Bigben57
-
Compteur de contenus
3 -
Inscription
-
Dernière visite
Bigben57's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Analyse avec ComboFix
Bigben57 a répondu à un(e) sujet de Bigben57 dans Analyses et éradication malwares
OK, merci beaucoup pour votre aide précieuse. -
Analyse avec ComboFix
Bigben57 a répondu à un(e) sujet de Bigben57 dans Analyses et éradication malwares
Merci pour la réponse. CombiFix avait supprimé les 4 fichiers infectés au premier passage, ils étaient dans le log, j'ai refait un scan et là, plus rien, c'est le log que j'ai mis en ligne. Pour le log HiJackThis, le voici, perso, je n'y trouve rien de suspect, mais je ne suis pas un fin connaisseur dans ce domaine. Merci d'avance. ******************************************************************************** **** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:24:13, on 09/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\IncrediMail\bin\ImApp.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\perso\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 7075 bytes ******************************************************************************** **** -
Bonsoir Suite à une détection ckxvo.exe par BitDefender, j'ai lancé un ComboFix qui me semblerait a effacé l'infection. Je vous copie le rapport, si un expert de ce genre de rapport peut y jeter un coup d'oeil, ce sera sympa histoire que je sache à quoi m'en tenir. Merci d'avance. PS: J'ai vidé la corbeille Combifix en supprimant tout le dossier Qooox ComboFix 08-11-07.01 - perso 2008-11-08 23:55:51.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT 1:00] Lancé depuis: c:\documents and settings\perso\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-08 au 2008-11-08 )))))))))))))))))))))))))))))))))))) . 2008-10-25 23:14 . 2007-05-23 16:54 260,248 --a------ c:\windows\system32\QMO.dll 2008-10-25 23:14 . 2007-05-23 16:54 92,312 --a------ c:\windows\system32\QMOCameraDll.dll 2008-10-25 23:14 . 2007-05-23 16:54 80,024 --a------ c:\windows\system32\TXGYUploader.dll 2008-10-25 22:52 . 2008-10-25 22:52 <REP> d-------- c:\program files\IncredimailBackup 2008-10-25 22:52 . 2003-01-26 15:48 147,456 --a------ c:\windows\system32\vbzip11.dll 2008-10-25 22:52 . 2005-02-28 23:52 102,400 --a------ c:\windows\system32\unzip32.dll 2008-10-25 22:52 . 1999-03-25 20:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL 2008-10-25 22:52 . 2005-04-18 16:39 77,824 --a------ c:\windows\system32\ExplorerDir.ocx 2008-10-24 20:21 . 2008-10-24 20:21 <REP> d-------- c:\program files\WinFF 2008-10-24 20:21 . 2008-10-24 20:46 <REP> d-------- c:\documents and settings\perso\Application Data\WinFF 2008-10-22 13:06 . 2008-10-22 13:06 <REP> d-------- C:\Drivers 2008-10-22 13:06 . 2001-11-05 08:23 299,923 --a------ c:\windows\system32\drivers\sonyhcs.sys 2008-10-22 13:06 . 2002-10-15 21:41 102,220 --a------ c:\windows\system32\drivers\sonypvs1.sys 2008-10-22 13:06 . 2001-07-03 19:33 53,248 --a------ c:\windows\system32\SONYHCY.DLL 2008-10-22 13:06 . 2001-11-05 08:23 38,739 --a------ c:\windows\system32\drivers\sonyhcc.sys 2008-10-22 13:06 . 2001-11-05 08:23 6,097 --a------ c:\windows\system32\drivers\sonyhcb.sys 2008-10-22 13:06 . 2001-07-03 19:39 3,654 --a------ c:\windows\system32\drivers\Sonyhcp.dll 2008-10-22 13:05 . 2008-10-22 13:05 <REP> d-------- C:\USB_DRV 2008-10-20 22:16 . 2004-08-03 23:54 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-10-20 22:16 . 2001-08-23 16:47 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-10-18 09:04 . 2008-11-06 22:24 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-18 09:04 . 2008-10-18 09:04 1,409 --a------ c:\windows\QTFont.for 2008-10-15 13:10 . 2008-10-15 13:10 <REP> d-------- c:\program files\Microsoft Works 2008-10-11 10:39 . 2008-10-11 10:41 <REP> d-------- c:\program files\monAlbumPhoto 2008-10-11 10:39 . 2008-10-11 10:43 <REP> d-------- c:\documents and settings\All Users\Application Data\albumphoto . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-08 22:46 81,984 ----a-w c:\windows\system32\bdod.bin 2008-11-08 19:44 --------- d-----w c:\documents and settings\perso\Application Data\OpenOffice.org2 2008-11-02 14:59 --------- d-----w c:\program files\MSECACHE 2008-10-22 12:06 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-13 12:55 --------- d-----w c:\documents and settings\perso\Application Data\Canon 2008-10-02 18:54 2,256 ----a-w c:\windows\current_settings.bin 2008-09-10 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\SSScanWizard 2008-09-10 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\SSScanAppDataDir 2008-05-25 18:51 92,064 ----a-w c:\documents and settings\perso\mqdmmdm.sys 2008-05-25 18:51 9,232 ----a-w c:\documents and settings\perso\mqdmmdfl.sys 2008-05-25 18:51 79,328 ----a-w c:\documents and settings\perso\mqdmserd.sys 2008-05-25 18:51 66,656 ----a-w c:\documents and settings\perso\mqdmbus.sys 2008-05-25 18:51 6,208 ----a-w c:\documents and settings\perso\mqdmcmnt.sys 2008-05-25 18:51 5,936 ----a-w c:\documents and settings\perso\mqdmwhnt.sys 2008-05-25 18:51 4,048 ----a-w c:\documents and settings\perso\mqdmcr.sys 2008-05-25 18:51 25,600 ----a-w c:\documents and settings\perso\usbsermptxp.sys 2008-05-25 18:51 22,768 ----a-w c:\documents and settings\perso\usbsermpt.sys 2003-03-21 11:45 250,544 ----a-w c:\program files\Fichiers communs\keyhelp.ocx . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-25 155648] "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-07 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2006-01-07 491520] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-17 368640] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] c:\documents and settings\perso\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-08 110592] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-06-24 86792] R3 usbscan;Pilote de scanneur USB;c:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ] S3 USB28xxBGA;PCTV Hybrid Pro* Stick;c:\windows\system32\DRIVERS\emBDA.sys [2006-02-08 217216] S3 USB28xxOEM;USB 28xx OEM Filter;c:\windows\system32\DRIVERS\emOEM.sys [2006-02-08 17792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-11-03 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#7200#CN36B1C07FE0.job - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 14:18] 2008-11-07 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-01-07 05:26] 2008-11-08 c:\windows\Tasks\SyncBack sauvegarde Mes documents.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2006-10-30 14:16] 2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{A8B430C9-E2C3-4663-BE8B-037014B0460E}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 18:36] . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\perso\Application Data\Mozilla\Firefox\Profiles\15ancqds.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-08 23:56:49 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr] "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\ . Heure de fin: 2008-11-08 23:58:07 ComboFix-quarantined-files.txt 2008-11-08 22:58:01 Avant-CF: 7 462 064 128 octets libres Après-CF: 7,452,057,600 octets libres 157 --- E O F --- 2008-08-20 21:27:56