Aller au contenu

bob schaffoin

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par bob schaffoin

  1. bob schaffoin
    Merci pour vos réponses et désolé pour le retard dans la mienne... En fait, j'étais parti en vacances depuis 3 semaines et c'est pendant mon périple que l'on m'a demandé de jeter un oeil sur le pc infecté... Je n'avais qu'une petite journée pour essayer de faire quelque chose sur ce pc. Ne connaissant pas le délai de réponse des "experts" de ce forum et avant le conseil aux propriétaires de tout formater, j'ai décidé d'essayer de réparer ce que je pouvais après avoir lu un certain nombre de vos posts. Je m'étais rendu compte que les pop up étaient affichées par les softs de la webcam après avoir posté dans ce forum. N'étant plus sur place, je n'ai donc pas de rapport à vous donner. Merci en tout cas. +
  2. bob schaffoin
    Bonjour, Je viens de passer une journée sur un pc sous avast qui était un peu infecté : - dns changer - gèle de Kasperski online (même après avoir corrigé le problème de dns qui empechait le téléchargement de la base) - reboot au lancement d'AntiVir - exoclick and Co - combofix qui ne se lance pas sans avoir changé le nom de l'exécutable ... Après avoir fait un peu ménage avec ComboFix, Antivir (97 virus trouvés...), MABM et Process Explorer, les différents scanners (ComboFix, Antivir, MABM, Kasperski online, ToolbarSD et RootkitRevealer) ne détectent aucun problème.... mais, car il y a un mais, à chaque fois que je lance mon ComboFix renommé, 3 popup étranges s'affichent : - Confirmation : Are you sure you want to exit the watching service ? oui | non - Control : Are you Sure To exit The System ? oui | non - VideoProxy : Are you Sure To exit The System ? oui | non Voici le log de ComboFix, vous en pensez quoi ? Merci, --------------------------------------------------------------------------------------------------------- ComboFix 09-08-09.04 - Jean-Jacques 10/08/2009 19:43.3.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.292 [GMT 2:00] Running from: d:\mes documents\Téléchargements\cfx.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))))) . 2009-08-10 17:39 . 2009-08-10 17:40 -------- d-s---w- C:\ndis 2009-08-07 17:55 . 2009-08-07 17:58 -------- d-----w- C:\ToolBar SD 2009-08-07 12:55 . 2009-08-07 12:55 -------- d-----w- c:\documents and settings\Jean-Jacques\Application Data\Malwarebytes 2009-08-07 12:55 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-07 12:55 . 2009-08-07 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-07 12:55 . 2009-08-07 12:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-07 12:55 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-07 05:24 . 2009-08-07 05:24 -------- d-----w- c:\program files\Fichiers communs\Windows Live 2009-08-06 21:54 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-06 21:54 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-06 21:54 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-06 21:54 . 2009-08-06 21:54 -------- d-----w- c:\program files\Avira 2009-08-06 21:54 . 2009-08-06 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-06 21:22 . 2009-08-06 21:22 -------- d-sh--w- c:\documents and settings\Jean-Jacques\IECompatCache 2009-08-06 21:20 . 2009-08-06 21:20 -------- d-sh--w- c:\documents and settings\Jean-Jacques\PrivacIE 2009-08-06 21:19 . 2009-08-06 21:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-06 21:19 . 2009-08-06 21:19 -------- d-sh--w- c:\documents and settings\Jean-Jacques\IETldCache 2009-08-06 21:16 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-08-06 21:16 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-06 21:16 . 2009-08-06 21:16 -------- d-----w- c:\windows\ie8updates 2009-08-06 21:16 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-08-06 21:15 . 2009-08-06 21:16 -------- dc-h--w- c:\windows\ie8 2009-08-05 13:30 . 2009-08-05 13:30 -------- d-----w- c:\program files\CCleaner 2009-08-05 13:08 . 2009-08-05 13:08 -------- d-----w- c:\windows\Sun 2009-08-05 13:07 . 2009-08-05 13:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-05 13:07 . 