COmbofix a fit du menage:
ComboFix 09-05-08.03 - Administrateur 09/05/2009 13:24.1 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.255.117 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Local Settings\Application Data\wgioaey.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\wgioaey.exe
c:\documents and settings\Administrateur\Local Settings\Application Data\wgioaey_nav.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\wgioaey_navps.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\jestertb.dll
c:\windows\system32\aworizus.ini
c:\windows\system32\ekukolin.ini
c:\windows\system32\honumopi.dll
c:\windows\system32\hulayoba.dll
c:\windows\system32\jkshfuiehi.dll
c:\windows\system32\kepebugu.exe
c:\windows\system32\kivereza.dll
c:\windows\system32\nilokuke.dll
c:\windows\system32\pisiluvu.dll
c:\windows\system32\tupurevo.dll
c:\windows\system32\vikezisi.dll
c:\windows\system32\wobaheve.dll
c:\windows\system32\zozelemu.dll
c:\windows\winhelp.ini
----- BITS: Il y a peut-être des sites infectés -----
82.98.235.208…
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 ))))))))))))))))))))))))))))))))))))
.
2009-05-09 10:30 . 2009-05-09 10:30 -------- d–h--w c:\windows\system32\GroupPolicy
2009-05-09 10:21 . 2009-05-09 10:21 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Identities
2009-05-09 09:55 . 2009-05-09 09:55 -------- d-----w c:\windows\LastGood
2009-05-09 09:43 . 2009-05-09 09:43 -------- d-----w c:\documents and settings\Administrateur\Application Data\live-player
2009-05-09 09:41 . 2009-05-09 09:43 -------- d-----w c:\program files\Live-Player
2009-05-09 09:35 . 2009-05-09 09:35 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-05-08 18:16 . 2009-05-08 18:26 -------- d-----w c:\documents and settings\thierry.mourlanne\Application Data\Chessmaster Challenge
2009-05-08 18:15 . 2009-05-08 18:15 -------- d-----w c:\documents and settings\thierry.mourlanne\Application Data\PlayFirst
2009-05-08 18:11 . 2009-05-08 18:14 -------- d—a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-08 18:10 . 2009-05-08 18:12 -------- d-----w c:\program files\War Chess
2009-05-08 18:07 . 2009-05-08 18:07 -------- d-----w c:\program files\PlayFirst
2009-05-08 18:06 . 2009-05-08 18:06 -------- d-----w c:\program files\bfgclient
2009-05-08 18:05 . 2009-05-08 18:14 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-05-08 17:27 . 2009-05-08 17:27 -------- dc-h–w c:\documents and settings\All Users\Application Data{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-08 17:06 . 2009-05-08 17:08 -------- d-----w c:\documents and settings\thierry.mourlanne\Application Data\DeepBurner
2009-05-08 17:06 . 2009-05-08 17:06 -------- d-----w c:\program files\Astonsoft
2009-05-08 16:04 . 2009-05-08 16:04 -------- d-----w c:\program files\Fichiers communs\EZB Systems
2009-05-08 16:04 . 2009-05-08 16:04 -------- d-----w c:\program files\UltraISO
2009-05-07 19:22 . 2009-05-07 19:25 -------- d-----w c:\program files\The KMPlayer
2009-05-07 14:35 . 2009-05-08 17:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-07 14:35 . 2009-05-08 21:55 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-07 14:26 . 2009-05-07 14:26 -------- d-----w C:\ProgramData
2009-05-07 14:26 . 2009-05-07 16:27 -------- d-----w c:\program files\Angle Interactive
2009-05-07 14:09 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-07 14:08 . 2009-05-07 14:08 -------- d-----w c:\program files\Panda Security
2009-05-06 18:44 . 2009-05-06 18:44 8704 ----a-w c:\windows\instsp2.exe
2009-05-06 15:01 . 2009-05-06 15:02 -------- d-----w c:\program files\Zylom Games1
