J'ai mon pc d'infecté
Manu7
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Je vien de faire passe combofix voici le rapport ci quelqun voudrai bien me le déchiffrer
ComboFix 09-06-30.03 - Manu 02/07/2009 8:23.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1046 [GMT 2:00]
Lancé depuis: c:\users\Manu\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\users\Manu\AppData\Local\MICROS~1\Windows\TEMPOR~1\tmpFE32.tmp
c:\users\Manu\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpFE32.tmp
c:\windows\system32\KBL.LOG
D:\Desktop.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-02 au 2009-07-02 ))))))))))))))))))))))))))))))))))))
.
2009-07-01 15:42 . 2009-07-01 16:03 -------- dc----w- C:\ToolBar SD
2009-07-01 15:14 . 2009-07-01 16:12 -------- dc----w- c:\program files\trend micro
2009-07-01 15:14 . 2009-07-01 15:18 -------- dc----w- C:\rsit
2009-06-06 19:28 . 2009-06-06 19:34 -------- dc----w- c:\program files\UrbanTerror
2009-06-03 13:12 . 2009-06-03 13:12 -------- dc----w- c:\users\Manu\AppData\Roaming\WildTangent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 16:39 . 2009-05-01 13:03 -------- dc----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-07-01 15:59 . 2009-05-01 09:39 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 15:13 . 2008-03-07 10:12 677554 -c--a-w- c:\windows\system32\perfh00C.dat
2009-07-01 15:13 . 2008-03-07 10:12 126862 -c--a-w- c:\windows\system32\perfc00C.dat
2009-06-30 18:53 . 2009-05-02 09:11 -------- dc----w- c:\users\Manu\AppData\Roaming\FrostWire
2009-06-23 16:43 . 2008-03-07 01:36 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-06-17 09:27 . 2009-05-01 09:39 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-05-01 09:39 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 16:16 . 2008-03-07 02:07 -------- dc----w- c:\program files\Microsoft Works
2009-06-10 10:53 . 2009-05-01 14:29 -------- dc----w- c:\progra~2\Spybot - Search & Destroy
2009-06-03 13:16 . 2008-08-28 14:41 -------- dc----w- c:\progra~2\WildTangent
2009-05-26 15:12 . 2008-08-28 14:22 -------- dc----w- c:\program files\Apoint2K
2009-05-26 15:00 . 2009-05-26 15:00 -------- dc----w- c:\program files\Microsoft Silverlight
2009-05-26 14:27 . 2008-08-28 14:13 -------- dc----w- c:\program files\CONEXANT
2009-05-20 15:28 . 2009-05-20 15:28 680 -c--a-w- c:\users\Manu\AppData\Local\d3d9caps.dat
2009-05-20 15:06 . 2009-05-20 15:06 -------- dc----w- c:\program files\Common Files\LightScribe
2009-05-20 15:04 . 2009-05-02 15:27 -------- dc----w- c:\program files\Common Files\Ahead
2009-05-20 15:03 . 2009-05-20 15:03 -------- dc----w- c:\progra~2\Nero
2009-05-20 14:32 . 2008-03-07 02:34 -------- dc----w- c:\program files\CyberLink
2009-05-18 18:21 . 2009-05-18 18:21 -------- dc----w- c:\users\Manu\AppData\Roaming\muvee Technologies
2009-05-18 15:29 . 2008-11-26 19:50 -------- dc----w- c:\program files\Google
2009-05-17 03:28 . 2009-05-17 03:01 -------- dc----w- c:\program files\vLite
2009-05-16 18:54 . 2009-05-16 18:54 -------- dc----w- c:\progra~2\LightScribe
2009-05-13 16:59 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-11 16:09 915456 -c--a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 16:09 71680 -c--a-w- c:\windows\system32\iesetup.dll
2009-05-09 05:12 . 2009-05-09 05:11 -------- dc----w- c:\users\Manu\AppData\Roaming\Hide IP NG
2009-05-09 05:11 . 2009-05-09 05:11 676500 -c--a-w- c:\users\Manu\AppData\Roaming\Hide IP NG\hideipng-update.exe
2009-05-08 11:15 . 2009-05-08 11:15 -------- dc----w- c:\program files\AnalogX
2009-05-08 09:10 . 2009-05-08 09:10 -------- dc----w- c:\users\Manu\AppData\Roaming\vlc
2009-05-08 09:03 . 2009-05-08 09:03 -------- dc----w- c:\program files\VideoLAN
2009-05-08 08:44 . 2009-05-07 20:50 -------- dc----w- c:\program files\Bosco
2009-05-07 21:14 . 2009-05-07 21:14 2840 -c--a-w- c:\windows\system32\master.dat
2009-05-06 11:47 . 2009-05-02 15:37 -------- dc----w- c:\users\Manu\AppData\Roaming\Ahead
2009-05-02 11:39 . 2009-05-02 09:15 4506256 -c--a-w- c:\users\Manu\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2009-05-02 08:25 . 2009-05-01 16:41 113768 -c--a-w- c:\users\Manu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 15:55 . 2009-05-01 15:55 1772 -c--a-w- c:\users\Manu\cc_20090501_175512.reg
2009-05-01 15:55 . 2009-05-01 15:54 213066 -c--a-w- c:\users\Manu\cc_20090501_175446.reg
