Aller au contenu

Powaaa

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    21

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français

Powaaa's Achievements

Member

Member (4/12)

1

Réputation sur la communauté

  1. Powaaa
    Ok. Merci beaucoup.
  2. Powaaa
    Voilà le rapport. http://cjoint.com/?CJwpLeLsalE
  3. Powaaa
    Très bien. Voilà tous les liens dans l'ordre: C:\AdwCleaner[R1].txt http://cjoint.com/?CJusfUoOoWS C:\AdwCleaner[s1].txt http://cjoint.com/?CJusg6TjKya Jrt.txt http://cjoint.com/?CJuswKV7d8R MBAM http://cjoint.com/?CJvs7KX90xm ZhpDiag.txt http://cjoint.com/?CJvtkEtddNV Je précise que les publicités ont cessé d'apparaitre. Merci pour l'aide.
  4. Powaaa
    Merci bien. Voici le lien. http://cjoint.com/?CJujG5kOPI8
  5. Powaaa
    Bonjour. Alors voilà mon problème. Depuis quelques jours, j'ai remarqué qu'à chaque fois que j'ouvrais une page internet sur firefox, une sorte de petite fenêtre publicitaire apparaissait en bas à droite de la page... Quelqu'un pourrait-il me conseiller afin que je puisse éradiquer ce problème? Je précise que je ne suis pas calé en informatique. Je vous remercie d'avance.
  6. Powaaa
    Et bien voilà. Bonjour à tous . Mon problème c'est que: Parfois, lorsque je suis en train de travailler sur l'ordinateur, que je sois sur internet ou non, une petite fenêtre noire s'ouvre toute seule et disparait presque aussitôt. Je n'ai parfois pas le temps de fermer cette fenêtre qu'elle a déjà eu le temps de disparaitre. Je crois que le nom de la fenêtre c'est trangex où quelque chose comme ça... Si elle réapparait je vous dirai le nom exact. Aussi, je suis sous Windows 7 et j'ai comme antivirus avast (version gratuite)... Mon antivirus ne détecte aucun virus lors des scan, mais est-ce bien fiable tout ça? Bon c'est rien de bien dérangeant pour l'instant, mais j'ai peur que mon système plante sous le coup d'une aggravation. D'autant plus que les devoirs de fin d'année approchent^^. Donc pour commencer, est ce que quelqu'un pourrait me dire comment analyser la présence potentielle de virus sur mon ordinateur (autre que par le biais d'un scan avast)???????????? Au fait, je suis nase en informatique, donc voilà. Je vous remercie d'avance.
  7. Powaaa
    Cette histoire de marabout télépathe est un vrai tissu d'âneries. Je n'arrive pas à croire qu'au 21ème siècle on prenne encore les gens pour des dindons. Tout le monde sait bien que pour qu'un ordi aille mieux, il faut badigeonner l'écran d'eau bénite tout les dimanches avant midi.
  8. Powaaa
    Merci^^. Mon problème est résolu (pour l'instant?) J'ai suivi ton conseil. J'ai désactivé le module complémentaire au nom d'éditeur non inconnu, je cite: java plug-in 1.6.0_14.
  9. Powaaa
    Bonjour!!!! Voilà ma situation. Depuis quelques jours, lorsque je clic sur l'onglet IE, la page commence à se charger normalement, puis une fenêtre "internet explorer a cessé de fonctionner" apparaît. Après, voilà dans l'ordre ce qui se passe: -Windows recherche une solution. -Windows me propose "fermer le programme". -Je clic sur fermer. -La page se recharge parce que IE a récupéré l'onglet. Et là on revient comme au début. Une fenêtre "internet explorer a cessé de fonctionner apparaît". Et c'est le même cercle vicieux qui recommence . A côté de ça, firefox et msn continuent de fonctionner normalement. Alors quel peut être le problème de mon navigateur??? Aussi, j'ai désinstallé internet explorer et installé une autre version pour voir si le problème s'arrangeait. Mais en fait non, pas du tout. Je me disais alors que j'avais peut être été infecté par un virus. Comment vérifié si c'est le cas? Et si c'est le cas, comment l'éradiquer avant qu'il n'affecte sérieusement mes autres programmes????? Merci d'avance pour votre aide .
  10. Powaaa
    Helloooooo!!!!!!!!! Je reposte ici pour rien mais bon. Juste pour te dire merci de tes efforts Falkra. Mais mon ordi de l'époque a arrêté de fonctionné (d'où ma longue absence). Au final j'ai préféré en changé car ma carte graphique ne marchait plus. Ça règle un peu les problèmes de virus du coup. Bon là j'ai un léger problème avec mon nouvel ordinateur et internet explorer. Je ne sais pas si je dois créé un nouveau sujet étant donné que la machine est différente. Je verrai. Sinon, encore merci . A +.
