Pub intempestives IE + coupures son -RESOLU

Rollez · le 23 juillet 2010

Bonjour à tous.

Voila, cela fait presque 2 semaines que je me retrouve ennuyé par des pubs intempestives qui s'ouvrent exclusivement par Internet explorer, et ce même si je ne suis pas en train de naviguer. A savoir que je navigue exclusivement par Firefox Mozilla.

Symptômes recensés:

1 - D'après mon pare-feu, IE semble se connecter à l'ouverture du PC alors qu'aucune fenêtre n'est pourtant apparente.

2 - De façon aléatoire, une page de pub (pas que française), différente à chaque fois apparait même sans aucune connexion de navigateur demandée et mêm si je n'ai pas autorisé l'accès à internet par le biais de mon part feu.

3 - Le son PC, lors d'écoute de films ou musiques, se met à zéro tout seul. Une fois le son remis, il se recoupe de façon aléatoire.

4 - Lorsque je suis sur une fenêtre ouverte, que ce soit internet, MSn, fichier word, ect, toujours de façon aléatoire, cette fenêtre se retrouve dé-sélectionnée sans que je n'en fasse la demande (difficile à expliquer ceci, j'espère que vous me comprendrez).

Je précise que mon anti virus est à jour (mcafee version pro) et protégé par un parefeu Symantec protection agent 5.1.

Je scanne régulièrement mon pc avec Ad-aware, Spyboot, Malware malbytes et ceux-ci ne trouvent rien.

J'ai donc scanné mon pc avec différents logiciels comme ad-removal, Gmer (mon pc plante et reboote tout seul si ce n'est pas fait en mode sans echec), ZHPfix, easy cleaner, fseasyclean.. Toujours sans succès.

En ayant parcouru de nombreux forums, les rapports Hijackthis + combofix + MBRcheck sont requis afin d'y voir plus clair... Alors les voici :

ComboFix 10-07-22.01 - Papa 23/07/2010 12:18:39.1.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1394 [GMT 2:00]

Lancé depuis: c:\documents and settings\Papa\Bureau\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FW: Symantec Protection Agent 5.1 *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-23 au 2010-07-23 ))))))))))))))))))))))))))))))))))))

.

2010-07-23 10:04 . 2010-07-23 10:04 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-23 10:03 . 2010-07-23 10:03 -------- d-sh--w- c:\documents and settings\Papa\IETldCache

2010-07-23 10:02 . 2010-07-23 10:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-23 09:59 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-07-23 09:58 . 2010-07-23 09:59 -------- dc-h--w- c:\windows\ie8

2010-07-23 05:08 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-07-20 09:36 . 2010-07-20 09:37 -------- d-----w- C:\rsit

2010-07-20 09:04 . 2010-07-23 00:18 -------- d-----w- c:\program files\Ad-Remover

2010-07-20 08:38 . 2010-07-20 08:43 -------- d-----w- c:\program files\ZHPFix

2010-07-20 08:31 . 2010-07-20 08:55 -------- d-----w- c:\program files\ZHPDiag

2010-07-18 18:26 . 2010-07-18 18:26 -------- d-----w- c:\documents and settings\NetworkService\Bureau

2010-07-18 11:31 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-18 11:08 . 2010-07-18 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-07-18 11:06 . 2010-07-18 11:06 -------- d-----w- c:\documents and settings\Papa\Local Settings\Application Data\Sunbelt Software

2010-07-18 11:05 . 2010-07-18 11:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

2010-07-18 11:05 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

2010-07-18 11:04 . 2010-07-18 11:04 -------- d-----w- c:\program files\Lavasoft

2010-07-18 08:24 . 2010-07-20 09:51 -------- d-----w- c:\program files\trend micro

2010-07-18 08:23 . 2010-07-18 08:23 388096 ----a-r- c:\documents and settings\Papa\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-07-17 18:57 . 2010-07-17 18:57 41256 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-07-17 15:51 . 2010-07-23 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-17 15:51 . 2010-07-17 15:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-17 15:16 . 2010-07-17 15:16 -------- d-----w- c:\program files\Fichiers communs\Java

2010-07-15 16:59 . 2010-07-15 17:02 -------- d-----w- c:\documents and settings\Papa\Application Data\QuickScan

2010-07-15 16:59 . 2010-05-31 14:34 702120 ----a-w- c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\kjf9dznv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

