Non mais je vais sur 2 ordi
Voila le rapport
ComboFix 10-08-29.04 - ACER 30/08/2010 17:43:33.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.645 [GMT 2:00]
Lancé depuis: c:\documents and settings\ACER\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\ACER\Application Data\791F6825203771F7054897E4827B8E5E
c:\documents and settings\ACER\Application Data\791F6825203771F7054897E4827B8E5E\enemies-names.txt
c:\documents and settings\ACER\Application Data\791F6825203771F7054897E4827B8E5E\local.ini
c:\documents and settings\ACER\Application Data\Desktopicon
c:\documents and settings\ACER\Application Data\Desktopicon\config.ini
c:\documents and settings\ACER\Local Settings\Application Data\Windows Server
c:\documents and settings\ACER\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\ACER\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\ACER\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\ACER\Local Settings\Application Data\Windows Server\uses32.dat
C:\install.exe
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\autorun.ini
c:\windows\system32\scrrnfr.dll
-- Exécution préalable --
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe
--------
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-28 au 2010-08-30 ))))))))))))))))))))))))))))))))))))
.
2010-08-30 10:13 . 2008-04-14 02:33 116736 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-30 10:11 . 2004-08-03 20:29 33599 ----a-w- c:\windows\system32\dllcache\watv04nt.sys
2010-08-30 10:10 . 2001-08-17 19:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2010-08-30 10:09 . 2001-08-23 15:46 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-08-30 10:08 . 2001-08-23 15:46 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-08-30 10:07 . 2001-08-17 18:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2010-08-30 10:06 . 2001-08-23 15:21 95114 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2010-08-30 10:05 . 2001-08-23 15:20 16768 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2010-08-30 10:04 . 2001-08-17 18:12 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-08-30 10:03 . 2001-08-23 15:17 16512 ----a-w- c:\windows\system32\dllcache\pscr.sys
2010-08-30 10:02 . 2001-08-17 20:05 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2010-08-30 10:01 . 2001-08-17 18:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-08-30 10:00 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-08-30 09:59 . 2001-08-23 15:47 58880 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-08-30 09:58 . 2001-08-23 15:47 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2010-08-30 09:57 . 2001-08-17 19:28 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-08-30 09:56 . 2001-08-23 15:47 119296 ----a-w- c:\windows\system32\dllcache\hpdigwia.dll
2010-08-30 09:55 . 2001-08-23 15:47 46080 ----a-w- c:\windows\system32\dllcache\esunib.dll
2010-08-30 09:54 . 2001-08-23 15:12 117760 ----a-w- c:\windows\system32\dllcache\e100b325.sys
2010-08-30 09:53 . 2001-08-17 18:19 93952 ----a-w- c:\windows\system32\dllcache\cwcwdm.sys
2010-08-30 09:52 . 2001-08-17 19:28 871388 ----a-w- c:\windows\system32\dllcache\bcmdm.sys
2010-08-30 06:41 . 2010-08-30 06:41 -------- d-----w- c:\program files\ToniArts
2010-08-29 12:18 . 2010-08-29 12:18 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-29 09:49 . 2010-08-29 09:49 187392 ----a-w- c:\windows\Lfixoa.exe
2010-08-25 20:36 . 2010-08-25 20:36 367160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-25 07:34 . 2010-08-25 07:34 -------- d-----w- c:\program files\Opera
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 12:47 . 2009-11-11 12:07 -------- d-----w- c:\documents and settings\ACER\Application Data\vlc
2010-08-30 08:57 . 2009-01-28 13:18 -------- d-----w- c:\documents and settings\ACER\Application Data\dvdcss
2010-08-30 06:41 . 2005-06-23 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 13:50 . 2010-03-08 15:24 -------- d-----w- c:\documents and settings\ACER\Application Data\Azureus
2010-08-25 10:28 . 2009-06-23 10:23 -------- d-----w- c:\program files\VDOWNLOADER
2010-08-25 08:57 . 2009-07-23 13:17 -------- d-----w- c:\program files\SpeedFan
2010-08-24 19:06 . 1979-12-31 23:00 592682 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-24 19:06 . 1979-12-31 23:00 119326 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-23 14:34 . 2006-01-09 10:24 67480 ----a-w- c:\documents and settings\ACER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-14 08:37 . 2008-11-20 17:57 1 ----a-w- c:\documents and settings\ACER\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-11 08:42 . 2009-09-18 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-11 08:34 . 2010-04-21 16:34 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-28 09:30 . 2010-06-29 10:30 17880 ----a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\AccessibleMarshal.dll
2010-07-21 16:12 . 2010-02-09 17:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-21 16:12 . 2010-02-09 17:18 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-21 09:27 . 2010-02-09 17:17 -------- d-----w- c:\program files\Fichiers communs\LogiShrd
