tunisiano

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 18 octobre 2008
Dernière visite
le 18 octobre 2008

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par tunisiano

porriez vous maider a interprété le resultat du log de combofix

tunisiano a posté un sujet dans Analyses et éradication malwares

(((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Invité\Application Data\ShoppingReport C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\res2\WhiteList.dbs C:\Documents and Settings\Invité\Application Data\urlredir.cfg C:\Documents and Settings\mani\Application Data\ShoppingReport C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\res2\WhiteList.dbs C:\Documents and Settings\mani\Application Data\urlredir.cfg C:\Documents and Settings\mani\Mes documents\My Documents.url C:\Documents and Settings\WALID\Application Data\ShoppingReport C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\WALID\Application Data\urlredir.cfg C:\Program Files\AAV C:\Program Files\AAV\aav.ooo C:\Program Files\AAV\aav1.dat C:\Program Files\Applications\iebr.dll C:\Program Files\Applications\iebt.dll C:\Program Files\Applications\iebu.exe C:\Program Files\Applications\myd.ico C:\Program Files\Applications\mym.ico C:\Program Files\Applications\myp.ico C:\Program Files\Applications\myv.ico C:\Program Files\Applications\ot.ico C:\Program Files\Applications\ts.ico C:\Program Files\Dcads Advanced Toolbar C:\Program Files\Dcads Advanced Toolbar\buttons.xml C:\Program Files\Dcads Advanced Toolbar\search.xml C:\Program Files\Dcads Advanced Toolbar\toolbar.dll C:\Program Files\Dcads Advanced Toolbar\uninstall.exe C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Uninst.exe C:\WINDOWS\cookies.ini C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\_006574_.tmp.dll C:\WINDOWS\system32\_006575_.tmp.dll C:\WINDOWS\system32\_006576_.tmp.dll C:\WINDOWS\system32\_006577_.tmp.dll C:\WINDOWS\system32\_006584_.tmp.dll C:\WINDOWS\system32\_006585_.tmp.dll C:\WINDOWS\system32\_006586_.tmp.dll C:\WINDOWS\system32\_006587_.tmp.dll C:\WINDOWS\system32\_006589_.tmp.dll C:\WINDOWS\system32\_006590_.tmp.dll C:\WINDOWS\system32\_006593_.tmp.dll C:\WINDOWS\system32\_006594_.tmp.dll C:\WINDOWS\system32\_006596_.tmp.dll C:\WINDOWS\system32\_006597_.tmp.dll C:\WINDOWS\system32\_006598_.tmp.dll C:\WINDOWS\system32\_006600_.tmp.dll C:\WINDOWS\system32\_006603_.tmp.dll C:\WINDOWS\system32\_006604_.tmp.dll C:\WINDOWS\system32\_006608_.tmp.dll C:\WINDOWS\system32\_006609_.tmp.dll C:\WINDOWS\system32\_006611_.tmp.dll C:\WINDOWS\system32\_006614_.tmp.dll C:\WINDOWS\system32\_006616_.tmp.dll C:\WINDOWS\system32\_006617_.tmp.dll C:\WINDOWS\system32\_006618_.tmp.dll C:\WINDOWS\system32\_006619_.tmp.dll C:\WINDOWS\system32\_006620_.tmp.dll C:\WINDOWS\system32\_006623_.tmp.dll C:\WINDOWS\system32\_006624_.tmp.dll C:\WINDOWS\system32\_006625_.tmp.dll C:\WINDOWS\system32\_006626_.tmp.dll C:\WINDOWS\system32\_006627_.tmp.dll C:\WINDOWS\system32\_006632_.tmp.dll C:\WINDOWS\system32\_006634_.tmp.dll C:\WINDOWS\system32\adssitesuggest.dll C:\WINDOWS\system32\dcads-remove.exe C:\WINDOWS\system32\dcads_sidebar_uninstall.exe C:\WINDOWS\system32\DcadsSocial-uninstall.exe C:\WINDOWS\system32\dcadssuggest.dll C:\WINDOWS\system32\msssc.dll C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\superiorads-uninst.exe C:\WINDOWS\system32\wav.cpl . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-18 au 2008-10-18 )))))))))))))))))))))))))))))))))))) . 2008-10-17 21:17 . 2008-10-17 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-17 21:08 . 2008-10-17 21:18 <REP> d-------- C:\Program Files\Lavasoft 2008-10-17 21:08 . 2008-10-17 21:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-10-17 20:15 . 2008-10-17 21:08 <REP> d-------- C:\Program Files\Spyware Doctor 2008-10-17 20:11 . 2008-10-17 20:11 <REP> d-------- C:\Documents and Settings\WALID\Application Data\PC Tools 2008-10-17 20:07 . 2008-10-17 20:07 <REP> d-------- C:\Program Files\WAV 2008-10-17 17:58 . 2008-10-17 18:08 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-10-17 17:58 . 2008-10-17 18:08 <REP> d-------- C:\WINDOWS\system32\fr 2008-10-17 17:58 . 2008-10-17 18:08 <REP> d-------- C:\WINDOWS\l2schemas 2008-10-17 17:45 . 2007-10-25 18:56 8,510,976 --a------ C:\WINDOWS\system32\dllcache\shell32.dll 2008-10-17 17:44 . 2008-08-14 15:44 2,182,400 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-10-16 23:40 . 