bonjour voila le rapport de ComboFix:
ComboFix 10-08-26.04 - Compaq_Propriétaire 27/08/2010 17:21:00.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.225 [GMT 2:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
AV: BitDefender 9 Professional Plus On-access scanning disabled (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender 9 Professional Plus disabled {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\autorun.inf
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\bad1.exe
c:\windows\system32\bad2.exe
c:\windows\system32\bad3.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\msmsgs.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-27 au 2010-08-27 ))))))))))))))))))))))))))))))))))))
.
2010-08-27 15:02 . 2010-08-27 15:09 -------- d-----w- c:\program files\Softonic_France
2010-08-26 18:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 18:43 . 2010-08-26 18:43 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2010-08-26 18:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 15:28 . 2010-06-30 13:01 -------- d-----w- c:\program files\Ask.com
2010-08-19 15:25 . 2010-08-19 16:19 -------- d-----w- c:\program files\LimeWire
2010-08-15 21:20 . 2010-08-15 21:20 -------- d-----w- c:\program files\CCleaner
2010-08-09 21:22 . 2010-08-15 22:05 -------- d-----w- c:\program files\PokerStars.FR
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 20:44 . 2007-07-12 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-22 19:10 . 2009-04-26 19:54 -------- d-----w- c:\program files\Veetle
2010-08-17 10:32 . 2005-01-03 02:34 -------- d-----w- c:\program files\Fichiers communs\Java
2010-08-17 10:30 . 2005-01-03 03:02 -------- d-----w- c:\program files\Google
2010-08-17 10:25 . 2005-01-03 02:34 -------- d-----w- c:\program files\Java
2010-08-11 18:15 . 2004-11-23 21:26 554990 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-11 18:15 . 2004-11-23 21:26 102980 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-09 21:22 . 2009-06-22 14:32 -------- d-----w- c:\program files\PokerStars.NET
2010-08-05 19:03 . 2009-01-24 10:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-17 03:00 . 2010-04-18 10:54 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 18:06 . 2010-07-04 17:55 -------- d-----w- c:\program files\PartyFrance
2010-07-04 17:23 . 2009-09-07 20:26 -------- d-----w- c:\program files\Panda Security
2010-07-04 17:22 . 2008-06-22 10:14 -------- d-----w- c:\program files\AVS4YOU
2010-07-04 17:21 . 2005-01-03 02:42 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-06-30 12:32 . 2004-08-05 18:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2004-08-05 18:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-05 18:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 19:36 . 2010-06-23 19:36 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-06-23 19:36 . 2010-06-23 19:36 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-06-23 19:36 . 2010-06-23 19:36 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-06-23 19:36 . 2010-06-23 19:36 35646112 ----a-w- c:\documents and settings\All Users\Application Data\Installations{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2FR.exe
2010-06-21 15:27 . 2004-08-05 18:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-05 18:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-05 18:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-05 18:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2008-09-04 17:06 . 2008-09-04 17:06 122880 -c–a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-30 11:49 . 2006-05-30 11:49 22 -csha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{ad55c869-668e-457c-b270-0cfb2f61116f}”= “c:\program files\livetvbar\tbliv1.dll” [2010-05-17 2515552]
“{89d18ea5-ab30-4324-8784-3f14c25bb66a}”= “c:\program files\FreeSavers2k\tbFre0.dll” [2010-05-29 2515552]
“{4daac69c-cba7-45e2-9bc8-1044483d3352}”= “c:\program files\Softonic_France\tbSoft.dll” [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid{ad55c869-668e-457c-b270-0cfb2f61116f}]
[HKEY_CLASSES_ROOT\clsid{89d18ea5-ab30-4324-8784-3f14c25bb66a}]
[HKEY_CLASSES_ROOT\clsid{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-06-13 17:10 2734688 ------w- c:\program files\Softonic_France\tbSoft.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{89d18ea5-ab30-4324-8784-3f14c25bb66a}]
2010-05-29 23:43 2515552 ----a-w- c:\program files\FreeSavers2k\tbFre0.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{ad55c869-668e-457c-b270-0cfb2f61116f}]
2010-05-17 09:36 2515552 ----a-w- c:\program files\livetvbar\tbliv1.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 15:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{ad55c869-668e-457c-b270-0cfb2f61116f}”= “c:\program files\livetvbar\tbliv1.dll” [2010-05-17 2515552]
“{89d18ea5-ab30-4324-8784-3f14c25bb66a}”= “c:\program files\FreeSavers2k\tbFre0.dll” [2010-05-29 2515552]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2010-06-10 1233288]
“{4daac69c-cba7-45e2-9bc8-1044483d3352}”= “c:\program files\Softonic_France\tbSoft.dll” [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid{ad55c869-668e-457c-b270-0cfb2f61116f}]
[HKEY_CLASSES_ROOT\clsid{89d18ea5-ab30-4324-8784-3f14c25bb66a}]
[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{AD55C869-668E-457C-B270-0CFB2F61116F}”= “c:\program files\livetvbar\tbliv1.dll” [2010-05-17 2515552]
“{89D18EA5-AB30-4324-8784-3F14C25BB66A}”= “c:\program files\FreeSavers2k\tbFre0.dll” [2010-05-29 2515552]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2010-06-10 1233288]
[HKEY_CLASSES_ROOT\clsid{ad55c869-668e-457c-b270-0cfb2f61116f}]
[HKEY_CLASSES_ROOT\clsid{89d18ea5-ab30-4324-8784-3f14c25bb66a}]
