porriez vous maider a interprété le resultat du log de combofix

[tunisiano]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Invité\Application Data\ShoppingReport

C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Invité\Application Data\ShoppingReport\cs\res2\WhiteList.dbs

C:\Documents and Settings\Invité\Application Data\urlredir.cfg

C:\Documents and Settings\mani\Application Data\ShoppingReport

C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\Config.xml

C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\res2\WhiteList.dbs

C:\Documents and Settings\mani\Application Data\urlredir.cfg

C:\Documents and Settings\mani\Mes documents\My Documents.url

C:\Documents and Settings\WALID\Application Data\ShoppingReport

C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\Config.xml

C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\WALID\Application Data\ShoppingReport\cs\res1\WhiteList.dbs

C:\Documents and Settings\WALID\Application Data\urlredir.cfg

C:\Program Files\AAV

C:\Program Files\AAV\aav.ooo

C:\Program Files\AAV\aav1.dat

C:\Program Files\Applications\iebr.dll

C:\Program Files\Applications\iebt.dll

C:\Program Files\Applications\iebu.exe

C:\Program Files\Applications\myd.ico

C:\Program Files\Applications\mym.ico

C:\Program Files\Applications\myp.ico

C:\Program Files\Applications\myv.ico

C:\Program Files\Applications\ot.ico

C:\Program Files\Applications\ts.ico

C:\Program Files\Dcads Advanced Toolbar

C:\Program Files\Dcads Advanced Toolbar\buttons.xml

C:\Program Files\Dcads Advanced Toolbar\search.xml

C:\Program Files\Dcads Advanced Toolbar\toolbar.dll

C:\Program Files\Dcads Advanced Toolbar\uninstall.exe

C:\Program Files\ShoppingReport

C:\Program Files\ShoppingReport\Uninst.exe

C:\WINDOWS\cookies.ini

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\_006574_.tmp.dll

C:\WINDOWS\system32\_006575_.tmp.dll

C:\WINDOWS\system32\_006576_.tmp.dll

C:\WINDOWS\system32\_006577_.tmp.dll

C:\WINDOWS\system32\_006584_.tmp.dll

C:\WINDOWS\system32\_006585_.tmp.dll

C:\WINDOWS\system32\_006586_.tmp.dll

C:\WINDOWS\system32\_006587_.tmp.dll

C:\WINDOWS\system32\_006589_.tmp.dll

C:\WINDOWS\system32\_006590_.tmp.dll

C:\WINDOWS\system32\_006593_.tmp.dll

C:\WINDOWS\system32\_006594_.tmp.dll

C:\WINDOWS\system32\_006596_.tmp.dll

C:\WINDOWS\system32\_006597_.tmp.dll

C:\WINDOWS\system32\_006598_.tmp.dll

C:\WINDOWS\system32\_006600_.tmp.dll

C:\WINDOWS\system32\_006603_.tmp.dll

C:\WINDOWS\system32\_006604_.tmp.dll

C:\WINDOWS\system32\_006608_.tmp.dll

C:\WINDOWS\system32\_006609_.tmp.dll

C:\WINDOWS\system32\_006611_.tmp.dll

C:\WINDOWS\system32\_006614_.tmp.dll

C:\WINDOWS\system32\_006616_.tmp.dll

C:\WINDOWS\system32\_006617_.tmp.dll

C:\WINDOWS\system32\_006618_.tmp.dll

C:\WINDOWS\system32\_006619_.tmp.dll

C:\WINDOWS\system32\_006620_.tmp.dll

C:\WINDOWS\system32\_006623_.tmp.dll

C:\WINDOWS\system32\_006624_.tmp.dll

C:\WINDOWS\system32\_006625_.tmp.dll

C:\WINDOWS\system32\_006626_.tmp.dll

C:\WINDOWS\system32\_006627_.tmp.dll

C:\WINDOWS\system32\_006632_.tmp.dll

C:\WINDOWS\system32\_006634_.tmp.dll

C:\WINDOWS\system32\adssitesuggest.dll

C:\WINDOWS\system32\dcads-remove.exe

C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

C:\WINDOWS\system32\DcadsSocial-uninstall.exe

C:\WINDOWS\system32\dcadssuggest.dll

C:\WINDOWS\system32\msssc.dll

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\superiorads-uninst.exe

C:\WINDOWS\system32\wav.cpl

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-18 au 2008-10-18 ))))))))))))))))))))))))))))))))))))

.