2009-05-05 19:09 . 2009-05-05 19:09 -------- d-----w c:\program files\uTorrent
2009-05-05 19:09 . 2009-05-08 16:14 -------- d-----w c:\documents and settings\thierry.mourlanne\Application Data\uTorrent
2009-05-05 16:07 . 2009-05-08 15:11 -------- d—a-w c:\program files\Jagged Alliance 2 Wildfire
2009-05-04 20:28 . 2009-05-04 20:28 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-04 20:28 . 2009-05-07 16:06 -------- d-----w c:\documents and settings\thierry.mourlanne\Application Data\Spyware Terminator
2009-05-04 20:28 . 2009-05-07 16:18 -------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-05-04 20:27 . 2009-05-07 16:18 -------- d-----w c:\program files\Spyware Terminator
2009-05-04 09:39 . 2009-05-04 09:39 -------- d-----w c:\windows\system32\Adobe
2009-05-03 11:46 . 2009-05-03 11:46 -------- d-----w c:\program files\Microsoft Games
2009-05-03 11:23 . 2009-05-03 11:23 -------- d-----w c:\program files\Daedalus Software
2009-05-03 08:07 . 2009-05-03 08:07 -------- d-----w c:\windows\system32\fr-fr
2009-05-03 08:07 . 2009-05-03 08:07 -------- d-----w c:\windows\l2schemas
2009-05-03 08:07 . 2009-05-03 08:07 -------- d-----w c:\windows\system32\fr
2009-05-03 08:07 . 2009-05-03 08:07 -------- d-----w c:\windows\system32\bits
2009-05-02 19:15 . 2006-05-24 13:01 8576 ----a-w c:\windows\system32\drivers\Eagle2RC.sys
2009-05-02 19:15 . 2006-06-02 08:40 384128 ----a-w c:\windows\system32\drivers\Eagle2TV_B.sys
2009-05-02 19:13 . 2009-05-02 19:14 -------- d-----w c:\program files\Savvy TV
2009-05-02 17:57 . 2009-05-02 17:57 -------- d-----w c:\documents and settings\thierry.mourlanne\Application Data\Zylom
2009-05-02 17:54 . 2009-05-02 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-05-02 17:54 . 2009-05-06 15:01 -------- d-----w c:\program files\Zylom Games
2009-05-02 17:30 . 2008-04-14 02:33 276992 ------w c:\windows\system32\wmphoto.dll
2009-05-02 17:30 . 2008-04-14 02:33 69120 ------w c:\windows\system32\wlanapi.dll
2009-05-02 17:30 . 2008-04-14 02:33 346112 ------w c:\windows\system32\windowscodecsext.dll
2009-05-02 17:30 . 2008-04-14 02:33 712704 ------w c:\windows\system32\windowscodecs.dll
2009-05-02 17:30 . 2008-04-14 02:33 50688 ------w c:\windows\system32\tspkg.dll
2009-05-02 17:30 . 2008-04-14 02:33 53248 ------w c:\windows\system32\tsgqec.dll
2009-05-02 17:28 . 2008-04-14 02:34 33792 ------w c:\windows\system32\mmcperf.exe
2009-05-02 17:27 . 2008-04-14 02:33 651264 ------w c:\windows\system32\dot3ui.dll
2009-05-02 16:51 . 2009-05-02 17:41 -------- d-----w c:\program files\Dofus
2009-05-02 16:33 . 2008-04-11 19:05 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-02 16:32 . 2008-06-14 17:33 272768 ------w c:\windows\system32\dllcache\bthport.sys
2009-05-02 16:30 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-02 16:30 . 2009-02-09 11:24 2191104 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-02 16:30 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-02 16:30 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
2009-05-02 16:30 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-02 16:30 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-02 16:30 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-02 16:30 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-05-02 16:30 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-02 16:30 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-02 16:30 . 2009-02-09 11:23 2147328 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-02 16:30 . 2009-02-09 11:23 2025984 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-02 16:01 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-02 16:01 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-02 16:00 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-02 16:00 . 2008-05-01 14:36 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-05-02 15:58 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
