Resultats googles redirigés.
Forum Sécurité - Virus : Resultats googles redirigés.
ComboFix 09-08-20.07 - Vincent 22/08/2009 0:36.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.990.493 [GMT 2:00]
Running from: c:\documents and settings\Vincent\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Vincent\LOCALS~1\Temp\1.wmv
c:\documents and settings\Vincent\eula.txt
c:\windows\010112010146120114.xe
c:\windows\0101120101464949.xe
c:\windows\Installer\20cf603.msi
c:\windows\Installer\20cf604.msp
c:\windows\Installer\20cf605.msp
c:\windows\Installer\20cf606.msp
c:\windows\Installer\20cf607.msp
c:\windows\Installer\20cf608.msp
c:\windows\Installer\20cf609.msp
c:\windows\Installer\20cf60a.msp
c:\windows\Installer\20cf60b.msp
c:\windows\Installer\20cf60c.msp
c:\windows\Installer\3d7785f.msi
c:\windows\Installer\3d77860.msp
c:\windows\Installer\3d77861.msp
c:\windows\Installer\3d77862.msp
c:\windows\Installer\3d77863.msp
c:\windows\Installer\3d77864.msp
c:\windows\Installer\3d77865.msp
c:\windows\Installer\3d77866.msp
c:\windows\Installer\3d77867.msp
c:\windows\Installer\3d77868.msp
c:\windows\pack.epk
c:\windows\prxid93ps.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Service_SfX
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.
2009-08-20 20:28 . 2009-08-20 20:28 -------- d-----w- c:\documents and settings\Nadine Claude\Application Data\Malwarebytes
2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\Vincent\Application Data\Malwarebytes
2009-08-20 10:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-20 10:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 20:19 . 2009-08-19 20:19 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-19 20:19 . 2009-08-19 20:19 -------- d-----w- c:\program files\DDnsFilter
2009-08-15 18:44 . 2009-08-15 18:44 152576 ----a-w- c:\documents and settings\Vincent\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 02:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-23 17:29 . 2009-07-23 18:28 -------- d-----w- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 09:45 . 2009-03-25 19:38 1 ----a-w- c:\documents and settings\Vincent\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-19 17:57 . 2009-04-25 18:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-15 18:45 . 2007-05-02 15:54 -------- d-----w- c:\program files\Java
2009-08-05 09:00 . 2004-08-03 22:54 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 07:09 . 2008-12-17 14:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 03:23 . 2008-12-21 08:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 14:51 . 2009-01-28 17:25 -------- d-----w- c:\program files\LG PC Suite II
2009-07-19 14:05 . 2009-03-08 12:44 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-07-19 14:04 . 2009-03-08 12:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-07-18 19:08 . 2007-08-09 19:09 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-17 19:03 . 2004-08-03 22:54 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-03 22:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 15:36 . 2008-08-06 06:42 -------- d-----w- c:\documents and settings\Vincent\Application Data\GigaTribe
2009-06-29 16:15 . 2009-06-29 16:11 -------- d-----w- c:\documents and settings\Vincent\Application Data\eMule
2009-06-29 16:15 . 2007-04-21 16:55 -------- d-----w- c:\program files\eMule
2009-06-26 16:50 . 2004-08-03 22:54 670720 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-03 22:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:26 . 2004-08-03 22:54 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-03 22:54 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-03 22:54 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-03 22:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-03 22:54 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-03 22:54 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 20:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-19 15:26 . 2009-06-19 15:22 0 ----a-w- c:\documents and settings\Vincent\errorlog.tmp
2009-06-16 14:40 . 2004-08-03 22:54 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2002-09-07 00:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-03 22:55 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-03 22:55 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-13 09:47 . 2007-04-21 16:50 82760 ----a-w- c:\documents and settings\Nadine Claude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 06:54 . 2007-04-22 17:13 82760 ----a-w- c:\documents and settings\Vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 14:14 . 2004-08-03 22:54 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2007-04-21 15:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-03 22:54 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-03 22:54 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 15:07 . 2009-06-01 15:07 30544 ----a-w- c:\windows\dirdib.drv
2009-06-01 15:07 . 2009-06-01 15:07 30272 ----a-w- c:\windows\macromix.dll