  11. Powaaa
    Désolé du retard. Donc j'ai fais ce que tu m'as dis, mais le scan n'a duré que quelques secondes. J'espère donc que j'ai bien suivi tes consignes. Merci de ton aide, voilà!!!: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/03/17 22:27 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x87F04000 Size: 815104 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x8C800000 Size: 49152 File Visible: No Signed: - Status: - Name: sprn.sys Image Path: C:\Windows\System32\Drivers\sprn.sys Address: 0x80691000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Processes ------------------- Path: SYSTEM PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1256 Status: Locked to the Windows API! SSDT ------------------- #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x9a10d46c #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x9a10d458 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x9a10d45d #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x9a10d467 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x84e0c1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_CREATE] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_CLOSE] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_POWER] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: a9o6w55eЍ䵆汳`ⴴ訿ⴴ訿ꮨ虹ⴈ訿덜艸, IRP_MJ_PNP] Process: System Address: 0x868ba1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x84e0b1f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_CREATE] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_CLOSE] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_READ] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_WRITE] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_SHUTDOWN] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_POWER] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: cdromp, IRP_MJ_PNP] Process: System Address: 0x868b51f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x867e91f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: Smb, IRP_MJ_PNP] Process: System Address: 0x86e011f8 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: netbt, IRP_MJ_PNP] Process: System Address: 0x86e0c500 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_CREATE] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_CLOSE] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_POWER] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtБ浍慃袄ܤ螣臭蝁, IRP_MJ_PNP] Process: System Address: 0x869321f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x8447c1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x867e41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP] Process: System Address: 0x867b41f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CREATE] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CLOSE] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_READ] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_WRITE] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_SET_INFORMATION] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_SHUTDOWN] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_CLEANUP] Process: System Address: 0x878b91f8 Size: 121 Object: Hidden Code [Driver: cdfs牉⁰밠蝵킰蜔Љ慖汤쑻蜺殐薌, IRP_MJ_PNP] Process: System Address: 0x878b91f8 Size: 121 ==EOF==
  12. Powaaa
    GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-07 22:58:54 Windows 6.0.6001 Service Pack 1 Running: 5rc7i8vj.exe; Driver: C:\Users\ETIENNE\AppData\Local\Temp\kgloyaow.sys ---- Processes - GMER 1.0.15 ---- Process (*** hidden *** ) -2112625576 Process (*** hidden *** ) -2079894008 Process (*** hidden *** ) -2079891288 Process (*** hidden *** ) -2079889912 Process (*** hidden *** ) -2079888552 Process (*** hidden *** ) -2074166216 Process (*** hidden *** ) -2074125872 Process (*** hidden *** ) -2072742408 Process (*** hidden *** ) -2072657736 Process (*** hidden *** ) -2072590968 Process (*** hidden *** ) -2072522568 Process (*** hidden *** ) -2072459312 Process (*** hidden *** ) -2072448840 Process (*** hidden *** ) -2072005472 Process (*** hidden *** ) -2071689760 Process (*** hidden *** ) -2071093760 Process (*** hidden *** ) -2071080776 Process (*** hidden *** ) -2071003648 Process (*** hidden *** ) -2071002952 Process (*** hidden *** ) -2070795536 Process (*** hidden *** ) -2070770176 Process (*** hidden *** ) -2070692352 Process (*** hidden *** ) -2070683464 Process (*** hidden *** ) -2070593352 Process (*** hidden *** ) -2070409728 Process (*** hidden *** ) -2070400840 Process (*** hidden *** ) -2070348288 Process (*** hidden *** ) -2070264112 Process (*** hidden *** ) -2070262272 Process (*** hidden *** ) -2070241792 Process (*** hidden *** ) -2070211152 Process (*** hidden *** ) -2070190640 Process (*** hidden *** ) -2070161880 Process (*** hidden *** ) -2070102528 Process (*** hidden *** ) -2070072576 Process (*** hidden *** ) -2070048584 Process (*** hidden *** ) -2070022624 Process (*** hidden *** ) -2069919048 Process (*** hidden *** ) -2067781264 Process (*** hidden *** ) -2067733760 Process (*** hidden *** ) -2067724784 Process (*** hidden *** ) -2067722752 Process (*** hidden *** ) -2067689984 Process (*** hidden *** ) -2067666240 Process (*** hidden *** ) -2067608224 Process (*** hidden *** ) -2067532296 Process (*** hidden *** ) -2067530240 Process (*** hidden *** ) -2067489592 Process (*** hidden *** ) -2067465488 Process (*** hidden *** ) -2067453928 Process (*** hidden *** ) -2067414080 Process (*** hidden *** ) -2067372504 Process (*** hidden *** ) -2067273976 Process (*** hidden *** ) -2067259208 Process (*** hidden *** ) -2067217664 Process (*** hidden *** ) -2067148080 Process (*** hidden *** ) -2035015064 Process (*** hidden *** ) -2029212840 Process (*** hidden *** ) -2028308200 Process (*** hidden *** ) -2028149376 Process (*** hidden *** ) -2028134912 Process (*** hidden *** ) -2028131472 Process (*** hidden *** ) -2028075288 Process (*** hidden *** ) -2026909512 Process (*** hidden *** ) -2026750464 Process (*** hidden *** ) -2026141032 Process (*** hidden *** ) -2025882808 Process (*** hidden *** ) -2025878712 Process (*** hidden *** ) -2025746248 Process (*** hidden *** ) -2025744664 Process (*** hidden *** ) -2025736048 Process (*** hidden *** ) -2025617112 Process (*** hidden *** ) -2025600560 Process (*** hidden *** ) -2025588536 Process (*** hidden *** ) -2025523760 Process (*** hidden *** ) -2025473944 Process (*** hidden *** ) -2025467720 Process (*** hidden *** ) -2025425136 Process (*** hidden *** ) -2025361224 Process (*** hidden *** ) -2025333576 Process (*** hidden *** ) -2025280696 Process (*** hidden *** ) -2025241384 Process (*** hidden *** ) -2025204120 Process (*** hidden *** ) -2025128448 Process (*** hidden *** ) -2025123176 Process (*** hidden *** ) -2025048088 Process (*** hidden *** ) -2025042920 Process (*** hidden *** ) -2025041736 Process (*** hidden *** ) -2024990992 Process (*** hidden *** ) -2024745152 Process (*** hidden *** ) -2024684224 Process (*** hidden *** ) -2024463288 Process (*** hidden *** ) -2024311536 Process (*** hidden *** ) -2024248880 Process (*** hidden *** ) -2024093936 Process (*** hidden *** ) -2024048992 Process (*** hidden *** ) -2023999648 Process (*** hidden *** ) -2023821128 Process (*** hidden *** ) -2023758544 Process (*** hidden *** ) -2023673496 Process (*** hidden *** ) -2023664880 Process (*** hidden *** ) -2023588352 Process (*** hidden *** ) -2023383552 Process (*** hidden *** ) -2022957568 Process (*** hidden *** ) -2022780744 Process (*** hidden *** ) -2022729320 Process (*** hidden *** ) -2022672840 Process (*** hidden *** ) -2022641480 Process (*** hidden *** ) -2022543872 Process (*** hidden *** ) -2022458240 Process (*** hidden *** ) -2022456552 Process (*** hidden *** ) -2022410400 Process (*** hidden *** ) -2022256456 Process (*** hidden *** ) -2022108768 Process (*** hidden *** ) -2022044856 Process (*** hidden *** ) -2022037368 Process (*** hidden *** ) -2022017992 Process (*** hidden *** ) -2021945160 Process (*** hidden *** ) -2021943152 Process (*** hidden *** ) -2021941760 Process (*** hidden *** ) -2021941064 Process (*** hidden *** ) -2021939056 Process (*** hidden *** ) -2021938360 Process (*** hidden *** ) -2021937664 Process (*** hidden *** ) -2021924680 Process (*** hidden *** ) -2021847896 Process (*** hidden *** ) -2021841032 Process (*** hidden *** ) -2021840056 Process (*** hidden *** ) -2021826376 Process (*** hidden *** ) -2021605192 Process (*** hidden *** ) -2021597000 Process (*** hidden *** ) -2021519176 Process (*** hidden *** ) -2021464872 Process (*** hidden *** ) -2021459824 Process (*** hidden *** ) -2021458432 Process (*** hidden *** ) -2021313552 Process (*** hidden *** ) -2021252136 Process (*** hidden *** ) -2021248040 Process (*** hidden *** ) -2021211360 Process (*** hidden *** ) -2021154632 Process (*** hidden *** ) -2021046896 Process (*** hidden *** ) -2020966912 Process (*** hidden *** ) -2020848680 Process (*** hidden *** ) -2020594176 Process (*** hidden *** ) -2020571736 Process (*** hidden *** ) -2020552296 Process (*** hidden *** ) -2020536832 Process (*** hidden *** ) -2020532840 Process (*** hidden *** ) -2020507464 Process (*** hidden *** ) -2020498408 Process (*** hidden *** ) -2020465000 Process (*** hidden *** ) -2020085576 Process (*** hidden *** ) -2019032904 Process (*** hidden *** ) -2018867672 Process (*** hidden *** ) -2018845184 Process (*** hidden *** ) -2018630496 Process (*** hidden *** ) -2018583344 Process (*** hidden *** ) -2018519120 Process (*** hidden *** ) -2018316888 Process (*** hidden *** ) -2018250568 Process (*** hidden *** ) -2018246472 Process (*** hidden *** ) -2017933432 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x4D 0x0A 0xBE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x36 0xB8 0x42 0xC7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xB7 0xB4 0x5B ... ---- EOF - GMER 1.0.15 ----
  13. Powaaa
    GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-07 09:47:47 Windows 6.0.6001 Service Pack 1 Running: 5rc7i8vj.exe; Driver: C:\Users\ETIENNE\AppData\Local\Temp\kgloyaow.sys ---- Processes - GMER 1.0.15 ---- Process (*** hidden *** ) -2143474600 Process (*** hidden *** ) -2079894688 Process (*** hidden *** ) -2079889232 Process (*** hidden *** ) -2079887872 Process (*** hidden *** ) -2079843336 Process (*** hidden *** ) -2074477096 Process (*** hidden *** ) -2074465272 Process (*** hidden *** ) -2074405552 Process (*** hidden *** ) -2074378056 Process (*** hidden *** ) -2074375648 Process (*** hidden *** ) -2074364352 Process (*** hidden *** ) -2074312520 Process (*** hidden *** ) -2074204120 Process (*** hidden *** ) -2074160968 Process (*** hidden *** ) -2073890536 Process (*** hidden *** ) -2073844560 Process (*** hidden *** ) -2073632584 Process (*** hidden *** ) -2073587528 Process (*** hidden *** ) -2073380112 Process (*** hidden *** ) -2072896000 Process (*** hidden *** ) -2071926496 Process (*** hidden *** ) -2071855616 Process (*** hidden *** ) -2071812976 Process (*** hidden *** ) -2071758376 Process (*** hidden *** ) -2071704064 Process (*** hidden *** ) -2071678792 Process (*** hidden *** ) -2071617352 Process (*** hidden *** ) -2071474688 Process (*** hidden *** ) -2070888960 