Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

rapport combofix

dongonchalves

Par dongonchalves
dans Analyses et éradication malwares

 Partager

Messages recommandés

dongonchalves Junior Member

dongonchalves

Posté(e)
Posté(e)

Je ne trouve pas comment envoyer le log en pièce jointe, donc je vous en fait un copier/coller, :P

 

Si vous pouviez m'aider à savoir si tout est bien désinfecté, ou si non, savoir ce qu'il me reste à faire. En vous remerciant d'avance,... bonne journéeà vous tous. :P

 

 

 

 

 

ComboFix 09-09-18.02 - PEREIRA 20/09/2009 14:17.1.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.238 [GMT 2:00]

Lancé depuis: c:\documents and settings\PEREIRA\Bureau\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\PEREIRA\Application Data\.#

c:\documents and settings\PEREIRA\Application Data\.#\MBX@624@394180.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@624@3941B0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@624@3941E0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@8C@394180.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@8C@3941B0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@8C@3941E0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@A64@394180.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@A64@3941B0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@A64@3941E0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@EFC@394180.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@EFC@3941B0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@EFC@3941E0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@F30@394180.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@F30@3941B0.###

c:\documents and settings\PEREIRA\Application Data\.#\MBX@F30@3941E0.###

c:\documents and settings\PEREIRA\Application Data\MessengerSkinner

c:\documents and settings\PEREIRA\Application Data\MessengerSkinner\Userdata\languages_v2.xml

c:\documents and settings\PEREIRA\Application Data\MessengerSkinner\Userdata\pack1.cab

c:\documents and settings\PEREIRA\new.txt

c:\program files\QUAD Utilities

c:\recycler\S-1-5-21-4001650603-3033728187-3901433188-1003

c:\windows\Installer\13ef612.msp

c:\windows\Installer\142ab72.msp

c:\windows\Installer\142ab73.msp

c:\windows\Installer\142ab74.msp

c:\windows\Installer\142ab75.msp

c:\windows\Installer\142ab76.msp

c:\windows\Installer\142ab77.msp

c:\windows\Installer\142ab78.msp

c:\windows\Installer\142ab79.msp

c:\windows\Installer\142ab7a.msp

c:\windows\Installer\149bc47.msp

c:\windows\Installer\149bc48.msp

c:\windows\Installer\149bc49.msp

c:\windows\Installer\149bc4a.msp

c:\windows\Installer\149bc4b.msp

c:\windows\Installer\149bc4c.msp

c:\windows\Installer\149bc4d.msp

c:\windows\Installer\149bc4e.msp

c:\windows\Installer\149bc4f.msp

c:\windows\Installer\149bc50.msp

c:\windows\Installer\14c9e5d.msp

c:\windows\Installer\14c9e68.msp

c:\windows\Installer\14c9e74.msp

c:\windows\Installer\260e118.msp

c:\windows\Installer\260e119.msp

c:\windows\Installer\260e11a.msp

c:\windows\Installer\260e11b.msp

c:\windows\Installer\260e11c.msp

c:\windows\Installer\2f63b3.msp

c:\windows\Installer\2f63b4.msp

c:\windows\Installer\2f63b5.msp

c:\windows\Installer\2f63b6.msp

c:\windows\Installer\2f63b7.msp

c:\windows\Installer\2f63b8.msp

c:\windows\Installer\2f63b9.msp

c:\windows\Installer\2f63ba.msp

c:\windows\Installer\2f63bb.msp

c:\windows\Installer\3410d32.msp

c:\windows\Installer\3410d3b.msp

c:\windows\Installer\3410d44.msp

c:\windows\Installer\3410d4e.msp

c:\windows\Installer\3410d57.msp

c:\windows\Installer\3410d61.msp

c:\windows\Installer\3410d6a.msp

c:\windows\Installer\3410d73.msp

c:\windows\Installer\35c47a6.msp

c:\windows\Installer\37791dc.msp

c:\windows\Installer\3a27c2.msp

c:\windows\Installer\3a27c3.msp

c:\windows\Installer\3a27c4.msp

c:\windows\Installer\3a27c5.msp

c:\windows\Installer\3a27c6.msp

c:\windows\Installer\3a27c7.msp

c:\windows\Installer\3a27c8.msp

c:\windows\Installer\3a27c9.msp

c:\windows\Installer\3a27ca.msp

c:\windows\Installer\3a27cb.msp

c:\windows\Installer\4fde02.msp

c:\windows\Installer\4fde0b.msp

c:\windows\Installer\4fde15.msp

c:\windows\Installer\4fde1e.msp

c:\windows\Installer\4fde31.msp

c:\windows\Installer\4fde3b.msp

c:\windows\Installer\4fde44.msp

c:\windows\Installer\4fde4d.msp

c:\windows\Installer\4fde56.msp

c:\windows\Installer\619aec.msp

c:\windows\Installer\664a4.msp

c:\windows\Installer\6ef13.msp

c:\windows\pack.epk

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\drivers\eicon.txt

c:\windows\system32\win.ini

E:\AUTORUN.INF

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-20 au 2009-09-20 ))))))))))))))))))))))))))))))))))))

.