2008-09-24 05:30 . 2007-04-22 15:03 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RocketDock"="e:\logiciels\RocketDock\RocketDock.exe" [2007-03-18 630784]
"DAEMON Tools"="e:\logiciels\DAEMON Tools\daemon.exe" [2007-08-16 167368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"MsgCenterExe"="c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2009-01-05 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nadine Claude\Menu D‚marrer\Programmes\D‚marrage\
GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-6 1070592]
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\Vincent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"e:\\Vincent\\Jeux\\ET\\ET.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Vincent\\Jeux\\SCDA\\SCDA-Offline\\System\\SplinterCell4.exe"=
"e:\\Vincent\\Jeux\\MoH Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"e:\\Vincent\\Jeux\\SCDA\\SCDA-Online\\System\\SCDA_Online.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"e:\\Vincent\\Jeux\\Jeux gratuits\\CS2D\\CounterStrike2D.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Logiciels\\realplay.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8085:TCP"= 8085:TCP
dnsfilter
R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [04/08/2004 00:55 14336]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 09:52 114768]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 22:19 38016]
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [09/02/2009 20:35 19572]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 09:52 20560]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S3 f0c4d720-6651-423d-994c-a92e07bbd311;f0c4d720-6651-423d-994c-a92e07bbd311;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/04/2007 17:03 29744]
S3 Lbrteidsd;Lbrteidsd; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contents of the 'Scheduled Tasks' folder
2007-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
2009-08-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-21 20:18]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-DAEMON Tools - e:\daemon tools\daemon.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.cherche.us/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: chat-land.org
FF - ProfilePath - c:\documents and settings\Vincent\Application Data\Mozilla\Firefox\Profiles\znf49akl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr
fficial
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA3&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSton3D.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: e:\logiciels\Netscape6\nppl3260.dll
FF - plugin: e:\logiciels\Netscape6\nprjplug.dll
FF - plugin: e:\logiciels\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess" );
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35" );
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json" );
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 00:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:aa,a5,c3,d5,00,7d,79,cd,fe,44,80,c6,bf,1f,b3,fd,d6,fa,4f,8f,7a,ae,21,
cf,d0,27,4d,2f,eb,65,de,6b,9e,a3,49,2a,68,9c,7a,b9,a2,55,7f,4e,5b,45,62,6a,\
"??"=hex:8c,f2,20,ec,36,39,b9,15,1e,98,95,cc,4f,3c,42,3c
[HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:56,c3,c3,6b,b8,04,af,25,1d,e4,1b,99,be,14,23,22,44,09,b4,68,4d,
69,0a,79,a9,84,6e,69,76,52,7a,27,b1,be,6a,12,dc,2a,99,6c,51,72,f7,5b,da,4f,\
"rkeysecu"=hex:64,95,f4,76,bf,69,0f,9e,1b,16,fb,3d,58,55,9f,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3844)
e:\logiciels\RocketDock\RocketDock.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-08-21 0:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 22:49
Pre-Run: 19 819 380 736 octets libres
Post-Run: 21 765 283 840 octets libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
307 --- E O F --- 2009-08-20 07:17
Voilà !
/!\ Seul Eliod peut suivre cette procédure /!\
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll::
|
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
- Cela va relancer Combofix : au message qui apparaît, accepte.
- Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
- Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
Combofix a trouvé et supprimé les problèmes ! Merci, je te met quand même le rapport au cas où mais mes résultats google s'affichent sans problèmes maintenant !
Voilà :
ComboFix 09-08-20.07 - Vincent 22/08/2009 1:39.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.990.580 [GMT 2:00]
Running from: c:\documents and settings\Vincent\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Vincent\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090821-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\drivers\DnsFilter.sys"
"c:\windows\system32\drivers\soqwx32.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\system32\drivers\DnsFilter.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DDNSFILTER
-------\Legacy_DNSFILTER
-------\Service_ddnsfilter
-------\Service_DnsFilter
-------\Service_f0c4d720-6651-423d-994c-a92e07bbd311
-------\Service_Lbrteidsd
-------\Service_SfX
-------\Service_soqwx32
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.