2009-05-01 15:34 . 2009-05-01 15:35 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-30 12:37 . 2009-06-11 16:09 293376 -c--a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 16:09 428544 -c--a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-11 16:09 784896 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 16:09 636928 -c--a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 16:09 2033152 -c--a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-07-30 1647912]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-10-10 2782536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-06-12 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-06-12 1057064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2987362739-3616797374-261659195-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC9FE3DB-6BE8-4D95-9D7E-4F9EAEE750D9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{06A686F4-75BC-4259-B286-C0B71492019B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{80323D2D-86FD-4A68-B2E5-6A5ED3F36C3C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{79F4A570-A64F-4420-953E-F5ED533A517D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C452534D-20AE-4A68-9772-9D3FA7EEE5A7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{4F6CBA60-9E29-4F74-BF24-69743659BEC2}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{C4D1C0D5-8E7E-466C-B774-CEB260858C38}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{AE19856A-724E-450B-A342-4F0FE22FAC98}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{779D3740-621D-4BDB-B91C-07B2647E43C7}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{E69CEF41-3F6E-46D4-A2A1-B78B3BCAC5AC}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C0F8A603-918A-461A-8D85-04688862F929}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{83A48EE4-088B-4D77-B209-2FD4BF6272B7}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{FE9CF701-A8C8-4711-83AA-F307631908AF}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"TCP Query User{7C3A8056-1115-47E6-8CAB-98AFFD40F522}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{A474F558-5277-4C95-972F-C4F9F85AE2E7}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{177970F5-C45D-4225-A6D0-784D82DC59B3}c:\\users\\manu\\downloads\\superscan4.exe"= UDP:c:\users\manu\downloads\superscan4.exe:superscan4.exe
"UDP Query User{765962FF-E9F7-4621-812D-0F66C0FB5089}c:\\users\\manu\\downloads\\superscan4.exe"= TCP:c:\users\manu\downloads\superscan4.exe:superscan4.exe
"{3E3D4243-0A95-4187-83B3-9332BCBE1018}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{3B6E54A6-B0D0-45EE-BC8D-4D49BAB60EC1}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{03E29038-FB3E-4858-915A-64964FC63EE9}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"UDP Query User{3A81A6EB-27F9-44EC-B812-50D569A207CA}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"TCP Query User{9C5E7B16-8AB8-47E0-BFC6-8E3E8E0DC452}c:\\program files\\urbanterror\\iourbanterror.exe"= UDP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{7CEE108D-2A11-4650-873F-5D72772A77E3}c:\\program files\\urbanterror\\iourbanterror.exe"= TCP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{62C7D33C-6CBD-424C-933B-F1E5264181F0}c:\\program files\\urbanterror\\iourbanterror.exe"= UDP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{08940F7E-912B-4339-B246-5196F1F1FF5B}c:\\program files\\urbanterror\\iourbanterror.exe"= TCP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 16:22 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [01/05/2009 16:29 1153368]
S2 gupdate1c9cb4957e9dd91;Google Update Service (gupdate1c9cb4957e9dd91);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2009 19:13 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\System32\drivers\Ltn_stk7070P.sys [23/05/2009 12:33 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\System32\drivers\Ltn_stkrc.sys [23/05/2009 12:35 13440]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [17/10/2008 18:44 28224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=101677&l=dis
mWindow Title =
uInternet Settings,ProxyServer = socks=
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\50ff129o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- PARAMETRES FIREFOX ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 08:31
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2408)
c:\program files\OrangeHSS\Launcher\Inactivity.Dll
.
Heure de fin: 2009-07-02 8:36
ComboFix-quarantined-files.txt 2009-07-02 06:36
Avant-CF: 78 780 514 304 octets libres
Après-CF: 78 760 316 928 octets libres
261 --- E O F --- 2009-06-30 18:48
Je vien de faire passe combofix voici le rapport ci quelqun voudrai bien me le déchiffrer
ComboFix 09-06-30.03 - Manu 02/07/2009 8:23.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2037.1046 [GMT 2:00]
Lancé depuis: c:\users\Manu\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\users\Manu\AppData\Local\MICROS~1\Windows\TEMPOR~1\tmpFE32.tmp
c:\users\Manu\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpFE32.tmp
c:\windows\system32\KBL.LOG
D:\Desktop.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-02 au 2009-07-02 ))))))))))))))))))))))))))))))))))))
.