2009-05-02 15:58 . 2008-10-15 16:35 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-02 15:57 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-27 20:10 . 2009-04-27 20:10 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-27 20:10 . 2007-05-12 12:45 243456 ----a-w c:\windows\system32\drivers\rt2500usb.sys
2009-04-27 20:09 . 2008-01-15 19:50 459520 ----a-w c:\windows\system32\drivers\Dr71WU.sys
2009-04-27 20:09 . 2009-04-27 20:09 -------- d-----w c:\documents and settings\thierry.mourlanne\Application Data\InstallShield
2009-04-18 09:53 . 2009-05-09 09:40 1324 ----a-w c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 11:02 . 1979-12-31 22:00 57782 ----a-w c:\windows\system32\perfc00C.dat
2009-05-03 11:02 . 1979-12-31 22:00 387892 ----a-w c:\windows\system32\perfh00C.dat
2009-05-03 08:16 . 2002-06-27 07:14 86995 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-04-27 20:11 . 2009-04-27 20:11 -------- d-----w c:\program files\ANI
2009-04-27 20:10 . 2008-08-12 07:35 -------- d-----w c:\program files\D-Link
2009-04-27 20:10 . 2002-06-27 07:47 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-04-26 19:12 . 2002-06-27 07:47 -------- d–h--w c:\program files\InstallShield Installation Information
2009-03-06 14:20 . 1979-12-31 22:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2002-03-05 16:29 670208 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2006-08-16 18:03 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:06 . 2001-08-23 15:12 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:05 . 1979-12-31 22:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 1979-12-31 22:00 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 1979-12-31 22:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 1979-12-31 22:00 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 1979-12-31 22:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 1979-12-31 22:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 1979-12-31 22:00 401408 ----a-w c:\windows\system32\rpcss.dll
2005-11-29 15:17 . 2007-02-12 14:31 24848 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2005-11-29 15:17 . 2007-02-12 14:31 74000 ----a-w c:\program files\mozilla firefox\plugins\cgpcore.dll
2005-11-29 15:17 . 2007-02-12 14:31 45328 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2005-11-29 15:17 . 2007-02-12 14:31 28944 ----a-w c:\program files\mozilla firefox\plugins\pscript.dll
2005-11-29 15:17 . 2007-02-12 14:31 69904 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2005-11-29 15:17 . 2007-02-12 14:31 24848 ----a-w c:\program files\mozilla firefox\plugins\tcppserv.dll
2009-02-06 18:39 . 2009-02-06 18:39 47616 --sha-w c:\windows\system32\kunuzavi.dll.vir
2009-02-06 18:39 . 2009-02-06 18:39 47616 --sha-w c:\windows\system32\numisufe.dll.tmp
2009-02-06 18:39 . 2009-02-06 18:39 47616 --sha-w c:\windows\system32\tipajile.dll.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Apoint”=“c:\program files\Apoint2K\Apoint.exe” [2002-03-29 122880]
“TkBellExe”=“c:\program files\Fichiers communs\Real\Update_OB\realsched.exe” [2007-01-01 185896]
“MSConfig”=“c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2008-04-14 172544]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]
c:\documents and settings\thierry.mourlanne\Menu D?marrer\Programmes\D?marrage\AutorunsDisabled
