Aller au contenu

batbout

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français , anglais, arabe

batbout's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. batbout
    Merci angeliqu j'ai accomplis toutes les étapes & voici le rapport que combofix présente : ComboFix 08-11-26.03 - Administrateur 2008-11-26 8:58:21.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.229 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: C:\nriljal.exe C:\psqrhqn.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\-1531818359\ C:\nriljal.exe C:\psqrhqn.exe c:\windows\system32\drivers\TDSSmqlt.sys c:\windows\system32\gasretyw1.dll c:\windows\system32\TDSSoiqh.dll H:\abk.bat H:\autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 )))))))))))))))))))))))))))))))))))) . 2008-11-25 10:56 . 2008-11-25 11:11 <REP> d-------- c:\program files\ma-config.com 2008-11-25 10:56 . 2008-11-25 11:11 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com 2008-11-25 08:55 . 2008-11-25 08:55 <REP> d-------- c:\windows\system32\xircom 2008-11-25 08:55 . 2008-11-25 08:55 <REP> d-------- c:\program files\microsoft frontpage 2008-11-24 15:34 . 2008-11-24 15:33 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-21 15:49 . 2008-11-21 15:49 <REP> d-------- c:\program files\Sunbelt Software 2008-11-20 18:02 . 2008-11-20 18:03 2 --a------ C:\-1531818359 2008-11-19 08:17 . 2008-11-19 08:17 <REP> d-------- c:\program files\Overland 2008-11-04 14:39 . 2008-11-04 14:39 <REP> d-------- c:\program files\Uniblue 2008-11-04 13:59 . 2008-11-04 13:59 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Uniblue 2008-11-04 08:39 . 2008-11-04 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\SITEguard 2008-11-04 08:38 . 2008-11-04 08:38 <REP> d-------- c:\program files\Fichiers communs\iS3 2008-11-04 08:38 . 2008-11-04 11:10 <REP> d-------- c:\documents and settings\All Users\Application Data\STOPzilla! . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 16:38 --------- d-----w c:\documents and settings\Administrateur\Application Data\Skype 2008-11-25 15:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM 2008-11-24 14:33 --------- d-----w c:\program files\Java 2008-10-13 11:31 --------- d-----w c:\program files\Lexmark 1200 Series 2008-04-08 06:30 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-06-20 12:41 134 ----a-w c:\documents and settings\Administrateur\AutoUpdate.dat 2005-07-04 17:06 319,617 --sh--w c:\windows\system32\SalaatTime.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856] "E06FDXRC_922546"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776] "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2007-11-05 791792] "SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2005-09-09 9818112] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 1885464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-07 176128] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 185896] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560] S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [] S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [] S3 CAM1210;USB video camera;c:\windows\system32\Drivers\cam1210.sys [2007-02-01 92416] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-07-17 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-07-17 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-07-17 94000] *Newly Created Service* - CATCHME . Contenu du dossier 'Tâches planifiées' 2008-11-26 c:\windows\Tasks\Advanced Registry Optimizer.job - c:\program files\Advanced Registry Optimizer\ARO.exe [] 2008-11-25 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 13:21] 2007-06-07 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-26 09:00:16 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc25.tmp" . Heure de fin: 2008-11-26 9:01:38 ComboFix-quarantined-files.txt 2008-11-26 08:00:59 ComboFix2.txt 2008-11-25 10:17:06 ComboFix3.txt 2008-11-25 07:26:33 Avant-CF: 46 867 017 728 octets libres Après-CF: 46,866,247,680 octets libres 131 --- E O F --- 2007-11-30 16:38:41 Y a t il autre chose à faire ?
  2. batbout
    Saluts à ts, je viens d'analyser mon ordinateur avec combofix il a edité le rapport ci-aprés : ComboFix 08-11-24.01 - Administrateur 2008-11-25 8:23:30.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.267 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\abk.bat C:\autorun.inf C:\ij.bat c:\windows\system32\gasretyw0.dll c:\windows\system32\kamsoft.exe c:\windows\system32\rs32net.exe D:\abk.bat D:\Autorun.inf D:\ij.bat . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-25 au 2008-11-25 )))))))))))))))))))))))))))))))))))) . 2008-11-24 15:34 . 2008-11-24 15:33 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-21 15:49 . 2008-11-21 15:49 <REP> d-------- c:\program files\Sunbelt Software 2008-11-20 18:03 . 2008-11-20 18:03 184,848 --a------ C:\psqrhqn.exe 2008-11-20 18:03 . 2008-11-20 18:03 104,448 --a------ C:\nriljal.exe 2008-11-20 18:03 . 2008-11-20 18:03 55,808 --a------ c:\windows\system32\drivers\TDSSmqlt.sys 2008-11-20 18:03 . 