2008-10-18 17:59 <REP> d-------- C:\Program Files\Applications 2008-10-16 23:31 . 2008-10-16 23:34 79,085 --a------ C:\WINDOWS\system32\smeitkofqliadkt.exe 2008-10-15 18:56 . 2008-10-15 18:56 385 --a------ C:\WINDOWS\ODBC.INI 2008-10-15 18:55 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-10-15 18:53 . 2008-10-15 18:54 <REP> d-------- C:\WINDOWS\SHELLNEW 2008-10-15 18:53 . 2008-10-15 18:53 <REP> d-------- C:\Program Files\Microsoft.NET 2008-10-15 17:58 . 2006-08-23 12:10 2,300,928 --a------ C:\WINDOWS\system32\qtp-mt334.dll 2008-10-15 17:58 . 2006-08-23 12:10 30,808 --a------ C:\WINDOWS\system32\drivers\hotcore2.sys 2008-10-15 17:58 . 2006-08-23 12:10 5,632 --a------ C:\WINDOWS\system32\wnaspi32.dll 2008-10-14 23:22 . 2008-10-18 14:32 1,393 --a------ C:\WINDOWS\imsins.BAK 2008-10-13 19:27 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2008-10-13 19:27 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2008-10-13 19:27 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2008-10-13 19:27 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2008-10-13 19:27 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2008-10-13 19:27 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2008-10-12 19:00 . 2008-10-18 15:35 1,417 --a------ C:\WINDOWS\mgutil_reg.ini 2008-10-12 18:02 . 2008-10-18 15:27 173 --a------ C:\WINDOWS\mgutil_win.ini 2008-10-12 18:01 . 2008-10-18 15:26 <REP> d-------- C:\Program Files\Mgutil 2008-10-08 20:42 . 2008-10-08 20:42 <REP> d-------- C:\Documents and Settings\Invité\Application Data\OpenOffice.org2 2008-10-07 19:02 . 2008-10-07 19:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-06 17:08 . 2008-10-06 17:08 <REP> d-------- C:\Program Files\SuperCopier2 2008-10-04 19:18 . 2008-04-14 04:33 8,517,632 --a------ C:\WINDOWS\system32\SET58FC.tmp 2008-10-04 19:17 . 2008-04-14 04:33 3,066,880 --a------ C:\WINDOWS\system32\SET59E7.tmp 2008-10-04 19:16 . 2008-04-14 04:33 1,267,200 --a------ C:\WINDOWS\system32\SET5B14.tmp 2008-10-04 19:15 . 2008-04-14 04:33 193,536 --a------ C:\WINDOWS\system32\SET5B62.tmp 2008-10-04 19:15 . 2008-04-14 04:33 98,304 --a------ C:\WINDOWS\system32\SET5B60.tmp 2008-10-04 12:19 . 2005-09-20 09:36 147,456 --a------ C:\WINDOWS\system32\igfxres.dll 2008-10-03 23:27 . 2008-10-03 23:47 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-10-03 22:53 . 2008-10-03 22:53 <REP> d-------- C:\Program Files\LG Electronics 2008-10-03 22:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2008-10-03 22:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2008-10-03 22:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2008-10-03 22:47 . 2008-10-03 22:48 <REP> d-------- C:\Program Files\LG PC Suite 2 2008-10-03 22:45 . 2008-10-03 22:45 <REP> d-------- C:\Documents and Settings\WALID\Application Data\InstallShield 2008-10-03 22:04 . 2008-10-03 22:04 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-10-02 20:13 . 2008-10-02 20:16 <REP> d-------- C:\Program Files\Macromedia 2008-10-02 20:13 . 2008-10-09 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia 2008-09-29 11:38 . 2008-09-29 11:38 <REP> d-------- C:\Program Files\Bonjour 2008-09-29 11:23 . 2008-09-29 11:23 <REP> d-------- C:\Program Files\Safari 2008-09-28 12:38 . 2008-09-29 11:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-28 12:38 . 2008-09-28 12:38 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-28 12:27 . 2008-09-28 12:27 <REP> d-------- C:\Program Files\Blender Foundation 2008-09-21 23:45 . 2008-09-21 23:45 <REP> d-------- C:\Program Files\PC Drivers HeadQuarters 2008-09-21 23:45 . 2008-09-21 23:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters 2008-09-21 16:34 . 2008-09-21 16:34 <REP> d-------- C:\Documents and Settings\WALID\Application Data\Leadertech . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 15:36 --------- d-----w C:\Documents and Settings\WALID\Application Data\Azureus 2008-10-17 20:51 --------- d-----w C:\Program Files\eMule 2008-10-17 19:08 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-10-17 17:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater 2008-10-16 21:34 15,360 --s-a-w C:\WINDOWS\system32\bmztmss.dll 2008-10-13 11:40 --------- d-----w C:\Documents and Settings\WALID\Application Data\OpenOffice.org2 2008-10-11 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-08 14:08 --------- d-----w C:\Documents and Settings\mani\Application Data\LimeWire 2008-10-08 14:07 --------- d-----w C:\Documents and Settings\mani\Application Data\Azureus 2008-10-07 17:03 --------- d-----w C:\Program Files\iTunes 2008-10-07 17:02 --------- d-----w C:\Program Files\iPod 2008-10-06 17:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-10-03 20:58 --------- d-----w C:\Program Files\Picasa2 2008-10-01 11:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-29 23:01 --------- d-----w C:\Documents and Settings\WALID\Application Data\Apple Computer 2008-09-29 10:45 --------- d-----w C:\Program Files\Apple Software Update 2008-09-29 09:38 --------- d-----w C:\Program Files\QuickTime 2008-09-29 09:37 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-09-27 20:39 --------- d-----w C:\Documents and Settings\WALID\Application Data\Ahead 2008-09-27 11:34 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-09-24 19:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus! 2008-09-15 22:15 --------- d-----r C:\Documents and Settings\WALID\Application Data\Brother 2008-09-15 21:09 --------- d-----w C:\Documents and Settings\WALID\Application Data\Creative 2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-09-13 20:37 --------- d-----w C:\Program Files\Nuclear Coffee 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys 2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-07-31 09:50 3,082 ----a-w C:\WINDOWS\system32\affv9553p4now.sys 2008-07-31 09:36 3,532 ----a-w C:\drmHeader.bin 2008-07-25 13:23 237,568 ----a-w C:\WINDOWS\system32\TubeFinder.exe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-12-27 00:26 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-22 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{fef6ace8-bb45-4009-8342-63415164d691}"= "C:\WINDOWS\system32\bmztmss.dll" [2008-10-16 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "VIDC.ACDV"= ACDV.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\messenger\\msmsgs.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\WINDOWS\\system32\\muzapp.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"= "C:\\Program Files\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"= "C:\\Program Files\\EasyPHP\\apache\\Apache.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3333:TCP"= 3333:TCP:svchost "2799:UDP"= 2799:UDP:Altova License Metering Port (UDP) "2799:TCP"= 2799:TCP:Altova License Metering Port (TCP) R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\DRIVERS\MUsbFltr.syS [] R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\DRIVERS\UsbFltr.syS [] R3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57] R3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58] R3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59] R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 08:04] S0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 12:10] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\DRIVERS\aswSP.syS [2008-07-19 16:35] S1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\kbfilter.syS [2003-03-27 14:55] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S3 P0870Dev;Creative WebCam Live! Motion;C:\WINDOWS\system32\DRIVERS\P0870Dev.sys [2005-06-29 19:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - ta2.cmd \Shell\explore\Command - ta2.cmd \Shell\open\Command - ta2.cmd . Contenu du dossier 'Tâches planifiées' 2008-10-18 C:\WINDOWS\Tasks\A8D6E79A93619F82.job - c:\docume~1\mani\applic~1\1store~1\objopenatom.exe [] 2008-10-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-18 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21] 2008-10-16 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-lbnarcxjihw - C:\WINDOWS\system32\ovxrgsxxbncbub.dll HKLM-Run-ANTIVIRUS - C:\Program Files\AAV\aav.exe HKLM-Run-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe Notify-dimsntfy - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\WALID\Application Data\Mozilla\Firefox\Profiles\wu0c160t.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr-fr.facebook.com/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-18 18:01:27 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\WALID\LOCALS~1\Temp\mc23.tmp" . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\igfxsrvc.exe .
- le 18 octobre 2008
- 1 réponse

Connexion

tunisiano

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par tunisiano

porriez vous maider a interprété le resultat du log de combofix

Zebulon

Outils en ligne

Naviguer