2009-07-01 15:42 . 2009-07-01 16:03 -------- dc----w- C:\ToolBar SD
2009-07-01 15:14 . 2009-07-01 16:12 -------- dc----w- c:\program files\trend micro
2009-07-01 15:14 . 2009-07-01 15:18 -------- dc----w- C:\rsit
2009-06-06 19:28 . 2009-06-06 19:34 -------- dc----w- c:\program files\UrbanTerror
2009-06-03 13:12 . 2009-06-03 13:12 -------- dc----w- c:\users\Manu\AppData\Roaming\WildTangent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 16:39 . 2009-05-01 13:03 -------- dc----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-07-01 15:59 . 2009-05-01 09:39 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 15:13 . 2008-03-07 10:12 677554 -c--a-w- c:\windows\system32\perfh00C.dat
2009-07-01 15:13 . 2008-03-07 10:12 126862 -c--a-w- c:\windows\system32\perfc00C.dat
2009-06-30 18:53 . 2009-05-02 09:11 -------- dc----w- c:\users\Manu\AppData\Roaming\FrostWire
2009-06-23 16:43 . 2008-03-07 01:36 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-06-17 09:27 . 2009-05-01 09:39 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-05-01 09:39 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 16:16 . 2008-03-07 02:07 -------- dc----w- c:\program files\Microsoft Works
2009-06-10 10:53 . 2009-05-01 14:29 -------- dc----w- c:\progra~2\Spybot - Search & Destroy
2009-06-03 13:16 . 2008-08-28 14:41 -------- dc----w- c:\progra~2\WildTangent
2009-05-26 15:12 . 2008-08-28 14:22 -------- dc----w- c:\program files\Apoint2K
2009-05-26 15:00 . 2009-05-26 15:00 -------- dc----w- c:\program files\Microsoft Silverlight
2009-05-26 14:27 . 2008-08-28 14:13 -------- dc----w- c:\program files\CONEXANT
2009-05-20 15:28 . 2009-05-20 15:28 680 -c--a-w- c:\users\Manu\AppData\Local\d3d9caps.dat
2009-05-20 15:06 . 2009-05-20 15:06 -------- dc----w- c:\program files\Common Files\LightScribe
2009-05-20 15:04 . 2009-05-02 15:27 -------- dc----w- c:\program files\Common Files\Ahead
2009-05-20 15:03 . 2009-05-20 15:03 -------- dc----w- c:\progra~2\Nero
2009-05-20 14:32 . 2008-03-07 02:34 -------- dc----w- c:\program files\CyberLink
2009-05-18 18:21 . 2009-05-18 18:21 -------- dc----w- c:\users\Manu\AppData\Roaming\muvee Technologies
2009-05-18 15:29 . 2008-11-26 19:50 -------- dc----w- c:\program files\Google
2009-05-17 03:28 . 2009-05-17 03:01 -------- dc----w- c:\program files\vLite
2009-05-16 18:54 . 2009-05-16 18:54 -------- dc----w- c:\progra~2\LightScribe
2009-05-13 16:59 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2009-05-09 05:50 . 2009-06-11 16:09 915456 -c--a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 16:09 71680 -c--a-w- c:\windows\system32\iesetup.dll
2009-05-09 05:12 . 2009-05-09 05:11 -------- dc----w- c:\users\Manu\AppData\Roaming\Hide IP NG
2009-05-09 05:11 . 2009-05-09 05:11 676500 -c--a-w- c:\users\Manu\AppData\Roaming\Hide IP NG\hideipng-update.exe
2009-05-08 11:15 . 2009-05-08 11:15 -------- dc----w- c:\program files\AnalogX
2009-05-08 09:10 . 2009-05-08 09:10 -------- dc----w- c:\users\Manu\AppData\Roaming\vlc
2009-05-08 09:03 . 2009-05-08 09:03 -------- dc----w- c:\program files\VideoLAN
2009-05-08 08:44 . 2009-05-07 20:50 -------- dc----w- c:\program files\Bosco
2009-05-07 21:14 . 2009-05-07 21:14 2840 -c--a-w- c:\windows\system32\master.dat
2009-05-06 11:47 . 2009-05-02 15:37 -------- dc----w- c:\users\Manu\AppData\Roaming\Ahead
2009-05-02 11:39 . 2009-05-02 09:15 4506256 -c--a-w- c:\users\Manu\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2009-05-02 08:25 . 2009-05-01 16:41 113768 -c--a-w- c:\users\Manu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 15:55 . 2009-05-01 15:55 1772 -c--a-w- c:\users\Manu\cc_20090501_175512.reg
2009-05-01 15:55 . 2009-05-01 15:54 213066 -c--a-w- c:\users\Manu\cc_20090501_175446.reg