2010-07-15 16:59 . 2010-05-31 14:34 868456 ----a-w- c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\kjf9dznv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-07-15 11:59 . 2010-07-15 12:00 -------- d-----w- c:\program files\HomePlayer

2010-07-13 17:11 . 2010-07-13 17:11 61440 ----a-w- c:\documents and settings\Tilou\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-489f32aa-n\decora-sse.dll

2010-07-13 17:11 . 2010-07-13 17:11 12800 ----a-w- c:\documents and settings\Tilou\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-489f32aa-n\decora-d3d.dll

2010-07-13 17:11 . 2010-07-13 17:11 503808 ----a-w- c:\documents and settings\Tilou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13680281-n\msvcp71.dll

2010-07-13 17:11 . 2010-07-13 17:11 499712 ----a-w- c:\documents and settings\Tilou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13680281-n\jmc.dll

2010-07-13 17:11 . 2010-07-13 17:11 348160 ----a-w- c:\documents and settings\Tilou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13680281-n\msvcr71.dll

2010-07-13 09:44 . 2010-07-13 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-07-13 09:25 . 2010-07-13 09:25 503808 ----a-w- c:\documents and settings\Papa\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4184f128-n\msvcp71.dll

2010-07-13 09:25 . 2010-07-13 09:25 499712 ----a-w- c:\documents and settings\Papa\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4184f128-n\jmc.dll

2010-07-13 09:25 . 2010-07-13 09:25 348160 ----a-w- c:\documents and settings\Papa\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4184f128-n\msvcr71.dll

2010-07-13 09:25 . 2010-07-13 09:25 61440 ----a-w- c:\documents and settings\Papa\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5653cfa5-n\decora-sse.dll

2010-07-13 09:25 . 2010-07-13 09:25 12800 ----a-w- c:\documents and settings\Papa\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5653cfa5-n\decora-d3d.dll

2010-07-13 09:25 . 2010-06-22 02:36 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-13 00:19 . 2010-07-13 00:19 -------- d-----r- c:\documents and settings\NetworkService\Favoris

2010-07-11 09:02 . 2010-07-23 10:03 -------- d-----r- c:\documents and settings\LocalService\Favoris

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-20 18:03 . 2010-03-03 23:19 -------- d-----w- c:\documents and settings\Papa\Application Data\vlc

2010-07-20 12:59 . 2009-08-24 12:38 -------- d-----w- c:\documents and settings\Papa\Application Data\uTorrent

2010-07-18 11:30 . 2009-10-31 03:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-07-18 11:04 . 2009-10-23 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-07-18 10:08 . 2010-04-23 15:46 -------- d-----w- c:\program files\CCleaner

2010-07-17 15:16 . 2009-08-23 23:43 -------- d-----w- c:\program files\Java

2010-07-16 12:16 . 2010-01-10 14:48 -------- d-----w- c:\documents and settings\Juju\Application Data\vlc

2010-07-15 12:48 . 2009-11-27 23:35 -------- d-----w- c:\documents and settings\Papa\Application Data\dvdcss

2010-07-14 12:11 . 2009-08-24 12:39 -------- d-----w- c:\program files\uTorrent

2010-07-06 20:26 . 2010-03-04 14:36 -------- d-----w- c:\documents and settings\Tilou\Application Data\vlc

2010-06-18 21:10 . 2009-08-24 14:59 -------- d-----w- c:\program files\Messenger Plus! Live

2010-06-16 20:37 . 2009-09-06 10:11 -------- d-----w- c:\program files\Freeplayer

2010-06-15 23:20 . 2010-05-14 18:15 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-06-15 23:20 . 2010-05-09 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-06-15 23:19 . 2010-06-15 23:19 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-06-15 23:19 . 2009-08-23 23:56 -------- d-----w- c:\program files\Fichiers communs\DivX Shared

2010-06-15 23:19 . 2009-08-23 23:56 -------- d-----w- c:\program files\DivX

2010-06-15 23:19 . 2010-06-15 23:19 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-06-15 23:19 . 2010-06-15 23:19 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-15 23:19 . 2010-06-15 23:19 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-06-15 23:19 . 2010-06-15 23:19 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-06-15 23:18 . 2010-06-15 23:18 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-06-15 23:18 . 2010-06-15 23:18 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-15 23:18 . 2010-06-15 23:18 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-06-15 23:18 . 2010-06-15 23:18 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-06-15 23:16 . 2010-05-14 18:15 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-06-15 23:16 . 2010-05-14 18:15 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-06-15 19:14 . 2009-08-23 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-15 19:14 . 2010-06-15 19:14 -------- d-----w- c:\program files\common files