 

2008-10-17 21:17 . 2008-10-17 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-10-17 21:08 . 2008-10-17 21:18 <REP> d-------- C:\Program Files\Lavasoft

2008-10-17 21:08 . 2008-10-17 21:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-10-17 20:15 . 2008-10-17 21:08 <REP> d-------- C:\Program Files\Spyware Doctor

2008-10-17 20:11 . 2008-10-17 20:11 <REP> d-------- C:\Documents and Settings\WALID\Application Data\PC Tools

2008-10-17 20:07 . 2008-10-17 20:07 <REP> d-------- C:\Program Files\WAV

2008-10-17 17:58 . 2008-10-17 18:08 <REP> d-------- C:\WINDOWS\system32\fr-fr

2008-10-17 17:58 . 2008-10-17 18:08 <REP> d-------- C:\WINDOWS\system32\fr

2008-10-17 17:58 . 2008-10-17 18:08 <REP> d-------- C:\WINDOWS\l2schemas

2008-10-17 17:45 . 2007-10-25 18:56 8,510,976 --a------ C:\WINDOWS\system32\dllcache\shell32.dll

2008-10-17 17:44 . 2008-08-14 15:44 2,182,400 --a------ C:\WINDOWS\system32\ntoskrnl.exe

2008-10-16 23:40 . 2008-10-18 17:59 <REP> d-------- C:\Program Files\Applications

2008-10-16 23:31 . 2008-10-16 23:34 79,085 --a------ C:\WINDOWS\system32\smeitkofqliadkt.exe

2008-10-15 18:56 . 2008-10-15 18:56 385 --a------ C:\WINDOWS\ODBC.INI

2008-10-15 18:55 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-10-15 18:53 . 2008-10-15 18:54 <REP> d-------- C:\WINDOWS\SHELLNEW

2008-10-15 18:53 . 2008-10-15 18:53 <REP> d-------- C:\Program Files\Microsoft.NET

2008-10-15 17:58 . 2006-08-23 12:10 2,300,928 --a------ C:\WINDOWS\system32\qtp-mt334.dll

2008-10-15 17:58 . 2006-08-23 12:10 30,808 --a------ C:\WINDOWS\system32\drivers\hotcore2.sys

2008-10-15 17:58 . 2006-08-23 12:10 5,632 --a------ C:\WINDOWS\system32\wnaspi32.dll

2008-10-14 23:22 . 2008-10-18 14:32 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-13 19:27 . 2001-08-23 17:47 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2008-10-13 19:27 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll

2008-10-13 19:27 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll

2008-10-13 19:27 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll

2008-10-13 19:27 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll

2008-10-13 19:27 . 2001-08-17 22:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

2008-10-12 19:00 . 2008-10-18 15:35 1,417 --a------ C:\WINDOWS\mgutil_reg.ini

2008-10-12 18:02 . 2008-10-18 15:27 173 --a------ C:\WINDOWS\mgutil_win.ini

2008-10-12 18:01 . 2008-10-18 15:26 <REP> d-------- C:\Program Files\Mgutil

2008-10-08 20:42 . 2008-10-08 20:42 <REP> d-------- C:\Documents and Settings\Invité\Application Data\OpenOffice.org2

2008-10-07 19:02 . 2008-10-07 19:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-06 17:08 . 2008-10-06 17:08 <REP> d-------- C:\Program Files\SuperCopier2

2008-10-04 19:18 . 2008-04-14 04:33 8,517,632 --a------ C:\WINDOWS\system32\SET58FC.tmp

2008-10-04 19:17 . 2008-04-14 04:33 3,066,880 --a------ C:\WINDOWS\system32\SET59E7.tmp

2008-10-04 19:16 . 2008-04-14 04:33 1,267,200 --a------ C:\WINDOWS\system32\SET5B14.tmp

2008-10-04 19:15 . 2008-04-14 04:33 193,536 --a------ C:\WINDOWS\system32\SET5B62.tmp

2008-10-04 19:15 . 2008-04-14 04:33 98,304 --a------ C:\WINDOWS\system32\SET5B60.tmp

2008-10-04 12:19 . 2005-09-20 09:36 147,456 --a------ C:\WINDOWS\system32\igfxres.dll

2008-10-03 23:27 . 2008-10-03 23:47 <REP> d-------- C:\WINDOWS\system32\NtmsData

2008-10-03 22:53 . 2008-10-03 22:53 <REP> d-------- C:\Program Files\LG Electronics

2008-10-03 22:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-10-03 22:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys

2008-10-03 22:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-10-03 22:47 . 2008-10-03 22:48 <REP> d-------- C:\Program Files\LG PC Suite 2

2008-10-03 22:45 . 2008-10-03 22:45 <REP> d-------- C:\Documents and Settings\WALID\Application Data\InstallShield

2008-10-03 22:04 . 2008-10-03 22:04 <REP> d-------- C:\Program Files\Microsoft Silverlight

2008-10-02 20:13 . 2008-10-02 20:16 <REP> d-------- C:\Program Files\Macromedia

2008-10-02 20:13 . 2008-10-09 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia

2008-09-29 11:38 . 2008-09-29 11:38 <REP> d-------- C:\Program Files\Bonjour

2008-09-29 11:23 . 2008-09-29 11:23 <REP> d-------- C:\Program Files\Safari

2008-09-28 12:38 . 2008-09-29 11:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-09-28 12:38 . 2008-09-28 12:38 1,409 --a------ C:\WINDOWS\QTFont.for

2008-09-28 12:27 . 2008-09-28 12:27 <REP> d-------- C:\Program Files\Blender Foundation