2009-05-01 15:34 . 2009-05-01 15:35 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-04-30 12:37 . 2009-06-11 16:09 293376 -c--a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 16:09 428544 -c--a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-11 16:09 784896 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 16:09 636928 -c--a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 16:09 2033152 -c--a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-07-30 1647912]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-10-10 2782536]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-06-12 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-06-12 1057064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2987362739-3616797374-261659195-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC9FE3DB-6BE8-4D95-9D7E-4F9EAEE750D9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{06A686F4-75BC-4259-B286-C0B71492019B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{80323D2D-86FD-4A68-B2E5-6A5ED3F36C3C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{79F4A570-A64F-4420-953E-F5ED533A517D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C452534D-20AE-4A68-9772-9D3FA7EEE5A7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{4F6CBA60-9E29-4F74-BF24-69743659BEC2}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{C4D1C0D5-8E7E-466C-B774-CEB260858C38}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{AE19856A-724E-450B-A342-4F0FE22FAC98}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{779D3740-621D-4BDB-B91C-07B2647E43C7}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{E69CEF41-3F6E-46D4-A2A1-B78B3BCAC5AC}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C0F8A603-918A-461A-8D85-04688862F929}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{83A48EE4-088B-4D77-B209-2FD4BF6272B7}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{FE9CF701-A8C8-4711-83AA-F307631908AF}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"TCP Query User{7C3A8056-1115-47E6-8CAB-98AFFD40F522}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{A474F558-5277-4C95-972F-C4F9F85AE2E7}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{177970F5-C45D-4225-A6D0-784D82DC59B3}c:\\users\\manu\\downloads\\superscan4.exe"= UDP:c:\users\manu\downloads\superscan4.exe:superscan4.exe
"UDP Query User{765962FF-E9F7-4621-812D-0F66C0FB5089}c:\\users\\manu\\downloads\\superscan4.exe"= TCP:c:\users\manu\downloads\superscan4.exe:superscan4.exe
"{3E3D4243-0A95-4187-83B3-9332BCBE1018}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{3B6E54A6-B0D0-45EE-BC8D-4D49BAB60EC1}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{03E29038-FB3E-4858-915A-64964FC63EE9}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"UDP Query User{3A81A6EB-27F9-44EC-B812-50D569A207CA}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"TCP Query User{9C5E7B16-8AB8-47E0-BFC6-8E3E8E0DC452}c:\\program files\\urbanterror\\iourbanterror.exe"= UDP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{7CEE108D-2A11-4650-873F-5D72772A77E3}c:\\program files\\urbanterror\\iourbanterror.exe"= TCP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
"TCP Query User{62C7D33C-6CBD-424C-933B-F1E5264181F0}c:\\program files\\urbanterror\\iourbanterror.exe"= UDP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
"UDP Query User{08940F7E-912B-4339-B246-5196F1F1FF5B}c:\\program files\\urbanterror\\iourbanterror.exe"= TCP:c:\program files\urbanterror\iourbanterror.exe:ioUrbanTerror
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 16:22 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [01/05/2009 16:29 1153368]
S2 gupdate1c9cb4957e9dd91;Google Update Service (gupdate1c9cb4957e9dd91);c:\program files\Google\Update\GoogleUpdate.exe [02/05/2009 19:13 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\System32\drivers\Ltn_stk7070P.sys [23/05/2009 12:33 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\System32\drivers\Ltn_stkrc.sys [23/05/2009 12:35 13440]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [17/10/2008 18:44 28224]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=101677&l=dis
mWindow Title =
uInternet Settings,ProxyServer = socks=
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\50ff129o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- PARAMETRES FIREFOX ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www26.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www26.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 08:31
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2408)
c:\program files\OrangeHSS\Launcher\Inactivity.Dll
.
Heure de fin: 2009-07-02 8:36
ComboFix-quarantined-files.txt 2009-07-02 06:36
Avant-CF: 78 780 514 304 octets libres
Après-CF: 78 760 316 928 octets libres
261 --- E O F --- 2009-06-30 18:48
A voir également:
- J'ai mon pc d'infecté
- Mon pc est lent - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Plus de son sur mon pc - Guide
- Double ecran pc - Guide
