2008-12-01 14:51 <REP> d-------- c:\documents and settings\Anthony\Application Data\Disney Interactive Studios
2008-12-01 14:27 . 2008-12-01 14:27 <REP> d-------- c:\program files\Disney Interactive Studios
2008-12-01 14:26 . 2008-12-01 14:26 <REP> d-------- c:\windows\Logs
2008-12-01 14:26 . 2008-12-01 14:50 1,001 --a------ c:\windows\disney.ini
2008-12-01 14:23 . 2008-12-01 14:23 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-12-01 14:20 . 2008-12-01 14:20 <REP> d-------- c:\documents and settings\Anthony\Application Data\DAEMON Tools
2008-11-30 09:37 . 2008-11-30 09:37 <REP> d-------- c:\documents and settings\Anthony\Application Data\fltk.org
2008-11-29 09:13 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 18:30 --------- d-----w c:\program files\Google
2008-12-22 20:59 --------- d-----w c:\program files\Java
2008-12-22 18:57 --------- d-----w c:\documents and settings\Anthony\Application Data\Azureus
2008-12-17 22:13 --------- d-----w c:\program files\Microsoft Money
2008-12-01 13:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 13:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-01 13:20 --------- d-----w c:\program files\DAEMON Tools
2008-11-21 16:38 --------- d-----w c:\program files\Vuze
2008-11-20 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-26 14:55 --------- d-----w c:\program files\ESTsoft
2008-10-26 14:55 --------- d-----w c:\documents and settings\Anthony\Application Data\ESTsoft
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2000-12-20 08:12 99,008 ------w c:\program files\Win2000PPAHotfix.exe
2007-09-05 17:19 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-12-20 19:20 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-20 19:20 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-20 19:20 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Active Disk"="c:\program files\Iomega\AutoDisk\AD2KClient.exe" [2001-09-13 45056]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-17 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 61440]
"WinampAgent"="c:\program files\Musique\Winamp\winampa.exe" [2004-12-20 33792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-05 1838592]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 181488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-15 108544]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Anthony^Menu Démarrer^Programmes^Démarrage^ForeverPES v1.0.lnk]
path=c:\documents and settings\Anthony\Menu Démarrer\Programmes\Démarrage\ForeverPES v1.0.lnk
backup=c:\windows\pss\ForeverPES v1.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Telehargeur\\eDonkey2000\\edonkey2000.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
"d:\\Jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Jeux\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Telehargeur\\eChanblard\\emule.exe"=
"c:\\Program Files\\Telehargeur\\eDonkey2000-0.53\\edonkey2000.exe"=
"d:\\Jeux\\battlefield 1942\\BF1942.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\zuma\\Zuma Deluxe\\Zuma.exe"=
"d:\\Jeux\\flat out 2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"f:\\jeux\\Medieval II Total War\\medieval2.exe"=
"f:\\jeux\\ghost recon\\GRAW.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"f:\\jeux\\toca3\\RD3.exe"=
"f:\\jeux\\coh\\RelicCOH.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Jeux\\PES2009\\pes2009.exe"=
"d:\\Program files\\Bohemia Interactive\\ArmA\\arma.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2005-01-19 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys [2005-09-20 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-01-31 2560]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys []
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2005-03-12 4448]
S3 lredbooo;lredbooo;\??\c:\docume~1\Anthony\LOCALS~1\Temp\lredbooo.sys []
S3 PciCon;PciCon;\??\G:\PciCon.sys []
S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys [2005-12-07 48928]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2005-03-12 3328]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MessagerStarter Wanadoo - c:\progra~1\MESSAG~1\StartMessager.exe
MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\Shell.exe
MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\\components\GoogleDesktopMozilla.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.warnOnCloseOther", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.commandDispatcher", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerForCommand", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.insertControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.appendController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerId", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerById", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerCount", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onFocus.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onBlur.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("startup.homepage_override_url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.details", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.download", 86400);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.restart", 1800);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("keyword.URL", "https://www.google.com/doodles");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.link.open_newwindow", 2);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_flip", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.history", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.formdata", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.passwords", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.downloads", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cache", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.siteprefs", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.sessions", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.denyRemovedCookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.display.screen_resolution", 96);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 20:45:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\_av_proI.tm~a02716
c:\windows\TEMP\_av_proI.tm~a02716\setup.lok 0 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\Iomega\System32\ActivityDisk.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-23 20:48:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-23 19:48:31
Avant-CF: 3 753 594 880 octets libres
Après-CF: 3,686,559,744 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
299 --- E O F --- 2008-12-18 23:19:58
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.603 [GMT 1:00]
Lancé depuis: c:\documents and settings\Anthony\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\rnaph.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-23 19:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 19:42 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 19:42 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 12:52 . 2008-12-23 12:52 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-23 12:31 . 2008-12-23 12:31 <REP> d-------- C:\_OTMoveIt
2008-12-22 22:31 . 2008-12-22 22:32 <REP> d-------- C:\rsit
2008-12-22 22:21 . 2008-12-22 22:24 <REP> d-------- c:\program files\UsbFix
2008-12-22 15:03 . 2008-12-22 22:31 <REP> d-------- c:\program files\Trend Micro
2008-12-13 15:38 . 2008-12-13 15:38 <REP> d-------- c:\documents and settings\Anthony\Application Data\Leadertech