Process (*** hidden *** ) -2070389912 Process (*** hidden *** ) -2070208328 Process (*** hidden *** ) -2070139392 Process (*** hidden *** ) -2064815296 Process (*** hidden *** ) -2047471432 Process (*** hidden *** ) -2047456016 Process (*** hidden *** ) -2040491848 Process (*** hidden *** ) -2040490384 Process (*** hidden *** ) -2040348312 Process (*** hidden *** ) -2040345736 Process (*** hidden *** ) -2040120984 Process (*** hidden *** ) -2040115712 Process (*** hidden *** ) -2038686992 Process (*** hidden *** ) -2037934424 Process (*** hidden *** ) -2037933720 Process (*** hidden *** ) -2037923656 Process (*** hidden *** ) -2037919560 Process (*** hidden *** ) -2037910320 Process (*** hidden *** ) -2031211008 Process (*** hidden *** ) -2030088704 Process (*** hidden *** ) -2029649024 Process (*** hidden *** ) -2029648320 Process (*** hidden *** ) -2029483216 Process (*** hidden *** ) -2029057000 Process (*** hidden *** ) -2029054856 Process (*** hidden *** ) -2028662600 Process (*** hidden *** ) -2028641096 Process (*** hidden *** ) -2028640152 Process (*** hidden *** ) -2027102720 Process (*** hidden *** ) -2026982808 Process (*** hidden *** ) -2026947552 Process (*** hidden *** ) -2026926592 Process (*** hidden *** ) -2026887952 Process (*** hidden *** ) -2026850192 Process (*** hidden *** ) -2026815304 Process (*** hidden *** ) -2026486064 Process (*** hidden *** ) -2026320384 Process (*** hidden *** ) -2026309984 Process (*** hidden *** ) -2026309216 Process (*** hidden *** ) -2026304296 Process (*** hidden *** ) -2026102600 Process (*** hidden *** ) -2026053448 Process (*** hidden *** ) -2026031720 Process (*** hidden *** ) -2025996104 Process (*** hidden *** ) -2025943792 Process (*** hidden *** ) -2025919136 Process (*** hidden *** ) -2025914184 Process (*** hidden *** ) -2025867192 Process (*** hidden *** ) -2025794304 Process (*** hidden *** ) -2025744592 Process (*** hidden *** ) -2025716128 Process (*** hidden *** ) -2025693000 Process (*** hidden *** ) -2025684472 Process (*** hidden *** ) -2025628480 Process (*** hidden *** ) -2025619272 Process (*** hidden *** ) -2025614192 Process (*** hidden *** ) -2025602888 Process (*** hidden *** ) -2025598792 Process (*** hidden *** ) -2025563072 Process (*** hidden *** ) -2025543288 Process (*** hidden *** ) -2025353032 Process (*** hidden *** ) -2025342096 Process (*** hidden *** ) -2025312072 Process (*** hidden *** ) -2025310312 Process (*** hidden *** ) -2025253760 Process (*** hidden *** ) -2025247624 Process (*** hidden *** ) -2025237552 Process (*** hidden *** ) -2025182208 Process (*** hidden *** ) -2025127752 Process (*** hidden *** ) -2025115464 Process (*** hidden *** ) -2025088360 Process (*** hidden *** ) -2025010640 Process (*** hidden *** ) -2024965040 Process (*** hidden *** ) -2024788480 Process (*** hidden *** ) -2024661504 Process (*** hidden *** ) -2024630488 Process (*** hidden *** ) -2024568152 Process (*** hidden *** ) -2024561400 Process (*** hidden *** ) -2024499432 Process (*** hidden *** ) -2024406856 Process (*** hidden *** ) -2024376008 Process (*** hidden *** ) -2024302472 Process (*** hidden *** ) -2024291648 Process (*** hidden *** ) -2024279880 Process (*** hidden *** ) -2024183344 Process (*** hidden *** ) -2024096568 Process (*** hidden *** ) -2024054600 Process (*** hidden *** ) -2024048024 Process (*** hidden *** ) -2023960392 Process (*** hidden *** ) -2023941304 Process (*** hidden *** ) -2023739048 Process (*** hidden *** ) -2023737904 Process (*** hidden *** ) -2023549744 Process (*** hidden *** ) -2023489352 Process (*** hidden *** ) -2023451208 Process (*** hidden *** ) -2023440896 Process (*** hidden *** ) -2023415624 Process (*** hidden *** ) -2023148064 Process (*** hidden *** ) -2023123232 Process (*** hidden *** ) -2023005720 Process (*** hidden *** ) -2022965760 Process (*** hidden *** ) -2022951032 Process (*** hidden *** ) -2022943736 Process (*** hidden *** ) -2022902744 Process (*** hidden *** ) -2022781440 Process (*** hidden *** ) -2022779352 Process (*** hidden *** ) -2022704312 Process (*** hidden *** ) -2022694728 Process (*** hidden *** ) -2022693160 Process (*** hidden *** ) -2022669240 Process (*** hidden *** ) -2022660208 Process (*** hidden *** ) -2022490624 Process (*** hidden *** ) -2022422720 Process (*** hidden *** ) -2022410064 Process (*** hidden *** ) -2022266824 Process (*** hidden *** ) -2022265344 Process (*** hidden *** ) -2022257320 Process (*** hidden *** ) -2022222880 Process (*** hidden *** ) -2022181120 Process (*** hidden *** ) -2022140192 Process (*** hidden *** ) -2022128128 Process (*** hidden *** ) -2022052424 Process (*** hidden *** ) -2022051656 Process (*** hidden *** ) -2022012728 Process (*** hidden *** ) -2021959856 Process (*** hidden *** ) -2021939232 Process (*** hidden *** ) -2021849320 Process (*** hidden *** ) -2021718616 Process (*** hidden *** ) -2021683016 Process (*** hidden *** ) -2021678920 Process (*** hidden *** ) -2021536920 Process (*** hidden *** ) -2021510984 Process (*** hidden *** ) -2021498696 Process (*** hidden *** ) -2021427160 Process (*** hidden *** ) -2021409616 Process (*** hidden *** ) -2021373104 Process (*** hidden *** ) -2021325496 Process (*** hidden *** ) -2021271352 Process (*** hidden *** ) -2021220864 Process (*** hidden *** ) -2021159608 Process (*** hidden *** ) -2021081600 Process (*** hidden *** ) -2021075928 Process (*** hidden *** ) -2020994888 Process (*** hidden *** ) -2020992520 Process (*** hidden *** ) -2020984400 Process (*** hidden *** ) -2020975104 Process (*** hidden *** ) -2020932152 Process (*** hidden *** ) -2020877824 