Aller au contenu

tatzumi

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

tatzumi's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. tatzumi
    bonjour, je souhaiterai savoir si il était possible d'analyser mon rapport combofix afin de savoir si mon PC est encore contaminé. merci tatzumi ComboFix 10-03-17.01 - steve 17/03/2010 21:32:42.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1024.650 [GMT 1:00] Lancé depuis: c:\documents and settings\steve\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100317-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-17 au 2010-03-17 )))))))))))))))))))))))))))))))))))) . 2010-03-08 22:27 . 2010-03-08 22:27 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys 2010-03-08 22:27 . 2010-03-08 22:27 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys 2010-03-08 21:21 . 2010-03-08 21:21 -------- d-----w- c:\documents and settings\steve\Application Data\Malwarebytes 2010-03-08 21:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-08 21:21 . 2010-03-08 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-08 21:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-08 21:21 . 2010-03-08 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-08 21:14 . 2010-03-08 21:14 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-03-06 11:52 . 2010-03-06 11:52 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-05 11:46 . 2008-04-13 10:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-03-05 11:46 . 2008-04-13 10:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-03-05 11:46 . 2008-04-13 10:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-03-05 11:46 . 2008-04-13 10:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-03-05 11:26 . 2008-04-13 10:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-03-05 11:26 . 2008-04-13 10:41 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-03-02 18:27 . 2010-03-03 22:26 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\CygniCon 2010-03-02 18:25 . 2010-03-02 18:25 -------- d-----w- c:\program files\Fichiers communs\DWGdirectX 2.5 2010-03-02 18:25 . 2010-03-02 18:25 -------- d-----w- c:\program files\Open Design Alliance 2010-03-02 18:25 . 2003-05-28 00:11 110592 ----a-w- c:\windows\system32\tsccvid.dll 2010-03-02 18:25 . 2010-03-02 18:25 -------- d-----w- c:\documents and settings\steve\Application Data\Anuman Interactive 2010-03-02 18:25 . 2008-03-05 18:07 348160 ----a-w- c:\documents and settings\steve\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe 2010-03-02 18:23 . 2008-05-08 11:37 2741248 ----a-w- c:\windows\system32\CyViewer.dll 2010-03-02 18:23 . 2006-09-26 06:44 62464 ----a-w- c:\windows\system32\sevLock.dll 2010-03-02 18:08 . 2010-03-02 18:08 -------- d-----w- c:\program files\Anuman Interactive 2010-02-22 20:30 . 2010-02-22 20:30 -------- d-sh--w- c:\documents and settings\sylvie\IETldCache 2010-02-22 19:37 . 2010-02-22 19:37 -------- d-sh--w- c:\documents and settings\zoe\IETldCache 2010-02-22 19:18 . 2010-02-22 19:18 -------- d-sh--w- c:\documents and settings\steve\IETldCache 2010-02-22 16:45 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-02-22 16:44 . 2010-02-24 15:32 -------- d-----w- c:\windows\ie8updates 2010-02-22 16:44 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-02-22 16:44 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-02-22 16:44 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-02-22 16:44 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-02-22 16:44 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-22 16:44 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-02-22 16:42 . 2010-02-22 16:43 -------- dc-h--w- c:\windows\ie8 2010-02-18 13:57 . 2010-02-18 13:57 -------- d-----w- c:\program files\Windows Media Connect 2 2010-02-18 13:55 . 2010-02-18 13:56 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-02-18 13:55 . 2010-02-18 13:55 -------- d-----w- c:\windows\system32\LogFiles 2010-02-17 18:25 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system32\WING32.DLL 2010-02-17 18:16 . 2010-02-17 18:16 -------- d-----w- C:\INFOGRAM 2010-02-17 18:16 . 1996-05-09 12:53 34800 ----a-w- c:\windows\Unwise.exe 2010-02-17 18:16 . 1994-09-21 00:00 92208 ----a-w- c:\windows\system\WING.DLL 2010-02-17 18:16 . 1994-09-21 00:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV 2010-02-17 18:16 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system\WING32.DLL 2010-02-17 18:16 . 1994-08-24 00:00 188960 ----a-w- c:\windows\system\WINGDE.DLL 2010-02-17 18:05 . 2010-02-17 18:05 -------- d-----w- C:\hegames 2010-02-17 17:10 . 2010-02-17 17:10 -------- d-----w- c:\program files\directx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-17 18:24 . 2009-06-12 18:52 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-03-11 10:13 . 2009-11-30 22:16 79488 ----a-w- c:\documents and settings\sylvie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-10 20:56 . 2009-12-05 11:55 79488 ----a-w- c:\documents and settings\steve\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-10 14:00 . 2010-03-10 14:00 -------- d-----w- c:\documents and settings\sylvie\Application Data\Malwarebytes 2010-03-08 22:27 . 2009-06-10 20:57 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2010-03-05 13:48 . 2010-03-05 13:48 16 ----a-w- c:\documents and settings\NetworkService\Application Data\rbuwzv.dat 2010-03-01 17:48 . 2010-01-13 16:10 79488 ----a-w- c:\documents and settings\zoe\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-01 14:04 . 2009-10-01 16:33 -------- d-----w- c:\program files\McDonaldsFairies 2010-02-17 18:05 . 2010-02-17 18:05 4 ----a-w- C:\timestmp.tmp 2010-02-17 18:02 . 2009-09-03 16:50 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-02-17 18:02 . 2009-09-03 16:50 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-02-17 18:02 . 2009-09-03 16:50 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-02-17 15:23 . 2009-07-30 08:27 1 ----a-w- c:\documents and settings\sylvie\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-27 21:22 . 2009-10-07 19:17 -------- d-----w- c:\documents and settings\steve\Application Data\vlc 2010-01-13 16:04 . 2009-08-03 09:56 21984 ----a-w- c:\documents and settings\zoe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-09 23:34 . 2001-08-28 12:00 84526 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-09 23:34 . 2001-08-28 12:00 510324 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-09 13:03 . 2009-06-15 19:39 21984 ----a-w- c:\documents and settings\sylvie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-08 19:56 . 2009-06-15 18:07 21984 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-31 16:50 . 2001-08-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:07 . 2002-08-29 09:45 916480 ----a-w- c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-05-02 49152] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768] "nwiz"="nwiz.exe" [2003-05-02 323584] "GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 94208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\sylvie\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-12-17 10:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-08-03 10:06 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [10/06/2009 21:53 77056] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/06/2009 21:04 114768] R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14/08/2002 14:11 5632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/12/2009 17:50 20560] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.mini20.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\ombg5i3c.default\ FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-09905932 - c:\docume~1\ALLUSE~1\APPLIC~1\09905932\09905932.exe AddRemove-SmurfEd - c:\infogram\SMURFED\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-17 21:36 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3880) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2010-03-17 21:38:33 ComboFix-quarantined-files.txt 2010-03-17 20:38 Avant-CF: 38 794 412 032 octets libres Après-CF: 39 317 352 448 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn - - End Of File - - A7D7C340CC29DBF30A4478FD65B7D30C
×
×
  • Créer...