2009-08-20 20:28 . 2009-08-20 20:28 -------- d-----w- c:\documents and settings\Nadine Claude\Application Data\Malwarebytes
2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\Vincent\Application Data\Malwarebytes
2009-08-20 10:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 10:17 . 2009-08-20 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-20 10:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 18:44 . 2009-08-15 18:44 152576 ----a-w- c:\documents and settings\Vincent\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 02:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-23 17:29 . 2009-07-23 18:28 -------- d-----w- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 09:45 . 2009-03-25 19:38 1 ----a-w- c:\documents and settings\Vincent\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-19 17:57 . 2009-04-25 18:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-15 18:45 . 2007-05-02 15:54 -------- d-----w- c:\program files\Java
2009-08-05 09:00 . 2004-08-03 22:54 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 07:09 . 2008-12-17 14:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 03:23 . 2008-12-21 08:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 14:51 . 2009-01-28 17:25 -------- d-----w- c:\program files\LG PC Suite II
2009-07-19 14:05 . 2009-03-08 12:44 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-07-19 14:04 . 2009-03-08 12:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-07-18 19:08 . 2007-08-09 19:09 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-17 19:03 . 2004-08-03 22:54 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-03 22:54 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-06 15:36 . 2008-08-06 06:42 -------- d-----w- c:\documents and settings\Vincent\Application Data\GigaTribe
2009-06-29 16:15 . 2009-06-29 16:11 -------- d-----w- c:\documents and settings\Vincent\Application Data\eMule
2009-06-29 16:15 . 2007-04-21 16:55 -------- d-----w- c:\program files\eMule
2009-06-26 16:50 . 2004-08-03 22:54 670720 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-03 22:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:26 . 2004-08-03 22:54 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-03 22:54 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-03 22:54 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-03 22:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-03 22:54 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-03 22:54 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 20:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-19 15:26 . 2009-06-19 15:22 0 ----a-w- c:\documents and settings\Vincent\errorlog.tmp
2009-06-16 14:40 . 2004-08-03 22:54 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2002-09-07 00:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-03 22:55 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-03 22:55 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-13 09:47 . 2007-04-21 16:50 82760 ----a-w- c:\documents and settings\Nadine Claude\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 06:54 . 2007-04-22 17:13 82760 ----a-w- c:\documents and settings\Vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 14:14 . 2004-08-03 22:54 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2007-04-21 15:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-03 22:54 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-03 22:54 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 15:07 . 2009-06-01 15:07 30544 ----a-w- c:\windows\dirdib.drv
2009-06-01 15:07 . 2009-06-01 15:07 30272 ----a-w- c:\windows\macromix.dll
2008-09-24 05:30 . 2007-04-22 15:03 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-21_22.45.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 23:44 . 2009-08-21 23:44 16384 c:\windows\Temp\Perflib_Perfdata_f4.dat
+ 2009-08-21 23:44 . 2009-08-21 23:44 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RocketDock"="e:\logiciels\RocketDock\RocketDock.exe" [2007-03-18 630784]
"DAEMON Tools"="e:\logiciels\DAEMON Tools\daemon.exe" [2007-08-16 167368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-28 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"MsgCenterExe"="c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2009-01-05 69632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nadine Claude\Menu D‚marrer\Programmes\D‚marrage\
GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-8-6 1070592]
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\Vincent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-5-4 2913840]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"e:\\Vincent\\Jeux\\ET\\ET.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Vincent\\Jeux\\SCDA\\SCDA-Offline\\System\\SplinterCell4.exe"=
"e:\\Vincent\\Jeux\\MoH Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"e:\\Vincent\\Jeux\\SCDA\\SCDA-Online\\System\\SCDA_Online.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"e:\\Vincent\\Jeux\\Jeux gratuits\\CS2D\\CounterStrike2D.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Logiciels\\realplay.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8085:TCP"= 8085:TCPdnsfilter
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 09:52 114768]
R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [09/02/2009 20:35 19572]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 09:52 20560]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/04/2007 17:03 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2007-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
2009-08-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-21 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.cherche.us/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: chat-land.org
FF - ProfilePath - c:\documents and settings\Vincent\Application Data\Mozilla\Firefox\Profiles\znf49akl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:frfficial
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA3&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSton3D.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: e:\logiciels\Netscape6\nppl3260.dll
FF - plugin: e:\logiciels\Netscape6\nprjplug.dll
FF - plugin: e:\logiciels\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess" );
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35" );
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json" );
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 01:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:aa,a5,c3,d5,00,7d,79,cd,fe,44,80,c6,bf,1f,b3,fd,d6,fa,4f,8f,7a,ae,21,
cf,d0,27,4d,2f,eb,65,de,6b,9e,a3,49,2a,68,9c,7a,b9,a2,55,7f,4e,5b,45,62,6a,\
"??"=hex:8c,f2,20,ec,36,39,b9,15,1e,98,95,cc,4f,3c,42,3c
[HKEY_USERS\S-1-5-21-1659004503-329068152-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:56,c3,c3,6b,b8,04,af,25,1d,e4,1b,99,be,14,23,22,44,09,b4,68,4d,
69,0a,79,a9,84,6e,69,76,52,7a,27,b1,be,6a,12,dc,2a,99,6c,51,72,f7,5b,da,4f,\
"rkeysecu"=hex:64,95,f4,76,bf,69,0f,9e,1b,16,fb,3d,58,55,9f,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2120)
e:\logiciels\RocketDock\RocketDock.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-08-21 1:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 23:50
ComboFix2.txt 2009-08-21 22:49
Pre-Run: 21 782 671 360 octets libres
Post-Run: 21 657 366 528 octets libres
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
280 --- E O F --- 2009-08-20 07:17