Process (*** hidden *** ) -2020725416 Process (*** hidden *** ) -2020723200 Process (*** hidden *** ) -2020717056 Process (*** hidden *** ) -2020553216 Process (*** hidden *** ) -2020548424 Process (*** hidden *** ) -2020535552 Process (*** hidden *** ) -2020529336 Process (*** hidden *** ) -2020527944 Process (*** hidden *** ) -2020491080 Process (*** hidden *** ) -2020489168 Process (*** hidden *** ) -2020480008 Process (*** hidden *** ) -2020354376 Process (*** hidden *** ) -2020281848 Process (*** hidden *** ) -2020255376 Process (*** hidden *** ) -2020138248 Process (*** hidden *** ) -2020075888 Process (*** hidden *** ) -2020058096 Process (*** hidden *** ) -2019824360 Process (*** hidden *** ) -2019768248 Process (*** hidden *** ) -2019757896 Process (*** hidden *** ) -2019743288 Process (*** hidden *** ) -2019721848 Process (*** hidden *** ) -2019612528 Process (*** hidden *** ) -2019597464 Process (*** hidden *** ) -2019444576 Process (*** hidden *** ) -2019436304 Process (*** hidden *** ) -2019353088 Process (*** hidden *** ) -2019336008 Process (*** hidden *** ) -2019320320 Process (*** hidden *** ) -2019281656 Process (*** hidden *** ) -2019185152 Process (*** hidden *** ) -2019169792 Process (*** hidden *** ) -2019141616 Process (*** hidden *** ) -2019127112 Process (*** hidden *** ) -2019117048 Process (*** hidden *** ) -2019086848 Process (*** hidden *** ) -2019084584 Process (*** hidden *** ) -2019082056 Process (*** hidden *** ) -2019077960 Process (*** hidden *** ) -2019035936 Process (*** hidden *** ) -2019029992 Process (*** hidden *** ) -2019017216 Process (*** hidden *** ) -2018994328 Process (*** hidden *** ) -2018973376 Process (*** hidden *** ) -2018962088 Process (*** hidden *** ) -2018946888 Process (*** hidden *** ) -2018875448 Process (*** hidden *** ) -2018840392 Process (*** hidden *** ) -2018810072 Process (*** hidden *** ) -2018766664 Process (*** hidden *** ) -2018733896 Process (*** hidden *** ) -2018656072 Process (*** hidden *** ) -2018248400 ---- EOF - GMER 1.0.15 ----
  14. Powaaa
    ComboFix 10-03-02.08 - ETIENNE 04/03/2010 13:40:35.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.1300 [GMT -7:00] Lancé depuis: c:\users\ETIENNE\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\ETIENNE\Desktop\CFscript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\bohumoye c:\programdata\bohumoye\bohumoye.dll c:\programdata\doguvuvo c:\programdata\fimohinu c:\programdata\gomuzidi c:\programdata\gukowema c:\programdata\hinuhilu c:\programdata\jopafuyi c:\programdata\mamotapi c:\programdata\nadusajo c:\programdata\nadusajo\nadusajo.dll c:\programdata\najihate c:\programdata\nihujoti c:\programdata\nihujoti\nihujoti.dll c:\programdata\nuruhola c:\programdata\pekiboba c:\programdata\pekiboba\pekiboba.dll c:\programdata\pohubeli c:\programdata\sapoviri c:\programdata\sulumetu c:\programdata\sulumetu\sulumetu.dll c:\programdata\tasurepa c:\programdata\wanisupa c:\programdata\wuvajepe c:\programdata\wuvajepe\wuvajepe.dll c:\programdata\yohilite c:\programdata\zazaliwu c:\programdata\zazaliwu\zazaliwu.dll c:\programdata\zofitemi c:\programdata\zofitemi\zofitemi.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 )))))))))))))))))))))))))))))))))))) . 2010-03-04 20:51 . 2010-03-04 20:51 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-03-04 20:51 . 2010-03-04 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-04 12:35 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-03 20:38 . 2010-03-04 20:55 -------- d-----w- c:\users\ETIENNE\AppData\Local\temp 2010-03-03 20:36 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-03-03 20:36 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-28 15:02 . 2010-02-28 15:02 -------- d-----w- C:\_OTM 2010-02-27 19:43 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Malwarebytes 2010-02-27 17:12 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\programdata\Malwarebytes 2010-02-27 17:12 . 2010-02-27 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-27 17:12 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-26 19:51 . 2010-02-27 19:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-26 19:51 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\programdata\Avira 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\program files\Avira 2010-02-18 20:25 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll 2010-02-18 20:25 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys 2010-02-18 20:22 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll 2010-02-18 20:22 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll 2010-02-18 20:22 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-02-18 20:22 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll 2010-02-18 20:22 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys 2010-02-18 20:22 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll 2010-02-18 20:22 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe 2010-02-18 20:22 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe 2010-02-18 20:22 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll 2010-02-18 20:22 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll 2010-02-18 15:14 . 