Merci Kmisol, voici le rapport: ComboFix 09-08-21.02 - proprietaire 22/08/2009 12:33.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.312 [GMT 2:00]
Running from: c:\documents and settings\proprietaire\Bureau\ethan-fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\uvadi.ban
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\voxepizecy.sys
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\zoro.dl
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\proprietaire\Application Data\wiaserva.log
c:\documents and settings\proprietaire\Local Settings\Application Data\ubivdrf.dat
c:\documents and settings\proprietaire\Local Settings\Application Data\ubivdrf.exe
c:\documents and settings\proprietaire\Local Settings\Application Data\ubivdrf_nav.dat
c:\documents and settings\proprietaire\Local Settings\Application Data\ubivdrf_navps.dat
c:\documents and settings\proprietaire\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\0101120101465653.xe
c:\windows\cru629.dat
c:\windows\prxid93ps.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\cru629.dat
c:\windows\system32\DelSelf.bat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\drivers\beep.sys . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-21 17:10 . 2009-08-22 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\11820464
2009-08-21 05:29 . 2009-08-21 05:29 19363 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\xerusuxobe.reg
2009-08-21 05:29 . 2009-08-21 05:29 18095 ----a-w- c:\program files\Fichiers communs\igupyka.sys
2009-08-21 05:29 . 2009-08-21 05:29 16000 ----a-w- c:\documents and settings\LocalService\Application Data\idiby.com
2009-08-21 05:29 . 2009-08-21 05:29 13678 ----a-w- c:\windows\system32\jawycuxo.pif
2009-08-21 05:29 . 2009-08-21 05:29 13058 ----a-w- c:\documents and settings\LocalService\Application Data\ehacok.scr
2009-08-21 05:29 . 2009-08-21 05:29 12735 ----a-w- c:\program files\Fichiers communs\qebez.dat
2009-08-21 05:29 . 2009-08-21 05:29 12691 ----a-w- c:\windows\apyx.pif
2009-08-21 05:29 . 2009-08-21 05:29 12533 ----a-w- c:\program files\Fichiers communs\qifadot.scr
2009-08-21 05:29 . 2009-08-21 05:29 11946 ----a-w- c:\documents and settings\All Users\Application Data\tofiwybut.com
2009-08-21 05:29 . 2009-08-21 05:29 11433 ----a-w- c:\windows\ruxahyla.bin
2009-08-21 05:29 . 2009-08-21 05:29 10132 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\niqadacumo.bin
2009-08-21 05:28 . 2009-08-21 05:28 -------- d-----w- C:\PC_Antispyware2010
2009-08-21 04:21 . 2009-08-21 04:21 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-20 04:19 . 2009-08-20 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-17 18:22 . 2009-08-17 18:22 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-08-17 18:22 . 2009-08-17 18:22 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-08-17 15:52 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-17 15:52 . 2009-08-17 15:52 -------- d-----w- c:\program files\Alwil Software
2009-08-17 15:37 . 2009-08-17 15:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-16 04:15 . 2009-08-20 11:05 150 ----a-w- c:\documents and settings\proprietaire\delself.bat
2009-08-16 03:51 . 2009-08-16 03:51 -------- d--h--w- c:\windows\PIF
2009-08-16 01:05 . 2009-08-16 01:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-16 01:05 . 2009-08-16 01:05 -------- d-----w- c:\program files\MSBuild
2009-08-16 01:05 . 2009-08-16 01:05 -------- d-----w- c:\program files\Reference Assemblies
2009-08-16 01:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-16 01:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-16 01:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-16 01:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-16 01:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-16 01:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-16 01:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-16 01:04 . 2009-08-16 01:05 -------- d-----w- C:\e5704f3253759610bb3735a133c1
2009-08-10 23:53 . 2009-08-11 00:25 34 ----a-w- c:\documents and settings\proprietaire\jagex_runescape_preferences.dat
2009-07-30 07:38 . 2009-07-30 07:38 -------- d-sh--w- c:\documents and settings\proprietaire\PrivacIE
2009-07-30 07:38 . 2009-07-30 07:38 -------- d-sh--w- c:\documents and settings\proprietaire\IECompatCache
2009-07-30 07:01 . 2009-07-30 07:01 -------- d-sh--w- c:\documents and settings\proprietaire\IETldCache
2009-07-30 06:10 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-30 06:10 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-30 06:09 . 2009-07-30 06:09 -------- d-----w- c:\windows\ie8updates
2009-07-30 06:09 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-30 06:07 . 2009-07-30 06:09 -------- dc-h--w- c:\windows\ie8
2009-07-24 11:37 . 2009-07-24 11:37 -------- d-----w- c:\program files\Nuclear Coffee
2009-07-24 09:50 . 2009-07-24 09:50 -------- d-----w- c:\program files\MusicBrainz Picard
2009-07-24 09:46 . 2009-07-24 09:46 -------- d-----w- c:\program files\Tunatic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 17:08 . 2008-09-28 21:20 -------- d-----w- c:\documents and settings\proprietaire\Application Data\OpenOffice.org2
2009-08-21 05:29 . 2009-08-21 05:29 15920 ----a-w- c:\documents and settings\LocalService\Application Data\mizukopy.dat
2009-08-19 22:03 . 2009-05-14 21:21 1055 ----a-w- c:\documents and settings\proprietaire\errorlog.tmp
2009-08-16 03:31 . 2008-04-13 10:15 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-16 02:28 . 2008-09-22 15:37 13808 ----a-w- c:\documents and settings\proprietaire\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 01:10 . 2004-08-05 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 01:10 . 2004-08-05 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-14 00:23 . 2008-09-28 21:21 1 ----a-w- c:\documents and settings\proprietaire\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-08-05 09:00 . 2008-04-13 17:33 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 01:48 . 2008-10-04 01:04 -------- d-----w- c:\documents and settings\proprietaire\Application Data\LimeWire