[HKEY_CLASSES_ROOT\clsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NCLaunch”=“c:\windows\NCLAUNCH.EXe” [2006-04-24 40960]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-04-04 68856]
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe” [2009-11-13 247144]
“Connexion SFR 9props.exe”=“c:\program files\SFR\Kit\9props.exe” [2009-10-15 959808]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-11-03 204288]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“Shockwave Updater”=“c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe” [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NokiaMServer”=“c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer” [X]
“EverioService”=“c:\program files\CyberLink\PCM4Everio\EverioService.exe” [2007-11-01 151552]
“NokiaMusic FastStart”=“c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe” [2009-11-06 2090272]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2010-06-20 35760]
“Adobe ARM”=“c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe” [2010-06-09 976832]
“SunJavaUpdateSched”=“c:\program files\Fichiers communs\Java\Java Update\jusched.exe” [2010-05-14 248552]
c:\documents and settings\Compaq_Propri?taire\Menu D?marrer\Programmes\D?marrage
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Outil de d?tection de support PMB.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-24 333088]
c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Ovi Files Connector.lnk - c:\program files\Ovi Files\Ovi Files_agent.exe [2009-11-19 1447280]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe”=
“c:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe”=
“c:\Program Files\CyberLink\PCM4Everio\EverioService.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\TVAnts\Tvants.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe”=
“c:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe”=
“c:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe”=
“c:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=
“c:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”=
“c:\Program Files\Shareaza\Shareaza.exe”=
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [18/04/2010 12:55 19572]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/08/2010 20:43 38224]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [14/03/2010 18:27 583552]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/04/2007 03:06 639224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier ‘Tâches planifiées’
2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-08-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 15:52]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 21:01]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 21:01]
2010-08-27 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
2010-08-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 15:28]
2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{99A1717A-339F-4054-B124-428CEA8FF8A5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = search.conduit.com…
mWindow Title =
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - favorites.live.com…
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{725EC34E-943C-4df6-B0B2-FBDE7F242276} - c:\program files\PartyFrance\PartyPokerFr\RunApp.exe
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - dl.google.com…
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - safe.tele2.com…
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ar691trw.default
FF - prefs.js: browser.search.defaulturl - search.conduit.com…
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - fr.start3.mozilla.com…
FF - prefs.js: keyword.URL - redirecterror.sfr.fr…
FF - component: c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ar691trw.default\extensions{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ar691trw.default\extensions{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ar691trw.default\extensions{ad55c869-668e-457c-b270-0cfb2f61116f}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\ar691trw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: keyword.URL - redirecterror.sfr.fr…
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.renego_unrestricted_hosts”, “”);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.treat_unsafe_negotiation_as_broken”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.require_safe_negotiation”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
.
-
-
-
- ORPHELINS SUPPRIMES - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-Ovi Files Update - c:\program files\Ovi Files\updater.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-HijackThis - c:\documents and settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\CAU2GHCK\HijackThis.exe
AddRemove-idehje - c:\documents and settings\compaq_propriétaire\local settings\application data\idehje.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2010-08-27 17:57
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe”
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
[HKEY_LOCAL_MACHINE\software\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
“Version”=“1.0”
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø|ÿÿÿÿ|ù9~*]
“C040110900063D11C8EF10054038389C”=“C?\WINDOWS\system32\FM20ENU.DLL”
.
--------------------- DLLs chargées dans les processus actifs ---------------------
-
-
-
-
-
-
-
‘winlogon.exe’(572)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-08-27 18:07:24
ComboFix-quarantined-files.txt 2010-08-27 16:07
Avant-CF: 37 432 807 424 octets libres
Après-CF: 37 946 441 728 octets libres
-
- End Of File - - EF9BD59609C53B900C1F2B77832DFDB8