D?marrage d’Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Microsoft Recherche acc?l?r?e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
c:\documents and settings\tmourlan\Menu D?marrer\Programmes\D?marrage
D?marrage d’Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-12-17 51984]
Gestionnaire Microsoft Office.Lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1996-12-17 340480]
Microsoft Recherche acc?l?r?e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Wireless Configuration Utility HW.31.lnk - c:\program files\802.11 Wireless LAN\802.11b Pen Size Wireless USB 2.0 Adapter HW.31 V.1.00\WlanCU.exe [2004-6-28 442368]
c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage\AutorunsDisabled
Lancement rapide d’Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Raccourci vers PRINTKEY.lnk - c:\program files\utilitaires\printkey\PRINTKEY.EXE [2006-8-17 589824]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2006-8-29 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\system32\vikezisi.dll,c:\windows\system32\zozelemu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“Savvy DTV Service”=c:\program files\Savvy TV\DTV Service.exe
“ANIWZCS2Service”=c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
“Tpwrtray”=TPWRTRAY.EXE
“000StTHK”=000StTHK.exe
“00THotkey”=c:\windows\System32[u]0[/u]0THotkey.exe
“S3TRAY2”=S3Tray2.exe
“S3Hotkey”=s3hotkey.exe
“TFncKy”=TFncKy.exe /Type 20
“TouchED”=c:\program files\TOSHIBA\TouchED\TouchED.Exe
“TFNF5”=TFNF5.exe
“DLBXCATS”=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
“dlbxmon.exe”=“c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe”
“JobHisInit”=c:\program files\RMClient\JobHisInit.exe
“MplSetUp”=c:\program files\RMClient\MplSetUp.exe
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_03\bin\jusched.exe”
“TkBellExe”=“c:\program files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
“EoEngine”=
“EoWeather”=
“EasyPHP”=“c:\program files\EasyPHP1-8\EasyPHP.exe”
“D-Link AirPlus XtremeG DWL-G122”=c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
“CPMdb77d9c9”=Rundll32.exe “c:\windows\system32\pisiluvu.dll”,a
“yilulekudu”=Rundll32.exe “c:\windows\system32\tipajile.dll”,s
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Symantec\pcAnywhere\Winaw32.exe”=
“c:\Program Files\Symantec\pcAnywhere\awrem32.exe”=
“c:\WINDOWS\system32\ftp.exe”=
“c:\Program Files\FileZilla\filezilla.exe”=
“c:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE”=
“c:\download\logiciels\hfs\hfs.exe”=
“c:\Program Files\DevStudio\VB\vb5.exe”=
“c:\Program Files\Real\RealPlayer\realplay.exe”=
“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Microsoft Games\Age of Empires II\age2.no-CD.exe”=
“c:\WINDOWS\system32\dplaysvr.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [07/05/2009 16:09 28544]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [13/03/2009 14:07 6016]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\drivers\Eagle2RC.sys [02/05/2009 21:15 8576]
S3 Eagle2TV;TV tuner device;c:\windows\system32\drivers\Eagle2TV_B.sys [02/05/2009 21:15 384128]
S3 ElkPort;ElkPort;c:\windows\system32\ElkPort.sys [25/02/2007 16:04 4702]
S3 MSSQL$SERVEUR_TOSHIBA;MSSQL$SERVEUR_TOSHIBA;c:\progra~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe -sSERVEUR_TOSHIBA --> c:\progra~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe -sSERVEUR_TOSHIBA [?]
S3 SISNPF;SIS Netgroup Packet Filter;c:\windows\system32\drivers\SISNPF.sys --> c:\windows\system32\drivers\SISNPF.sys [?]
S3 SQLAgent$SERVEUR_TOSHIBA;SQLAgent$SERVEUR_TOSHIBA;c:\progra~1\MICROS~4\MSSQL$~1\binn\sqlagent.exe -i SERVEUR_TOSHIBA --> c:\progra~1\MICROS~4\MSSQL$~1\binn\sqlagent.exe -i SERVEUR_TOSHIBA [?]
.