2010-02-18 15:14 -------- d-----w- C:\PerfLogs 2010-02-11 07:56 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-11 07:28 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-11 07:28 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-11 07:28 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-02-11 07:28 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-02-11 07:28 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-02-11 07:28 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-02-11 07:27 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-02-11 07:27 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-02-11 07:27 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll 2010-02-11 07:27 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-02-11 07:27 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-11 07:27 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-04 04:24 . 2006-03-12 23:37 678968 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-04 04:24 . 2006-03-12 23:37 128004 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-03 18:12 . 2008-04-05 10:01 -------- d-----w- c:\program files\Lx_cats 2010-02-27 18:06 . 2008-08-12 14:46 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\LimeWire 2010-02-24 16:16 . 2009-10-04 08:55 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-02-18 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-02-18 15:12 . 2006-03-12 15:25 -------- d-----w- c:\programdata\NVIDIA 2010-02-18 14:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-02-18 14:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-02-14 15:33 . 2006-03-12 15:42 -------- d-----w- c:\programdata\Microsoft Help 2010-01-23 04:44 . 2008-10-17 20:21 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-16 17:33 . 2009-08-22 16:23 -------- d-----w- c:\programdata\Messenger Plus! 2010-01-16 17:24 . 2010-01-16 17:24 -------- d-----w- c:\program files\Ask Search Assistant 2010-01-16 17:24 . 2009-08-22 16:14 -------- d-----w- c:\program files\Messenger Plus! Live 2010-01-13 14:39 . 2008-08-12 14:25 -------- d-----w- c:\program files\LimeWire 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\programdata\PC Suite 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\PC Suite 2010-01-08 16:33 . 2010-01-08 16:32 -------- d-----w- c:\program files\DIFX 2010-01-08 16:32 . 2006-03-12 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-08 16:32 . 2010-01-08 16:25 -------- d-----w- c:\program files\Samsung 2010-01-08 16:31 . 2010-01-08 16:27 -------- d-----w- c:\program files\PC Connectivity Solution 2010-01-08 16:29 . 2010-01-08 16:29 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Samsung 2010-01-08 16:28 . 2010-01-08 16:28 -------- d-----w- c:\program files\MarkAny 2010-01-02 06:38 . 2010-01-25 04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-25 04:29 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-25 04:29 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-25 04:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-06 12:37 . 2010-02-06 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2010-03-03 15:08 . 2006-03-12 15:30 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2010-03-03 15:08 . 2006-03-12 15:30 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2010-03-03 15:08 . 2006-03-12 15:30 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2010-03-03 15:08 . 2006-03-12 15:30 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2010-03-03 15:08 . 2006-03-12 15:30 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2006-03-12 23:42 . 2006-03-12 23:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-03 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-06 30192] "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\users\ETIENNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-4-29 155648] Outil de notification Live Search.lnk - c:\users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-1 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2010 12:51 108289] R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [08/01/2010 09:29 233472] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [25/04/2007 22:21 99248] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [08/01/2010 09:29 36608] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [12/03/2006 16:33 281088] S2 gupdate1c9e867306385d0;Service Google Update (gupdate1c9e867306385d0);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 11:30 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 14:17 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/03/2006 08:36 30192] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - FSUSBEXDISK . Contenu du dossier 'Tâches planifiées' 2010-03-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-03-12 15:13] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002Core.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002UA.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2008-05-16 c:\windows\Tasks\HDReg.job - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14] 2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{7CCA24AB-1E15-44A7-B220-2BBF2EB9B2A5}.job - c:\windows\system32\msfeedssync.exe [2010-01-25 04:56] . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll FF - component: c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\windows\system32\lxddcoms.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\windows\system32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Windows Media Player\wmpnetwk.exe c:\users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Heure de fin: 2010-03-04 14:05:27 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-04 21:05 ComboFix2.txt 2010-03-03 20:38 Avant-CF: 14 683 693 056 octets libres Après-CF: 14 548 418 560 octets libres - - End Of File - - EC17457E00A917E60E1E6805B7E40AF6
  15. Powaaa
