Voici le rapport:
ComboFix 08-08-18.05 - proprietaire 2008-08-19 21:48:35.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.584 [GMT 2:00]
Endroit: C:\Documents and Settings\proprietaire\Bureau\ComboFix.exe
Command switches used :: E:\mes documents E\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\proprietaire\UserData
C:\Documents and Settings\proprietaire\UserData\index.dat
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-19 to 2008-08-19 ))))))))))))))))))))))))))))))))))))
.
2008-08-19 21:16 . 2008-08-19 21:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-19 20:36 . 2008-08-19 20:36 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\MSNInstaller
2008-08-19 19:48 . 2008-08-19 20:05 <REP> d-------- C:\Lop SD
2008-08-18 22:26 . 2008-08-19 20:02 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-08-18 22:12 . 2008-08-18 22:12 <REP> d-------- C:\Program Files\Sun
2008-08-18 22:11 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-18 18:56 . 2008-08-18 18:57 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-08-18 14:54 . 2008-08-18 14:54 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\Malwarebytes
2008-08-18 14:53 . 2008-08-18 14:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 14:53 . 2008-08-18 14:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 14:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 14:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-18 10:31 . 2008-08-19 20:54 455,364 --a------ C:\WINDOWS\system32\perfh040.dat
2008-08-18 10:31 . 2008-08-19 20:54 69,552 --a------ C:\WINDOWS\system32\perfc040.dat
2008-08-18 09:16 . 2008-08-18 15:05 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-08-18 09:05 . 2008-08-18 09:05 <REP> d-------- C:\Program Files\Trend Micro
2008-08-17 13:44 . 2008-08-17 13:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-07 18:21 . 2008-08-07 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-07 18:16 . 2008-08-07 18:19 <REP> d-------- C:\Program Files\TmNationsForever
2008-08-07 11:57 . 2008-06-16 16:34 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-07 11:50 . 2008-08-07 11:51 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-07 11:50 . 2008-08-07 11:51 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\SystemRequirementsLab
2008-08-07 11:44 . 2008-08-07 11:44 <REP> d-------- C:\WINDOWS\nview
2008-08-07 11:44 . 2008-08-07 11:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-07 11:40 . 2008-08-07 11:40 <REP> d-------- C:\NVIDIA
2008-08-07 09:06 . 2008-08-07 11:44 <REP> d-------- C:\Program Files\Hidden Mysteries - Civil War
2008-08-06 17:00 . 2008-08-06 17:01 <REP> d-------- C:\[DIR00049064]
2008-08-06 16:45 . 2008-08-06 16:45 <REP> d-------- C:\Program Files\GetData
2008-08-06 13:04 . 2008-08-06 13:04 <REP> d-------- C:\Program Files\Windows Defender
2008-08-03 20:04 . 2008-08-03 20:04 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\ItsLabel
2008-08-03 20:01 . 2008-08-03 20:01 <REP> d-------- C:\Program Files\ItsLabel
2008-08-03 20:01 . 2008-08-17 18:00 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\EoRezo
2008-08-03 18:50 . 2006-06-03 01:25 1,048,064 --a------ C:\WINDOWS\system32\Sarkophage.exe.bak
2008-08-03 18:38 . 2008-08-03 18:50 1,048,064 --a------ C:\WINDOWS\system32\Sarkophage.exe
2008-08-01 14:06 . 2008-08-02 20:54 <REP> d--h----- C:\LG3G
2008-08-01 14:06 . 2008-08-01 14:06 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\LG Electronics
2008-08-01 14:05 . 2008-08-01 14:05 <REP> d-------- C:\Program Files\LG Electronics
2008-08-01 14:05 . 2007-12-27 11:17 21,760 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-08-01 14:05 . 2007-12-27 11:14 19,968 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-08-01 14:05 . 2007-12-27 11:15 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-08-01 14:04 . 2008-08-01 14:04 <REP> d-------- C:\Program Files\LG PC Suite 2
2008-07-31 16:53 . 2008-07-31 16:53 16 --ah----- C:\WINDOWS\mxfilerelatedcache.mxc2
2008-07-31 16:53 . 2008-07-31 16:53 16 --ah----- C:\Documents and Settings\mxfilerelatedcache.mxc2
2008-07-29 16:06 . 2008-07-29 16:06 <REP> d-------- C:\Program Files\Transcend Utility
2008-07-29 16:06 . 2008-07-29 17:35 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-07-29 14:49 . 2008-07-16 16:43 735,381,504 --a------ C:\tes-afdr(2).avi
2008-07-28 16:46 . 2008-07-28 16:46 <REP> d-------- C:\Program Files\Advanced Renamer
2008-07-28 16:46 . 2008-07-28 16:46 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\Hulubulu
2008-07-26 10:37 . 2008-07-26 10:37 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-26 10:28 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-07-26 06:41 . 2008-07-26 06:41 <REP> d-------- C:\Program Files\Stardock
2008-07-23 22:01 . 2008-07-23 22:01 <REP> d-------- C:\Program Files\NFO viewer
2008-07-23 21:42 . 2008-07-23 22:18 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\Hide IP NG
2008-07-23 11:26 . 1998-06-24 00:00 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-07-23 11:26 . 2005-04-11 11:53 28,672 --a------ C:\WINDOWS\system32\mcoinstall.exe
2008-07-23 11:26 . 2005-04-05 16:28 22,016 --a------ C:\WINDOWS\system32\MSWINSCK.oca
2008-07-23 11:26 . 1998-06-18 00:00 2,465 --a------ C:\WINDOWS\system32\MSWINSCK.DEP
2008-07-23 11:26 . 2005-04-29 20:48 848 --a------ C:\WINDOWS\system32\mco.reg
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-19 17:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-19 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 20:11 --------- d-----w C:\Program Files\Java
2008-08-18 13:05 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-08-07 11:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-01 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 14:53 16 ---ha-w C:\Program Files\mxfilerelatedcache.mxc2
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-18 09:40 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Skype
2008-07-16 10:31 --------- d-----w C:\Program Files\PROMT5
2008-07-16 10:04 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-15 17:10 --------- d-----w C:\Program Files\Yahoo!