2010-06-15 19:14 . 2010-06-15 19:14 -------- d-----w- c:\program files\Fichiers communs\McAfee

2010-06-15 19:14 . 2009-08-23 23:48 -------- d-----w- c:\program files\McAfee

2010-06-03 08:05 . 2010-06-18 23:27 343552 ----a-w- c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\kjf9dznv.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

2010-05-14 18:15 . 2010-05-14 18:15 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-05-14 18:15 . 2010-05-14 18:15 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-14 18:15 . 2010-05-14 18:15 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-05-14 18:15 . 2010-05-14 18:15 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-05-14 18:15 . 2010-05-14 18:15 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-05-14 18:15 . 2010-05-14 18:15 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

2010-05-14 18:15 . 2010-05-14 18:15 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-05-14 18:15 . 2010-05-14 18:15 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

2010-05-14 18:14 . 2010-05-14 18:14 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-05-09 13:20 . 2008-04-14 12:00 72126 ----a-w- c:\windows\system32\perfc00C.dat

2010-05-09 13:20 . 2008-04-14 12:00 460986 ----a-w- c:\windows\system32\perfh00C.dat

2010-04-29 13:39 . 2009-10-24 10:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2009-10-24 10:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 18:40 . 2009-08-23 23:56 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-04-27 18:40 . 2009-08-23 23:56 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-04-27 18:40 . 2009-08-23 23:39 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys

2010-04-27 18:40 . 2009-08-23 23:39 133616 ------w- c:\windows\system32\pxafs.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-06-08 111952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2010.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2010.lnk

backup=c:\windows\pss\Hyperappel du Petit Larousse 2010.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-10-14 19:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceHD]

2008-02-06 13:21 79144 ----a-w- c:\program files\Hercules\Hercules DualPix HD Webcam\CamService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2009-05-28 16:43 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 12:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-07-14 01:16 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=

"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [17/07/2010 20:57 41256]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/07/2010 13:31 64288]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 10:55 1352832]

S3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvidv.sys [31/01/2010 20:07 285952]

S3 atidgllk;atidgllk;c:\dell\drivers\R105090\atidgllk.sys [24/08/2009 02:34 5120]

S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [31/01/2010 20:07 103720]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [21/02/2010 18:56 23456]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\documents and settings\Papa\Local Settings\Temp\{97579417-DE09-4743-B59B-611E72D87A72}\fsgk.sys --> c:\documents and settings\Papa\Local Settings\Temp\{97579417-DE09-4743-B59B-611E72D87A72}\fsgk.sys [?]

S3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 31128]

S4 Pcmcvc;Pcmcvc; [x]

S4 SysGuard;SysGuard;c:\windows\system32\drivers\Sysguard.sys [24/08/2009 01:50 42496]

.

Contenu du dossier 'Tâches planifiées'

2010-07-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

.

------- Examen supplémentaire -------

.

FF - ProfilePath - c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\kjf9dznv.default\

FF - prefs.js: browser.startup.homepage - www.google.fr

FF - component: c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\kjf9dznv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\kjf9dznv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\kjf9dznv.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

MSConfigStartUp-Device Detection - c:\program files\Auchan\Photogenie\dd.exe

MSConfigStartUp-qplsec - c:\windows\system32\qwmmmse.exe

MSConfigStartUp-UIUCU - c:\docume~1\Papa\LOCALS~1\Temp\UIUCU.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-23 12:23

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]

"ImagePath"=""

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,6b,47,75,66,68,fa,46,a4,06,48,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,6b,47,75,66,68,fa,46,a4,06,48,\

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3448)

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\eappprxy.dll

c:\program files\Symantec\SPA\SnacNp.dll

.

Heure de fin: 2010-07-23 12:25:48

ComboFix-quarantined-files.txt 2010-07-23 10:25

Avant-CF: 15 708 676 096 octets libres

Après-CF: 15 824 404 480 octets libres

- - End Of File - - 4632705EFAF094A6D9DE8EB65D49CECC

---------------------------------------------------------------------------------------------------