2008-12-01 14:51 . 2008-12-01 14:51 <REP> d-------- c:\documents and settings\Anthony\Application Data\Disney Interactive Studios
2008-12-01 14:27 . 2008-12-01 14:27 <REP> d-------- c:\program files\Disney Interactive Studios
2008-12-01 14:26 . 2008-12-01 14:26 <REP> d-------- c:\windows\Logs
2008-12-01 14:26 . 2008-12-01 14:50 1,001 --a------ c:\windows\disney.ini
2008-12-01 14:23 . 2008-12-01 14:23 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-12-01 14:20 . 2008-12-01 14:20 <REP> d-------- c:\documents and settings\Anthony\Application Data\DAEMON Tools
2008-11-30 09:37 . 2008-11-30 09:37 <REP> d-------- c:\documents and settings\Anthony\Application Data\fltk.org
2008-11-29 09:13 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 18:30 --------- d-----w c:\program files\Google
2008-12-22 20:59 --------- d-----w c:\program files\Java
2008-12-22 18:57 --------- d-----w c:\documents and settings\Anthony\Application Data\Azureus
2008-12-17 22:13 --------- d-----w c:\program files\Microsoft Money
2008-12-01 13:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 13:20 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-01 13:20 --------- d-----w c:\program files\DAEMON Tools
2008-11-21 16:38 --------- d-----w c:\program files\Vuze
2008-11-20 15:54 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-26 14:55 --------- d-----w c:\program files\ESTsoft
2008-10-26 14:55 --------- d-----w c:\documents and settings\Anthony\Application Data\ESTsoft
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2000-12-20 08:12 99,008 ------w c:\program files\Win2000PPAHotfix.exe
2007-09-05 17:19 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-12-20 19:20 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-20 19:20 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-20 19:20 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Active Disk"="c:\program files\Iomega\AutoDisk\AD2KClient.exe" [2001-09-13 45056]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-17 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 61440]
"WinampAgent"="c:\program files\Musique\Winamp\winampa.exe" [2004-12-20 33792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-12-06 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-05 1838592]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-06-28 181488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-15 108544]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Anthony^Menu Démarrer^Programmes^Démarrage^ForeverPES v1.0.lnk]
path=c:\documents and settings\Anthony\Menu Démarrer\Programmes\Démarrage\ForeverPES v1.0.lnk
backup=c:\windows\pss\ForeverPES v1.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Telehargeur\\eDonkey2000\\edonkey2000.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\JVTorrent\\btdownloadgui.exe"=
"d:\\Jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"d:\\Jeux\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Telehargeur\\eChanblard\\emule.exe"=
"c:\\Program Files\\Telehargeur\\eDonkey2000-0.53\\edonkey2000.exe"=
"d:\\Jeux\\battlefield 1942\\BF1942.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\zuma\\Zuma Deluxe\\Zuma.exe"=
"d:\\Jeux\\flat out 2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"f:\\jeux\\Medieval II Total War\\medieval2.exe"=
"f:\\jeux\\ghost recon\\GRAW.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"d:\\Jeux\\graw2\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Metin2_France\\metin2.bin"=
"c:\\Program Files\\Metin2\\metin2.bin"=
"f:\\jeux\\toca3\\RD3.exe"=
"f:\\jeux\\coh\\RelicCOH.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Jeux\\PES2009\\pes2009.exe"=
"d:\\Program files\\Bohemia Interactive\\ArmA\\arma.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2005-01-19 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys [2005-09-20 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2008-01-31 2560]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys []
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2005-03-12 4448]
S3 lredbooo;lredbooo;\??\c:\docume~1\Anthony\LOCALS~1\Temp\lredbooo.sys []
S3 PciCon;PciCon;\??\G:\PciCon.sys []
S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys [2005-12-07 48928]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2005-03-12 3328]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS []
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MessagerStarter Wanadoo - c:\progra~1\MESSAG~1\StartMessager.exe
MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\Shell.exe
MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yixi3gv4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\\components\GoogleDesktopMozilla.dll
[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE /color
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.warnOnCloseOther", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document.get", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.commandDispatcher", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerForCommand", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.insertControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerAt", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.appendController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.removeController", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerId", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerById", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.XULControllers.getControllerCount", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onFocus.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ime.password.onBlur.dontCare", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\program files\Mozilla Firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("startup.homepage_override_url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url.details", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.download", 86400);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.nagTimer.restart", 1800);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("keyword.URL", "https://www.google.com/doodles");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.link.open_newwindow", 2);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("dom.disable_window_flip", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.history", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.formdata", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.passwords", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.downloads", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.cache", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.siteprefs", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("privacy.item.sessions", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("network.cookie.denyRemovedCookies", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.display.screen_resolution", 96);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 20:45:59
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\_av_proI.tm~a02716
c:\windows\TEMP\_av_proI.tm~a02716\setup.lok 0 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\Iomega\System32\ActivityDisk.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-23 20:48:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-23 19:48:31
Avant-CF: 3 753 594 880 octets libres
Après-CF: 3,686,559,744 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
299 --- E O F --- 2008-12-18 23:19:58
