Aller au contenu

Tiffany

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Francais, Anglais

Tiffany's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Tiffany
    Voicy mon rapport Combofix: ComboFix 12-08-15.01 - Oliver 15/08/2012 15:54:21.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2037.1516 [GMT -4:00] Lancé depuis: E:\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} * Un nouveau point de restauration a été créé . AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Oliver\Application Data\PriceGong c:\documents and settings\Oliver\Application Data\PriceGong\Data\1.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\a.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\b.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\c.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\d.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\e.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\f.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\g.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\h.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\i.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\J.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\k.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\l.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\m.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\n.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\o.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\p.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\q.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\r.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\s.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\t.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\u.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\v.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\w.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\x.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\y.xml c:\documents and settings\Oliver\Application Data\PriceGong\Data\z.xml c:\documents and settings\Oliver\Recent\Thumbs.db c:\program files\Internet Explorer\SET136.tmp c:\program files\Internet Explorer\SET137.tmp c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000008_.tmp.dll c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000012_.tmp.dll c:\windows\system32\SET126.tmp c:\windows\system32\SET127.tmp c:\windows\system32\SET12B.tmp c:\windows\system32\SET12C.tmp c:\windows\system32\SET12D.tmp c:\windows\system32\SET131.tmp c:\windows\system32\SET132.tmp c:\windows\system32\SET133.tmp c:\windows\system32\SET137.tmp c:\windows\system32\SET13F.tmp c:\windows\system32\SET141.tmp c:\windows\system32\SET15C.tmp c:\windows\system32\SET15E.tmp c:\windows\system32\SET16C.tmp c:\windows\system32\SET1A8.tmp c:\windows\system32\SET1A9.tmp c:\windows\system32\SET1AD.tmp c:\windows\system32\SET1AE.tmp c:\windows\system32\SET1AF.tmp c:\windows\system32\SET1B3.tmp c:\windows\system32\SET1B5.tmp c:\windows\system32\SET20B.tmp c:\windows\system32\SET271.tmp c:\windows\system32\SET41B.tmp c:\windows\system32\SET422.tmp c:\windows\system32\SET427.tmp c:\windows\system32\SET47D.tmp c:\windows\system32\SET47F.tmp c:\windows\system32\SET483.tmp c:\windows\system32\SET484.tmp c:\windows\system32\SET48B.tmp c:\windows\system32\SET5D.tmp c:\windows\system32\SET6.tmp c:\windows\system32\SETBD.tmp D:\install.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-07-15 au 2012-08-15 )))))))))))))))))))))))))))))))))))) . . 2012-08-15 19:45 . 2012-08-15 19:45 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D110DBF-9D07-4BD9-8054-69A0CF65409A}\MpKsl3a736272.sys 2012-08-08 03:08 . 2012-08-15 18:22 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D110DBF-9D07-4BD9-8054-69A0CF65409A}\offreg.dll 2012-07-24 00:41 . 2012-06-29 05:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D110DBF-9D07-4BD9-8054-69A0CF65409A}\mpengine.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-29 05:44 . 2009-11-25 22:18 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-13 13:55 . 2008-12-15 21:31 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-12-15 21:31 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2008-12-15 21:31 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-12-15 21:31 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19 . 2008-10-16 19:08 16408 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19 . 2008-12-15 13:47 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2008-12-15 13:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2008-12-15 13:47 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2008-12-15 21:31 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2008-12-15 13:47 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2008-12-15 13:47 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2008-10-16 19:08 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2008-10-16 19:07 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2008-12-15 13:47 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2008-12-15 13:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 19:19 . 2008-10-16 19:09 25112 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:18 . 2009-07-08 10:46 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18 . 2009-07-08 10:46 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:18 . 2009-07-08 10:46 18672 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2008-12-15 21:31 606208 ----a-w- c:\windows\system32\crypt32.dll 2012-05-31 03:41 . 2010-03-23 01:43 6762896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{f2c43291-151e-499c-98a7-923c120b88fa}"= "c:\program files\PhotoJoy_US\prxtbPhot.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{f2c43291-151e-499c-98a7-923c120b88fa}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-02-11 12:00 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2c43291-151e-499c-98a7-923c120b88fa}] 2011-05-09 09:49 176936 ----a-w- c:\program files\PhotoJoy_US\prxtbPhot.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-02-11 3911776] "{f2c43291-151e-499c-98a7-923c120b88fa}"= "c:\program files\PhotoJoy_US\prxtbPhot.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{f2c43291-151e-499c-98a7-923c120b88fa}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-02-11 3911776] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-15 396152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "Q-Face agent"="c:\program files\MSI\MSI Q-Face\webtest.exe" [2008-11-25 12288] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-10-09 688128] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752] "RTHDCPL"="RTHDCPL.EXE" [2008-05-08 16862208] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Documents and Settings\\Oliver\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Jack v1.9.6\\jackd.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "d:\\World of Warcraft\\Launcher.exe"= "d:\\World of Warcraft\\BackgroundDownloader.exe"= . R1 MpKsl3a736272;MpKsl3a736272;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D110DBF-9D07-4BD9-8054-69A0CF65409A}\MpKsl3a736272.sys [15/08/2012 3:45 PM 29904] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [15/12/2010 7:45 PM 42496] R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [29/01/2007 2:40 AM 449408] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [15/12/2008 11:26 AM 156160] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [16/12/2008 5:33 PM 159744] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [15/12/2008 11:39 AM 704384] . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - MPKSL3A736272 *NewlyCreated* - RASAUTO . Contenu du dossier 'Tâches planifiées' . 2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1593711260-3292781049-1587478411-1005Core.job - c:\documents and settings\Oliver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-18 13:22] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1593711260-3292781049-1587478411-1005UA.job - c:\documents and settings\Oliver\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-18 13:22] . 2012-08-15 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://search.babylon.com/?affID=113480&tt=060612_5_&babsrc=HP_ss&mntrId=24296855000000000000002185dfd9ff uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHELINS SUPPRIMES - - - - . HKCU-Run-PhotoJoy - c:\program files\PhotoJoy\bin\PhotoJoy.exe AddRemove-WinRAR archiver - c:\documents and settings\Oliver\Bureau\`\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-15 16:01 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(844) c:\windows\system32\igfxdev.dll . Heure de fin: 2012-08-15 16:03:59 ComboFix-quarantined-files.txt 2012-08-15 20:03 . Avant-CF: 9,143,218,176 octets libres Après-CF: 10,336,608,256 octets libres . - - End Of File - - E2BF713C188157EE6C9C8D2953C69888
×
×
  • Créer...