2008-07-15 06:30 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-15 05:45 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-07-14 07:35 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\MAGIX
2008-07-13 17:29 --------- d-----w C:\Program Files\Eggiz
2008-07-13 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-07-13 06:13 --------- d-----w C:\Program Files\ALDI Service Photo
2008-07-13 06:13 --------- d-----w C:\Program Files\ALDI
2008-07-07 17:08 --------- d-----w C:\Program Files\CCleaner
2008-07-07 15:53 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Druide
2008-07-07 15:39 --------- d-----w C:\Program Files\Druide
2008-07-07 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(2)
2008-07-07 10:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage(2)
2008-07-04 06:12 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-04 05:08 --------- d-----w C:\Program Files\LogMeIn
2008-07-03 20:00 --------- d-----w C:\Program Files\ACD Systems
2008-07-03 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-03 09:42 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-07-02 09:05 --------- d-----w C:\Program Files\Google
2008-06-29 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-26 12:02 --------- d-----w C:\Program Files\Anuman Interactive
2008-06-25 13:58 --------- d-----w C:\Program Files\EleFun Desktops
2008-06-25 13:58 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\elefundesktops
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-02-18 17:43 4,148 ----a-w C:\Documents and Settings\proprietaire\Application Data\ViewerApp.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-06-05 14:53 6131712]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"ALDI_FotoSuite_Download"="C:\Program Files\ALDI Service Photo\ALDI_Service_Photo\FotoSuite.exe" [2007-07-04 17:07 1171456]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-22 04:54 5898240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2008.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2008.lnk
backup=C:\WINDOWS\pss\Hyperappel du Petit Larousse 2008.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-09-06 05:10 450560 C:\Program Files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 17:25 94208 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:54 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
--------- 2006-10-12 15:57 102400 C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 15:31 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2002-07-17 11:00 204863 C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-04-22 04:54 5898240 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-04-22 04:54 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMT Integrator]
--a------ 2001-09-03 14:48 49152 C:\Program Files\PROMT5\INTEGRAL\pinstart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2004-12-16 19:55 339968 C:\WINDOWS\vsnpstd3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
-ra------ 2005-06-30 08:03 200704 C:\WINDOWS\system32\sw20.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
-ra------ 2005-07-04 07:29 69632 C:\WINDOWS\system32\sw24.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transcend StoreJet elite]
--a------ 2008-01-30 03:13 5114368 C:\Program Files\Transcend Utility\Transcend StoreJet elite\SJelite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 23:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-04-22 04:54 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Larousse\\Petit Larousse 2008\\bin\\PLViewer.exe"=
"C:\\Program Files\\Outlook Express\\msimn.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mcoinstall.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56786:TCP"= 56786:TCP:Pando P2P TCP Listening Port
"56786:UDP"= 56786:UDP:Pando P2P UDP Listening Port
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\ALDI Service Photo\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-12-13 23:25]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-19 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-EoEngine - C:\Program Files\EoRezo\EoEngine.exe
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\proprietaire\Application Data\Mozilla\Firefox\Profiles\23s78ixc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
FF -: plugin - C:\Documents and Settings\proprietaire\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 21:52:31
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-19 21:57:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-19 19:57:35
Pre-Run: 60,100,931,584 octets libres
Post-Run: 60,078,616,576 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
279 --- E O F --- 2008-08-19 11:44:02
Changement page demarage et fermeture de windows