 

2009-09-19 16:58 . 2009-09-19 16:58 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\ESET

2009-09-19 16:55 . 2009-09-19 16:55 -------- d-----w- c:\program files\ESET

2009-09-19 16:55 . 2009-09-19 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-09-19 12:48 . 2009-09-19 12:48 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\Canneverbe_Limited

2009-09-19 12:48 . 2009-09-19 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited

2009-09-19 12:48 . 2009-09-19 12:48 -------- d-----w- c:\program files\CDBurnerXP

2009-09-18 18:27 . 2009-09-19 13:18 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-16 15:43 . 2001-08-23 15:47 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-09-16 15:43 . 2008-04-14 02:33 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-09-13 11:16 . 2009-09-13 11:17 -------- d--h--w- c:\windows\ie8

2009-09-13 07:32 . 2009-09-13 11:16 -------- d-----w- C:\ee4df3e869c8cf225c0698e5191e35

2009-09-10 20:45 . 2009-09-10 20:45 -------- d-----w- c:\documents and settings\Administrateur.ORDIPEREIRA\IECompatCache

2009-09-10 20:37 . 2009-09-13 22:40 -------- d-----w- c:\documents and settings\Administrateur.ORDIPEREIRA\Tracing

2009-09-09 20:00 . 2009-09-09 20:00 -------- d-sh--w- c:\documents and settings\Administrateur.ORDIPEREIRA\PrivacIE

2009-09-09 09:56 . 2009-09-09 09:56 -------- d-----w- c:\windows\system32\wbem\Repository

2009-09-09 09:55 . 2009-09-09 09:55 -------- d-----w- c:\documents and settings\PEREIRA\Local Settings\Application Data\PC_Drivers_Headquarters

2009-09-09 09:52 . 2009-09-09 09:52 -------- d-----w- C:\i386

2009-09-09 09:52 . 2009-09-17 18:32 -------- d-----w- C:\1a73da58bfa72de9b4527d

2009-09-09 06:58 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2009-09-08 21:05 . 2009-09-08 21:05 -------- d-----w- c:\documents and settings\Administrateur\PrivacIE

2009-09-08 21:05 . 2009-09-08 21:05 -------- d-----w- c:\documents and settings\Administrateur\IETldCache

2009-08-29 23:52 . 2009-08-29 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2009-08-29 23:52 . 2009-08-29 23:52 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2009-08-29 23:51 . 2009-08-29 23:51 -------- d-----w- c:\documents and settings\PEREIRA\Local Settings\Application Data\Downloaded Installations

2009-08-29 23:49 . 2009-09-09 09:18 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\GetRightToGo

2009-08-29 23:44 . 2009-08-29 23:44 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\Uniblue

2009-08-21 19:42 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-21 19:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-21 19:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-21 19:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-21 19:42 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-21 19:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-21 19:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-21 16:35 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-08-21 16:34 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-08-21 16:33 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-08-21 16:30 . 2009-06-29 15:57 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-18 17:47 . 2007-05-10 09:59 -------- d-----w- c:\program files\Java

2009-09-19 17:21 . 2004-08-16 15:41 657422 ----a-w- c:\windows\system32\perfh00C.dat

2009-09-19 17:21 . 2004-08-16 15:41 134750 ----a-w- c:\windows\system32\perfc00C.dat

2009-09-19 08:17 . 2007-05-10 12:20 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\OpenOffice.org2

2009-09-18 22:25 . 2009-02-07 15:23 -------- d-----w- c:\program files\Pogo FR

2009-09-16 18:12 . 2008-01-26 19:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-15 17:29 . 2007-05-10 10:33 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\Skype

2009-09-15 14:08 . 2008-03-27 17:21 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\skypePM

2009-09-09 17:02 . 2009-02-24 09:11 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 09:56 . 2008-07-25 16:33 -------- d-----w- c:\program files\FreeGamePick.com

2009-09-09 09:55 . 2007-07-03 17:19 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-09 09:49 . 2007-05-17 18:58 -------- d-----w- c:\program files\epson

2009-09-09 09:48 . 2007-05-10 09:55 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-09 09:48 . 2009-02-15 14:59 -------- d-----w- c:\program files\Zylom Games

2009-09-09 09:48 . 2009-02-06 16:21 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\Zylom

2009-09-09 09:47 . 2009-01-10 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-09-09 09:47 . 2007-05-10 10:04 -------- d-----w- c:\program files\QuickTime

2009-09-09 09:18 . 2008-10-29 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-09-08 21:32 . 2007-05-23 16:31 -------- d-----w- c:\program files\Web Publish

2009-09-08 19:38 . 2007-05-10 10:25 64400 ----a-w- c:\documents and settings\PEREIRA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-08 11:07 . 2009-08-01 20:12 -------- d-----w- c:\documents and settings\PEREIRA\Application Data\BitTorrent