2009-07-22 18:11 . 2009-02-11 14:39 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-22 18:11 . 2008-09-25 10:41 -------- d-----w- c:\program files\MSN Messenger
2009-07-18 07:01 . 2008-09-25 10:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-17 19:03 . 2008-04-13 17:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-06-16 16:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 00:47 . 2008-09-28 23:47 -------- d-----w- c:\documents and settings\proprietaire\Application Data\dvdcss
2009-07-05 01:00 . 2009-07-05 01:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 01:00 . 2009-07-05 01:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-03 16:57 . 2008-06-15 00:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:26 . 2008-04-13 17:33 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2008-04-13 17:33 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2008-04-13 17:33 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2008-04-13 17:33 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2008-04-13 17:33 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2008-04-13 17:33 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 18:21 . 2008-09-25 10:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-24 18:21 . 2008-09-25 10:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 11:18 . 2008-04-13 09:31 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 21:42 . 2009-06-23 21:42 -------- d-----w- c:\program files\ANI
2009-06-23 21:42 . 2008-09-22 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 21:42 . 2009-06-23 21:42 -------- d-----w- c:\program files\D-Link
2009-06-23 21:41 . 2009-06-23 21:41 -------- d-----w- c:\documents and settings\proprietaire\Application Data\InstallShield
2009-06-16 14:40 . 2008-04-13 17:33 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2008-04-13 17:33 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2008-04-13 17:34 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-13 16:06 . 2009-06-13 16:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 16:06 . 2009-06-13 16:06 152576 ----a-w- c:\documents and settings\proprietaire\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 14:14 . 2008-04-13 17:33 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-09-22 15:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2008-04-13 17:33 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2008-04-13 17:33 1297408 ----a-w- c:\windows\system32\quartz.dll
.
------- Sigcheck -------
[-] 2008-09-25 13:05 512000 8D71F28DEB37CC9C2E344095D8BFE1EE c:\windows\system32\winlogon.exe
[-] 2009-08-21 04:21 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\system32\dllcache\beep.sys
[-] 2009-08-16 03:31 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-16 03:31 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys
[-] 2008-06-15 00:27 1571840 04FD46262E9BB635DD8F5330551A0C98 c:\windows\system32\sfcfiles.dll
c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\srsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSVolFE"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 148888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 1662976]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\proprietaire\Bureau\bruce\Programmes\D‚marrage\
ikowin32.exe [2008-4-13 24064]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 18:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/09/2008 12:42 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/09/2008 12:43 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/09/2008 12:42 298776]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25/09/2008 12:42 907032]
S2 gupdate1c9f2bd7a48acf6;Service Google Update (gupdate1c9f2bd7a48acf6);c:\program files\Google\Update\GoogleUpdate.exe [22/06/2009 00:13 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [02/09/2008 16:14 191656]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 22:13]
2009-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 22:13]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-msword98 - c:\documents and settings\proprietaire\msword98.exe
HKCU-Run-ubivdrf - c:\documents and settings\proprietaire\local settings\application data\ubivdrf.exe
HKLM-Run-msword98 - c:\windows\system32\msword98.exe
HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
HKLM-Run-11820464 - c:\documents and settings\All Users\Application Data\11820464\11820464.exe
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: chat-land.org
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\documents and settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\qrdk77ve.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess" );
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35" );
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json" );
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2009-08-22 12:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
? [40000]
? [21140]
? [21576]
? [960]
? [8948]
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "c:\program files\MSN Messenger\MsnMsgr.Exe" /background?g
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-22 12:40
ComboFix-quarantined-files.txt 2009-08-22 10:40
Pre-Run: 117 677 268 992 octets libres
Post-Run: 117 915 688 960 octets libres
337 --- E O F --- 2009-08-17 15:24
nos newsletters
Lisez 01net pour 2,25 € / n° seulement
![[:lolo 1:7]](https://static.telecharger.01net.com/shared/forum/images/perso/7/lolo%201.gif "[:lolo 1:7]")
Remet les fichiers et dossiers cachés comme tu les as trouvés ! ![[:blue_fire:9]](https://static.telecharger.01net.com/shared/forum/images/perso/9/blue_fire.gif "[:blue_fire:9]")
Déconnecte-toi du net et ferme toutes applications en cours. 