2009-08-05 13:07 -------- d-----w- c:\program files\Java 2009-08-05 13:06 . 2009-08-05 13:06 152576 ----a-w- c:\documents and settings\Jean-Jacques\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-05 10:49 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-31 06:05 . 2009-07-31 06:05 -------- d-----w- c:\documents and settings\Jean-Jacques\Local Settings\Application Data\Ahead 2009-07-31 06:05 . 2009-07-31 06:05 -------- d-----w- c:\documents and settings\Jean-Jacques\Application Data\Ahead 2009-07-31 06:04 . 2009-07-31 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead 2009-07-31 06:04 . 2009-07-31 06:04 -------- d-----w- c:\program files\Fichiers communs\Ahead 2009-07-31 06:04 . 2009-07-31 06:04 -------- d-----w- c:\program files\Nero 2009-07-31 06:04 . 2009-07-31 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-10 14:11 . 2008-08-08 20:05 -------- d-----w- c:\documents and settings\Jean-Jacques\Application Data\skypePM 2009-08-07 13:20 . 2004-12-14 21:22 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-08-07 05:55 . 2008-08-08 20:03 -------- d-----w- c:\documents and settings\Jean-Jacques\Application Data\Skype 2009-08-06 09:56 . 2008-08-26 18:44 -------- d-----w- c:\program files\Photodex Presenter 2009-08-06 09:56 . 2006-10-11 11:44 -------- d-----w- c:\program files\HQVideoCodec 2009-08-04 20:54 . 2009-08-04 21:09 214384 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1036.dat 2009-07-29 20:19 . 2009-01-01 21:33 -------- d-----w- c:\program files\MappySynchro 2009-07-03 16:57 . 2004-12-14 21:36 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-19 09:36 . 2009-06-19 09:36 -------- d-----w- c:\program files\Fichiers communs\xing shared 2009-06-19 09:36 . 2005-01-15 11:27 -------- d-----w- c:\program files\Fichiers communs\Real 2009-06-16 14:40 . 2001-08-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2001-08-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:10 . 2004-12-14 21:23 1297408 ----a-w- c:\windows\system32\quartz.dll 2006-02-08 14:06 . 2006-02-08 14:06 5239328 ----a-w- c:\program files\Firefox Setup 1.5.0.1.exe 2006-01-23 09:59 . 2006-01-23 09:59 26958 ----a-w- c:\program files\MovieLand Terms.html 2004-03-11 12:27 . 2004-12-15 19:45 40960 ----a-w- c:\program files\Uninstall_CDS.exe 2003-10-14 12:03 . 2005-09-03 09:05 1019904 ----a-w- c:\program files\SDViewerDSC.exe 2003-10-09 11:59 . 2005-09-03 09:05 524288 ----a-w- c:\program files\DVFPreview.exe 2002-10-31 17:13 . 2005-09-03 09:05 225280 ----a-w- c:\program files\CardBackup.dll 2002-10-31 16:39 . 2005-09-03 09:05 217088 ----a-w- c:\program files\ResizeImage.dll 2002-10-25 08:10 . 2005-09-03 09:05 175616 ----a-w- c:\program files\ExifThumb.dll 2002-10-24 09:59 . 2005-09-03 09:05 356352 ----a-w- c:\program files\rsrcBase.dll 2002-10-23 09:33 . 2005-09-03 09:05 524288 ----a-w- c:\program files\SlideShow.exe 2002-10-23 08:02 . 2005-09-03 09:05 1351680 ----a-w- c:\program files\EasyPrintPreview.dll 2002-10-23 07:50 . 2005-09-03 09:05 3633152 ----a-w- c:\program files\PrintPreview.dll 2002-10-08 11:12 . 2005-09-03 09:05 8550 ----a-w- c:\program files\Readme.txt 2002-10-07 17:29 . 2005-09-03 09:05 65536 ----a-w- c:\program files\CheckImg.dll 2002-09-18 08:13 . 2005-09-03 09:05 200704 ----a-w- c:\program files\ImgConv.dll 2002-09-13 18:14 . 2005-09-03 09:05 229376 ----a-w- c:\program files\ScrSamp.bin 2002-09-13 14:49 . 2005-09-03 09:05 61440 ----a-w- c:\program files\PScrMkr.dll 2002-09-13 08:14 . 2005-09-03 09:05 5861376 ----a-w- c:\program files\Resource.dll 2002-08-30 18:04 . 2005-09-03 09:05 122880 ----a-w- c:\program files\QTAPI.dll 2002-08-07 18:34 . 2005-09-03 09:05 53248 ----a-w- c:\program files\CLEANTEMP.exe 2002-08-01 11:05 . 2005-09-03 09:05 86016 ----a-w- c:\program files\MjThumb.dll 2002-06-26 15:31 . 2005-09-03 09:05 339968 ----a-w- c:\program files\AlbumBase.dll 2002-05-30 13:27 . 2005-09-03 09:05 208896 ----a-w- c:\program files\PanaJpeg.dll 2002-04-25 18:32 . 2005-09-03 09:05 61440 ----a-w- c:\program files\Rotation.dll 2002-04-16 11:06 . 2005-09-03 09:05 73728 ----a-w- c:\program files\DvSerCom.dll 2001-07-11 19:53 . 