2009-08-08 06:52 . 2009-08-08 06:52 -------- d-----w- c:\program files\MSBuild

2009-08-08 06:51 . 2009-08-08 06:51 -------- d-----w- c:\program files\Reference Assemblies

2009-08-05 09:00 . 2004-08-16 15:40 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:35 . 2004-08-16 15:41 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:35 . 2004-08-16 15:40 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-19 13:29 . 2009-08-21 16:30 3597824 ----a-w- c:\windows\system32\SETBE.tmp

2009-07-19 13:29 . 2009-08-21 16:30 3597824 ----a-w- c:\windows\system32\SET91.tmp

2009-07-19 13:29 . 2009-08-21 16:30 3597824 ----a-w- c:\windows\system32\SET5E.tmp

2009-07-19 13:29 . 2009-08-21 16:30 3597824 ----a-w- c:\windows\system32\SET24.tmp

2009-07-19 13:29 . 2009-07-19 13:29 3597824 ----a-w- c:\windows\system32\SET4C.tmp

2009-07-19 13:29 . 2009-08-21 16:30 6067200 ----a-w- c:\windows\system32\SETAD.tmp

2009-07-19 13:29 . 2009-08-21 16:30 6067200 ----a-w- c:\windows\system32\SET80.tmp

2009-07-19 13:29 . 2009-08-21 16:30 6067200 ----a-w- c:\windows\system32\SET42.tmp

2009-07-19 13:29 . 2009-08-21 16:30 6067200 ----a-w- c:\windows\system32\SET13.tmp

2009-07-19 13:29 . 2009-07-19 13:29 6067200 ----a-w- c:\windows\system32\SET54.tmp

2009-07-17 19:03 . 2009-07-17 19:03 58880 ----a-w- c:\windows\system32\SET3F.tmp

2009-07-17 19:03 . 2004-08-16 15:39 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 19:03 . 2004-08-16 15:39 58880 ----a-w- c:\windows\system32\atl(2)(2).dll

2009-07-13 21:43 . 2004-08-16 15:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 21:43 . 2004-08-16 15:41 10841088 ----a-w- c:\windows\system32\wmp(2)(2).dll

2009-07-03 16:57 . 2004-08-16 15:41 915456 ------w- c:\windows\system32\wininet.dll

2009-06-29 11:07 . 2009-08-21 16:30 70656 ----a-w- c:\windows\system32\SETD.tmp

2009-06-29 11:07 . 2009-08-21 16:30 70656 ----a-w- c:\windows\system32\SETA7.tmp

2009-06-29 11:07 . 2009-08-21 16:30 70656 ----a-w- c:\windows\system32\SET7A.tmp

2009-06-29 11:07 . 2009-08-21 16:30 70656 ----a-w- c:\windows\system32\SET3B.tmp

2009-06-29 08:33 . 2009-08-21 16:30 161792 ----a-w- c:\windows\system32\SETAA.tmp

2009-06-29 08:33 . 2009-08-21 16:30 161792 ----a-w- c:\windows\system32\SET7D.tmp

2009-06-29 08:33 . 2009-08-21 16:30 161792 ----a-w- c:\windows\system32\SET3E.tmp

2009-06-29 08:33 . 2009-08-21 16:30 161792 ----a-w- c:\windows\system32\SET10.tmp

2009-06-25 08:26 . 2004-08-16 15:41 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:26 . 2004-08-16 15:41 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:26 . 2004-08-16 15:41 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:26 . 2004-08-16 15:40 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:26 . 2004-08-16 15:40 736768 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:26 . 2004-08-16 15:40 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-16 15:40 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2008-04-23 20:54 . 2008-04-23 20:54 0 -c--a-w- c:\program files\temp01

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-17 90112]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\APPS\\Inventime\\my.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [13/02/2009 13:07 106208]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [13/02/2009 13:07 727720]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [24/02/2009 11:10 55152]

R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [10/05/2007 11:52 11279]

S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [10/05/2007 11:52 11279]

S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contenu du dossier 'Tâches planifiées'

 

2009-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2007-05-10 c:\windows\Tasks\Rappel d'enregistrement 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 02:34]

 

2009-09-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 09:25]

 

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{94F7684D-54CD-4299-9DBF-472EE9CDC66D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

FF - ProfilePath - c:\documents and settings\PEREIRA\Application Data\Mozilla\Firefox\Profiles\naf1n5h3.default\

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=14393&l=dis

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-Locked - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-20 14:28

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]

"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2502096752-3908325686-1352510689-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-2502096752-3908325686-1352510689-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2502096752-3908325686-1352510689-1006)

@Allowed: (Read) (S-1-5-21-2502096752-3908325686-1352510689-1006)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Heure de fin: 2009-09-20 14:31

ComboFix-quarantined-files.txt 2009-09-20 12:31

 

Avant-CF: 54 385 885 184 octets libres

Après-CF: 54 641 221 632 octets libres

 

334 --- E O F --- 2009-09-13 15:46

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...