2008-11-20 18:03 27,136 --a------ c:\windows\system32\TDSSoiqh.dll 2008-11-20 18:02 . 2008-11-20 18:03 2 --a------ C:\-1531818359 2008-11-20 16:06 . 2008-11-25 08:08 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll 2008-11-19 08:17 . 2008-11-19 08:17 <REP> d-------- c:\program files\Overland 2008-11-04 14:39 . 2008-11-04 14:39 <REP> d-------- c:\program files\Uniblue 2008-11-04 13:59 . 2008-11-04 13:59 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Uniblue 2008-11-04 08:39 . 2008-11-04 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\SITEguard 2008-11-04 08:38 . 2008-11-04 08:38 <REP> d-------- c:\program files\Fichiers communs\iS3 2008-11-04 08:38 . 2008-11-04 11:10 <REP> d-------- c:\documents and settings\All Users\Application Data\STOPzilla! . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 07:21 --------- d-----w c:\documents and settings\Administrateur\Application Data\Skype 2008-11-25 07:09 --------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM 2008-11-24 14:33 --------- d-----w c:\program files\Java 2008-10-13 11:31 --------- d-----w c:\program files\Lexmark 1200 Series 2008-04-08 06:30 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-06-20 12:41 134 ----a-w c:\documents and settings\Administrateur\AutoUpdate.dat 2005-07-04 17:06 319,617 --sh--w c:\windows\system32\SalaatTime.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856] "E06FDXRC_922546"="c:\program files\Microsoft Encarta\Collection Microsoft Encarta 2006\EDICT.EXE" [2005-06-04 301776] "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2007-11-05 791792] "SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2005-09-09 9818112] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "Google Update"="c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-10-22 1885464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-07 176128] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-08 185896] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Assistant d'Acrobat.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560] S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [] S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [] S3 CAM1210;USB video camera;c:\windows\system32\Drivers\cam1210.sys [2007-02-01 92416] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-07-17 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-07-17 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-07-17 94000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16a9d797-18b0-11dc-a1c7-0001803e02a8}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3583da90-9996-11dc-a256-0001803e02a8}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39ad5612-38e9-11dc-a1eb-0001803e02a8}] \Shell\Auto\command - G:\printer.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e86893a-13f8-11dc-a1bc-0001803e02a8}] \Shell\AutoRun\command - G:\0u.cmd \Shell\explore\Command - G:\0u.cmd \Shell\open\Command - G:\0u.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41b1cdaa-941d-11dc-a24d-0001803e02a8}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bbfea65-a593-11dd-a40f-0001803e02a8}] \Shell\AutoRun\command - idjx0e.exe \Shell\explore\Command - idjx0e.exe \Shell\open\Command - idjx0e.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7301fc3c-17ee-11dc-a1c5-0001803e02a8}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{816f13aa-0b7b-11dd-a313-0001803e02a8}] \Shell\AutoRun\command - G:\8de.bat \Shell\explore\Command - G:\8de.bat \Shell\open\Command - G:\8de.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88d00d91-0172-11dd-a302-0001803e02a8}] \Shell\AutoRun\command - fooool.exe \Shell\explore\Command - fooool.exe \Shell\open\Command - fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2267b9c-c803-11dc-a291-0001803e02a8}] \Shell\AutoRun\command - G:\xn1i9x.com \Shell\explore\Command - G:\xn1i9x.com \Shell\open\Command - G:\xn1i9x.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf507848-1996-11dc-a1c8-0001803e02a8}] \Shell\AutoRun\command - H:\abk.bat \Shell\explore\Command - H:\abk.bat \Shell\open\Command - H:\abk.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf507849-1996-11dc-a1c8-0001803e02a8}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7b14e66-3921-11dd-a36b-0001803e02a8}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-11-24 c:\windows\Tasks\Advanced Registry Optimizer.job - c:\program files\Advanced Registry Optimizer\ARO.exe [] 2008-11-24 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 13:21] 2007-06-07 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nt4emrd3.default\ FF -: plugin - c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 08:25:03 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc25.tmp" . Heure de fin: 2008-11-25 8:26:31 ComboFix-quarantined-files.txt 2008-11-25 07:25:51 Avant-CF: 47 029 350 400 octets libres Après-CF: 47,094,276,096 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 186 --- E O F --- 2007-11-30 16:38:41 Quelqu'un peut me dire que doit je faire ?
×
×
  • Créer...