2005-09-03 09:05 65536 ----a-w- c:\program files\GrabMgr.dll 2001-06-04 17:58 . 2005-09-03 09:05 61440 ----a-w- c:\program files\PanaGrab.ax 2001-04-20 09:13 . 2005-09-03 09:05 196664 ----a-w- c:\program files\firsttex.bmp 2001-02-06 09:02 . 2005-09-03 09:05 262232 ----a-w- c:\program files\Decorg32.dll 2000-12-01 11:31 . 2005-09-03 09:05 85292 ----a-w- c:\program files\dooropen.wav 2000-05-30 13:02 . 2005-09-03 09:05 10752 ----a-w- c:\program files\TTLCodec.dll 1999-11-15 14:54 . 2005-09-03 09:05 64512 ----a-w- c:\program files\Mkdcdif.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-07_12.44.38 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-10 14:11 . 2009-08-10 14:11 16384 c:\windows\Temp\Perflib_Perfdata_824.dat + 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2009-08-07 13:20 . 2009-08-07 13:20 3967488 c:\windows\Installer\780ab.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-31 21738792] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-12-16 188416] "WatchingService"="c:\program files\d-link d-viewcam\exes\wdsvc.exe" [2007-05-11 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-06-19 198160] "NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-05 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Jean-Jacques\Menu D‚marrer\Programmes\D‚marrage\ desktop(2).ini [2004-12-14 84] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ desktop(2).ini [2004-12-14 84] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\D-Link D-ViewCam\\Exes\\Admin.exe"= "c:\\Program Files\\D-Link D-ViewCam\\Exes\\Monitor.exe"= "c:\\Program Files\\D-Link D-ViewCam\\Exes\\MediaViewer.exe"= "c:\\Program Files\\D-Link D-ViewCam\\Exes\\Control.exe"= "c:\\Program Files\\D-Link D-ViewCam\\Exes\\VideoProxy.exe"= "c:\\Program Files\\D-Link D-ViewCam\\Exes\\WDSvc.exe"= "c:\\Program Files\\D-Link\\D-Link Setup Wizard.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "21:TCP"= 21:TCP:UniSVR FTP "8000:TCP"= 8000:TCP:UniSVR UniArgus-Port1 "8001:TCP"= 8001:TCP:UniSVR UniArgus-Port2 R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [29/12/2004 20:20 4064] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [06/08/2009 23:54 108289] R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [11/10/2005 11:45 21344] S2 gupdate1c9a009f0f7be0c;Google Update Service (gupdate1c9a009f0f7be0c);c:\program files\Google\Update\GoogleUpdate.exe [08/03/2009 18:21 133104] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [28/11/2002 21:23 39048] S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?] S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?] S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?] S3 ids0015d;ids0015d;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys [?] S3 ids00180;ids00180;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys [?] S3 ids0018a;ids0018a;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys [?] S3 ids00196;ids00196;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - RKREVEAL150 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.tv66.fr/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: maris.com\www.redshift DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} - hxxp://88.165.199.184/CSViewer.cab FF - ProfilePath - c:\documents and settings\Jean-Jacques\Application Data\Mozilla\Firefox\Profiles\47pgp284.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.tv66.fr/ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Jean-Jacques\Application Data\Mozilla\plugins\npPxPlay.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-10 19:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\JEAN-J~1\LOCALS~1\Temp\Perflib_Perfdata_a20.dat 16384 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(932) c:\windows\System32\wbem\fastprox.dll - - - - - - - > 'explorer.exe'(3464) c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . Completion time: 2009-08-10 19:51 ComboFix-quarantined-files.txt 2009-08-10 17:51 ComboFix2.txt 2009-08-07 17:43 ComboFix3.txt 2009-08-07 12:47 Pre-Run: 39 684 558 848 octets libres Post-Run: 39 760 355 328 octets libres 260 --- E O F --- 2009-08-05 19:45
×
×
  • Créer...