    ComboFix 10-03-02.08 - ETIENNE 03/03/2010 13:21:25.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2038.873 [GMT -7:00] Lancé depuis: c:\users\ETIENNE\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-37189480-250429832-724886619-500 c:\users\ETIENNE\heuwo.exe c:\users\ETIENNE\hiadae.exe c:\users\ETIENNE\joooc.exe c:\users\ETIENNE\koasaq.exe c:\users\ETIENNE\naauviw.exe c:\users\ETIENNE\swjoub.exe c:\users\ETIENNE\tajax.exe c:\users\ETIENNE\yeegap.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-03 au 2010-03-03 )))))))))))))))))))))))))))))))))))) . 2010-03-03 20:34 . 2010-03-03 20:34 -------- d-----w- c:\users\ETIENNE\AppData\Local\temp 2010-03-03 20:34 . 2010-03-03 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-28 15:02 . 2010-02-28 15:02 -------- d-----w- C:\_OTM 2010-02-27 19:43 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Malwarebytes 2010-02-27 17:12 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-27 17:12 . 2010-02-27 17:12 -------- d-----w- c:\programdata\Malwarebytes 2010-02-27 17:12 . 2010-02-27 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-27 17:12 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-26 19:51 . 2010-02-27 19:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-26 19:51 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\programdata\Avira 2010-02-26 19:51 . 2010-02-26 19:51 -------- d-----w- c:\program files\Avira 2010-02-26 19:24 . 2010-02-27 18:04 -------- d-----w- c:\programdata\gomuzidi 2010-02-26 19:24 . 2010-02-26 19:24 -------- d-----w- c:\programdata\nadusajo 2010-02-25 16:39 . 2010-02-27 12:35 -------- d-----w- c:\programdata\tasurepa 2010-02-25 16:39 . 2010-02-25 16:39 -------- d-----w- c:\programdata\pekiboba 2010-02-25 15:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\nuruhola 2010-02-25 15:34 . 2010-02-25 15:34 -------- d-----w- c:\programdata\zazaliwu 2010-02-24 17:55 . 2010-02-24 17:55 -------- d-----w- c:\programdata\sulumetu 2010-02-24 17:55 . 2010-02-24 17:55 -------- d-----w- c:\programdata\zofitemi 2010-02-23 16:10 . 2010-02-27 12:35 -------- d-----w- c:\programdata\najihate 2010-02-23 16:10 . 2010-02-23 16:10 -------- d-----w- c:\programdata\wuvajepe 2010-02-22 16:34 . 2010-03-03 14:49 -------- d-----w- c:\programdata\doguvuvo 2010-02-22 16:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\wanisupa 2010-02-22 16:34 . 2010-02-27 12:35 -------- d-----w- c:\programdata\sapoviri 2010-02-22 16:34 . 2010-02-22 16:34 -------- d-----w- c:\programdata\nihujoti 2010-02-21 18:32 . 2010-02-27 12:34 -------- d-----w- c:\programdata\fimohinu 2010-02-21 18:32 . 2010-02-22 17:39 -------- d-----w- c:\programdata\gukowema 2010-02-21 18:32 . 2010-02-27 12:35 -------- d-----w- c:\programdata\yohilite 2010-02-21 16:19 . 2010-02-27 12:35 -------- d-----w- c:\programdata\pohubeli 2010-02-21 16:19 . 2010-02-21 16:19 -------- d-----w- c:\programdata\bohumoye 2010-02-21 16:13 . 2010-02-27 12:35 -------- d-----w- c:\programdata\mamotapi 2010-02-21 16:13 . 2010-02-27 12:35 -------- d-----w- c:\programdata\jopafuyi 2010-02-21 16:13 . 2010-02-27 12:34 -------- d-----w- c:\programdata\hinuhilu 2010-02-18 20:25 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll 2010-02-18 20:25 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys 2010-02-18 20:22 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll 2010-02-18 20:22 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll 2010-02-18 20:22 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-02-18 20:22 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll 2010-02-18 20:22 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys 2010-02-18 20:22 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll 2010-02-18 20:22 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe 2010-02-18 20:22 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe 2010-02-18 20:22 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll 2010-02-18 20:22 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll 2010-02-18 15:14 . 2010-02-18 15:14 -------- d-----w- C:\PerfLogs 2010-02-11 07:56 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-11 07:28 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-11 07:28 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-11 07:28 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-02-11 07:28 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-02-11 07:28 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-02-11 07:28 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-02-11 07:28 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-02-11 07:27 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-02-11 07:27 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-02-11 07:27 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll 2010-02-11 07:27 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-02-11 07:27 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-11 07:27 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-03 18:12 . 2008-04-05 10:01 -------- d-----w- c:\program files\Lx_cats 2010-02-27 18:06 . 2008-08-12 14:46 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\LimeWire 2010-02-24 18:00 . 2006-03-12 23:37 678968 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-24 18:00 . 2006-03-12 23:37 128004 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-24 16:16 . 2009-10-04 08:55 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-02-18 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-18 15:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-02-18 15:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-02-18 15:12 . 2006-03-12 15:25 -------- d-----w- c:\programdata\NVIDIA 2010-02-18 14:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-02-18 14:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-02-14 15:33 . 