-
-
-
- ORPHELINS SUPPRIMES - - - -
BHO-{7425a9da-66bd-44ab-b2b8-f30e21f1ad2d} - c:\windows\system32\kivereza.dll
HKCU-Run-wgioaey - c:\documents and settings\administrateur\local settings\application data\wgioaey.exe
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = pancolp.com…
DPF: Microsoft XML Parser for Java - [c:\windows\Java\classes\xmldso.cab…](file://c:\windows\Java\classes\xmldso.cab)
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cog6scef.default
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\cog6scef.default\extensions{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npican.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-05-09 13:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
c:\windows\Fonts\vgafix.fon 5360 bytes
c:\windows\Fonts\vgafixe.fon 5376 bytes
c:\windows\Fonts\vgafixg.fon 6112 bytes
c:\windows\Fonts\vgafixr.fon 5600 bytes
c:\windows\Fonts\vgafixt.fon 6112 bytes
c:\windows\Fonts\vgaoem.fon 5168 bytes
c:\windows\Fonts\vgas1257.fon 6656 bytes
c:\windows\Fonts\vgasys.fon 7280 bytes
c:\windows\Fonts\vgasyse.fon 6608 bytes
c:\windows\Fonts\vgasysg.fon 7008 bytes
c:\windows\Fonts\vgasysr.fon 6912 bytes
c:\windows\Fonts\vgasyst.fon 6912 bytes
c:\windows\Fonts\VINERITC.TTF 100104 bytes
c:\windows\Fonts\vrinda.ttf 252820 bytes
c:\windows\Fonts\webdings.ttf 118752 bytes
c:\windows\Fonts\wingding.ttf 81000 bytes
c:\windows\Fonts\WINGDNG2.TTF 59696 bytes
c:\windows\Fonts\WINGDNG3.TTF 29236 bytes
c:\windows\Fonts\wst_czec.fon 18880 bytes
c:\windows\Fonts\wst_engl.fon 18880 bytes
c:\windows\Fonts\wst_fren.fon 18880 bytes
c:\windows\Fonts\wst_germ.fon 18880 bytes
c:\windows\Fonts\wst_ital.fon 18880 bytes
c:\windows\Fonts\wst_span.fon 18880 bytes
c:\windows\Fonts\wst_swed.fon 18880 bytes
c:\windows\Fonts\ZEL711BI.TTF 62256 bytes
c:\windows\Fonts\ZELP711B.TTF 64288 bytes
c:\windows\Fonts\ZELP711I.TTF 60920 bytes
c:\windows\Fonts\ZELP711N.TTF 61684 bytes
c:\windows\Fonts\zsdbarnt.ttf 49184 bytes
c:\windows\Fonts\ZURCHE.TTF 37792 bytes
c:\windows\Fonts\ZURCHKE.TTF 38712 bytes
c:\windows\Fonts\smallee.fon 24784 bytes
c:\windows\Fonts\smalleg.fon 28912 bytes
c:\windows\Fonts\smaller.fon 24832 bytes
c:\windows\Fonts\smallet.fon 29200 bytes
c:\windows\Fonts\smallf.fon 21504 bytes
c:\windows\Fonts\smallfe.fon 19600 bytes
c:\windows\Fonts\smallfg.fon 23120 bytes
c:\windows\Fonts\smallfr.fon 19760 bytes
c:\windows\Fonts\smallft.fon 23008 bytes
c:\windows\Fonts\sylfaen.ttf 221676 bytes
c:\windows\Fonts\trebucbd.ttf 123096 bytes
c:\windows\Fonts\vgaf1257.fon 5376 bytes
Scan terminé avec succès
Fichiers cachés: 44
.
--------------------- DLLs chargées dans les processus actifs ---------------------
-
-
-
-
-
-
-
‘explorer.exe’(1840)
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2009-05-09 13:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-09 11:44
Avant-CF: 36 922 112 000 octets libres
Après-CF: 39 334 873 088 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professionnel” /fastdetect /NoExecute=OptIn /safeboot:network
314 — E O F — 2009-05-04 20:53
P.S. Je vois pas pourquoi je devrais installer internet explorer 8, c’est très bien firefox.