2010-07-21 09:25 . 2010-07-21 09:25 53248 ----a-r- c:\documents and settings\ACER\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-21 09:25 . 2006-08-29 15:11 -------- d-----w- c:\program files\Logitech
2010-07-21 09:23 . 2010-07-21 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-07-21 09:23 . 2010-07-21 09:23 -------- d-----w- c:\program files\Fichiers communs\LWS
2010-07-21 09:22 . 2009-07-10 17:49 -------- d-----w- c:\program files\Common Files
2010-07-21 08:58 . 2010-07-21 08:58 -------- d-----w- c:\program files\Avira
2010-07-21 08:58 . 2010-03-31 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-21 08:27 . 2003-12-01 15:20 4832 ----a-w- c:\windows\system32\drivers\sfhlp01.sys
2010-07-21 08:14 . 2010-07-21 08:14 -------- d-----w- c:\documents and settings\ACER\Application Data\Malwarebytes
2010-07-21 08:14 . 2010-06-25 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 08:14 . 2010-07-21 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-02 10:49 . 2010-07-02 10:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-30 12:32 . 1979-12-31 23:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 1979-12-31 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 1979-12-31 23:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 23:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 19:34 . 2010-06-19 19:34 103864 ----a-w- c:\documents and settings\All Users\Application Data\Mozilla Firefox\plugins\nppdf32.dll
2010-06-17 14:03 . 1979-12-31 23:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-06-23 22:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 1979-12-31 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-08-22 15:56 . 2006-08-22 15:56 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-03-26 16:34 . 2006-03-26 16:34 56 --sh--r- c:\windows\system32\BF054C9A96.sys
2006-03-26 16:34 . 2006-03-26 16:34 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
c:\windows\explorer.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-05-13 2515552]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-05-13 20:26 2515552 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-05-13 2515552]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-05-13 2515552]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"AnumanLive"="c:\documents and settings\ACER\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2007-09-28 347648]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe" [2010-06-29 231888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 110592]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
c:\documents and settings\ACER\Menu D‚marrer\Programmes\D‚marrage\
Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^ACER^Menu Démarrer^Programmes^Démarrage^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"gusvc"=3 (0x3)
"AVGIDSAgent"=2 (0x2)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"10300:TCP"= 10300:TCP:BitComet 10300 TCP
"10300:UDP"= 10300:UDP:BitComet 10300 UDP
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [01/01/1980 01:00 16640]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/07/2010 10:58 108289]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [07/04/2010 10:49 24576]
S3 UniCamDr.Samsung;Samsung Miniket USB-D07 Capture Device;c:\windows\system32\Drivers\UniCamDr.sys --> c:\windows\system32\Drivers\UniCamDr.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/10/2008 17:38 691696]
.
Contenu du dossier 'Tâches planifiées'
2010-08-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-06-08 08:01]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with &Shareaza - c:\program files\Shareaza\Plugins\RazaWebHook.dll/3000
IE: Save Flash with Flash Catcher - c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
TCP: {554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1} = 80.10.246.2,80.10.246.129
FF - ProfilePath - c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\e6ub5b5d.Teddy\
FF - component: c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\e6ub5b5d.Teddy\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\e6ub5b5d.Teddy\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\e6ub5b5d.Teddy\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\documents and settings\All Users\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\documents and settings\All Users\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\documents and settings\All Users\Application Data\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ntiMUI - c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Vous devez être
connecté pour voir les liens.
Rootkit scan 2010-08-30 17:50
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-08-30 17:52:36
ComboFix-quarantined-files.txt 2010-08-30 15:52
Avant-CF: 38 024 343 552 octets libres
Après-CF: 37 970 882 560 octets libres
- - End Of File - - CB7285975009CC2A617DC61E32AC76C3