2006-03-12 15:42 -------- d-----w- c:\programdata\Microsoft Help 2010-02-01 16:43 . 2010-02-01 16:43 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE3BB.tmp.exe 2010-01-23 04:44 . 2008-10-17 20:21 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-16 17:33 . 2009-08-22 16:23 -------- d-----w- c:\programdata\Messenger Plus! 2010-01-16 17:24 . 2010-01-16 17:24 -------- d-----w- c:\program files\Ask Search Assistant 2010-01-16 17:24 . 2009-08-22 16:14 -------- d-----w- c:\program files\Messenger Plus! Live 2010-01-13 14:39 . 2008-08-12 14:25 -------- d-----w- c:\program files\LimeWire 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\programdata\PC Suite 2010-01-08 16:38 . 2010-01-08 16:38 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\PC Suite 2010-01-08 16:36 . 2010-01-08 16:34 734208 ----a-w- c:\users\ETIENNE\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe 2010-01-08 16:33 . 2010-01-08 16:32 -------- d-----w- c:\program files\DIFX 2010-01-08 16:32 . 2006-03-12 15:15 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-08 16:32 . 2010-01-08 16:25 -------- d-----w- c:\program files\Samsung 2010-01-08 16:31 . 2010-01-08 16:27 -------- d-----w- c:\program files\PC Connectivity Solution 2010-01-08 16:29 . 2010-01-08 16:29 -------- d-----w- c:\users\ETIENNE\AppData\Roaming\Samsung 2010-01-08 16:28 . 2010-01-08 16:28 -------- d-----w- c:\program files\MarkAny 2010-01-02 06:38 . 2010-01-25 04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-25 04:29 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-25 04:29 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-25 04:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-25 13:39 . 2009-12-25 13:39 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-04 09:50 . 2009-12-04 09:50 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB41A.tmp.exe 2009-12-04 07:35 . 2009-03-05 16:10 1 ----a-w- c:\users\ETIENNE\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-06 12:37 . 2010-02-06 12:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2010-03-03 15:08 . 2006-03-12 15:30 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2010-03-03 15:08 . 2006-03-12 15:30 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2010-03-03 15:08 . 2006-03-12 15:30 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2010-03-03 15:08 . 2006-03-12 15:30 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2010-03-03 15:08 . 2006-03-12 15:30 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2006-03-12 23:42 . 2006-03-12 23:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-18 133104] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-03 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-19 861744] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-06 30192] "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760] "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\users\ETIENNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-4-29 155648] Outil de notification Live Search.lnk - c:\users\ETIENNE\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-1 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2010 12:51 108289] R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [08/01/2010 09:29 233472] R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [25/04/2007 22:21 99248] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [08/01/2010 09:29 36608] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [12/03/2006 16:33 281088] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [06/05/2009 23:46 721904] S2 gupdate1c9e867306385d0;Service Google Update (gupdate1c9e867306385d0);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 11:30 133104] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 14:17 54632] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/03/2006 08:36 30192] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - FSUSBEXDISK . Contenu du dossier 'Tâches planifiées' 2010-03-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-03-12 15:13] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-08 18:30] 2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002Core.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2010-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203704752-3052070609-3892059655-1002UA.job - c:\users\ETIENNE\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-18 08:33] 2008-05-16 c:\windows\Tasks\HDReg.job - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14] 2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{7CCA24AB-1E15-44A7-B220-2BBF2EB9B2A5}.job - c:\windows\system32\msfeedssync.exe [2010-01-25 04:56] . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll FF - component: c:\users\ETIENNE\AppData\Roaming\Mozilla\Firefox\Profiles\gr9ub5qx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-BitTorrent DNA - c:\users\ETIENNE\Program Files\DNA\btdna.exe HKCU-Run-qoocean - c:\users\ETIENNE\qoocean.exe HKLM-Run-NPSStartup - (no file) AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-HijackThis - c:\users\ETIENNE\AppData\Local\Temp\Rar$EX01.962\HijackThis.exe AddRemove-BitTorrent DNA - c:\users\ETIENNE\Program Files\DNA\btdna.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-03 13:34 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\TEMP\TMP000000333AA29D36FE2DAEA0 524288 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . Heure de fin: 2010-03-03 13:38:10 ComboFix-quarantined-files.txt 2010-03-03 20:38 Avant-CF: 15 827 746 816 octets libres Après-CF: 16 344 387 584 octets libres - - End Of File - - CB66B6FB74B85D004E07B9C97D4A1AB1
×
×
  • Créer...