2008-09-21 23:45 . 2008-09-21 23:45 <REP> d-------- C:\Program Files\PC Drivers HeadQuarters

2008-09-21 23:45 . 2008-09-21 23:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters

2008-09-21 16:34 . 2008-09-21 16:34 <REP> d-------- C:\Documents and Settings\WALID\Application Data\Leadertech

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-18 15:36 --------- d-----w C:\Documents and Settings\WALID\Application Data\Azureus

2008-10-17 20:51 --------- d-----w C:\Program Files\eMule

2008-10-17 19:08 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-10-17 17:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater

2008-10-16 21:34 15,360 --s-a-w C:\WINDOWS\system32\bmztmss.dll

2008-10-13 11:40 --------- d-----w C:\Documents and Settings\WALID\Application Data\OpenOffice.org2

2008-10-11 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-08 14:08 --------- d-----w C:\Documents and Settings\mani\Application Data\LimeWire

2008-10-08 14:07 --------- d-----w C:\Documents and Settings\mani\Application Data\Azureus

2008-10-07 17:03 --------- d-----w C:\Program Files\iTunes

2008-10-07 17:02 --------- d-----w C:\Program Files\iPod

2008-10-06 17:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-10-03 20:58 --------- d-----w C:\Program Files\Picasa2

2008-10-01 11:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-09-29 23:01 --------- d-----w C:\Documents and Settings\WALID\Application Data\Apple Computer

2008-09-29 10:45 --------- d-----w C:\Program Files\Apple Software Update

2008-09-29 09:38 --------- d-----w C:\Program Files\QuickTime

2008-09-29 09:37 --------- d-----w C:\Program Files\Fichiers communs\Apple

2008-09-27 20:39 --------- d-----w C:\Documents and Settings\WALID\Application Data\Ahead

2008-09-27 11:34 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-24 19:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!

2008-09-15 22:15 --------- d-----r C:\Documents and Settings\WALID\Application Data\Brother

2008-09-15 21:09 --------- d-----w C:\Documents and Settings\WALID\Application Data\Creative

2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-09-13 20:37 --------- d-----w C:\Program Files\Nuclear Coffee

2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys

2008-08-14 13:44 2,182,400 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-08-14 13:44 2,138,112 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-14 13:44 2,059,776 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-08-14 13:44 2,017,792 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-07-31 09:50 3,082 ----a-w C:\WINDOWS\system32\affv9553p4now.sys

2008-07-31 09:36 3,532 ----a-w C:\drmHeader.bin

2008-07-25 13:23 237,568 ----a-w C:\WINDOWS\system32\TubeFinder.exe

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR

2007-12-27 00:26 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-22 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{fef6ace8-bb45-4009-8342-63415164d691}"= "C:\WINDOWS\system32\bmztmss.dll" [2008-10-16 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"VIDC.ACDV"= ACDV.dll

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\messenger\\msmsgs.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\WINDOWS\\system32\\muzapp.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=

"C:\\Program Files\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"=

"C:\\Program Files\\EasyPHP\\apache\\Apache.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3333:TCP"= 3333:TCP:svchost

"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)

"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

 

R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\DRIVERS\MUsbFltr.syS []

R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\DRIVERS\UsbFltr.syS []

R3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

R3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

R3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 08:04]

S0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-08-23 12:10]

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\DRIVERS\aswSP.syS [2008-07-19 16:35]

S1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\kbfilter.syS [2003-03-27 14:55]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

S3 P0870Dev;Creative WebCam Live! Motion;C:\WINDOWS\system32\DRIVERS\P0870Dev.sys [2005-06-29 19:00]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - ta2.cmd

\Shell\explore\Command - ta2.cmd

\Shell\open\Command - ta2.cmd

.

Contenu du dossier 'Tâches planifiées'

 

2008-10-18 C:\WINDOWS\Tasks\A8D6E79A93619F82.job

- c:\docume~1\mani\applic~1\1store~1\objopenatom.exe []

 

2008-10-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2008-10-18 C:\WINDOWS\Tasks\RegCure Program Check.job

- C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21]

 

2008-10-16 C:\WINDOWS\Tasks\RegCure.job

- C:\Program Files\RegCure\RegCure.exe [2008-04-21 23:21]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-lbnarcxjihw - C:\WINDOWS\system32\ovxrgsxxbncbub.dll

HKLM-Run-ANTIVIRUS - C:\Program Files\AAV\aav.exe

HKLM-Run-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe

Notify-dimsntfy - (no file)

 

 

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Documents and Settings\WALID\Application Data\Mozilla\Firefox\Profiles\wu0c160t.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr-fr.facebook.com/

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-18 18:01:27

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\DOCUME~1\WALID\LOCALS~1\Temp\mc23.tmp"

.

------------------------ Autres processus actifs ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\igfxsrvc.exe

.

[Falkra]

** Bonsoir, **

 

c'était pour... ?

 

Combofix ne doit pas être utilisé sans supervision, c'est dangereux, tout simplement...