zandr
زيزوومي جديد
غير متصل
help me
ComboFix 08-12-07.04 - hichou 2008-12-09 12:03:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.62 [GMT 0:00]
Lancé depuis: D:\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))
.
2008-12-08 21:11 . 2008-12-08 21:11 268 --ah----- C:\sqmdata19.sqm
2008-12-08 21:11 . 2008-12-08 21:11 244 --ah----- C:\sqmnoopt19.sqm
2008-12-08 21:08 . 2008-12-08 21:08 268 --ah----- C:\sqmdata18.sqm
2008-12-08 21:08 . 2008-12-08 21:08 244 --ah----- C:\sqmnoopt18.sqm
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-08 21:05 . 2008-12-07 13:43 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-08 21:05 . 2002-01-01 00:15 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-08 21:05 . 2008-12-08 21:05 <REP> d-------- c:\documents and settings\Administrateur
2008-12-08 20:48 . 2008-12-08 20:48 268 --ah----- C:\sqmdata17.sqm
2008-12-08 20:48 . 2008-12-08 20:48 244 --ah----- C:\sqmnoopt17.sqm
2008-12-08 20:27 . 2008-12-08 20:27 268 --ah----- C:\sqmdata16.sqm
2008-12-08 20:27 . 2008-12-08 20:27 244 --ah----- C:\sqmnoopt16.sqm
2008-12-08 19:43 . 2008-12-08 19:43 268 --ah----- C:\sqmdata15.sqm
2008-12-08 19:43 . 2008-12-08 19:43 244 --ah----- C:\sqmnoopt15.sqm
2008-12-08 19:20 . 2008-12-08 19:20 268 --ah----- C:\sqmdata13.sqm
2008-12-08 19:20 . 2008-12-08 19:20 244 --ah----- C:\sqmnoopt13.sqm
2008-12-08 19:10 . 2008-12-08 19:10 268 --ah----- C:\sqmdata12.sqm
2008-12-08 19:10 . 2008-12-08 19:10 244 --ah----- C:\sqmnoopt12.sqm
2008-12-08 19:01 . 2008-12-08 19:01 268 --ah----- C:\sqmdata11.sqm
2008-12-08 19:01 . 2008-12-08 19:01 244 --ah----- C:\sqmnoopt11.sqm
2008-12-08 15:05 . 2008-12-08 15:05 268 --ah----- C:\sqmdata07.sqm
2008-12-08 15:05 . 2008-12-08 15:05 244 --ah----- C:\sqmnoopt07.sqm
2008-12-08 14:36 . 2008-12-08 14:36 268 --ah----- C:\sqmdata06.sqm
2008-12-08 14:36 . 2008-12-08 14:36 244 --ah----- C:\sqmnoopt06.sqm
2008-12-08 11:58 . 2008-12-08 11:58 <REP> d-------- c:\program files\Marvell
2008-12-08 11:56 . 2008-12-09 00:03 <REP> d---s---- c:\documents and settings\hichou\UserData
2008-12-07 21:18 . 2008-12-07 21:20 <REP> d-------- c:\documents and settings\hichou\Contacts
2008-12-07 19:17 . 2008-12-07 19:17 268 --ah----- C:\sqmdata03.sqm
2008-12-07 19:17 . 2008-12-07 19:17 244 --ah----- C:\sqmnoopt03.sqm
2008-12-07 17:20 . 2008-12-07 17:20 268 --ah----- C:\sqmdata02.sqm
2008-12-07 17:20 . 2008-12-07 17:20 244 --ah----- C:\sqmnoopt02.sqm
2008-12-07 17:18 . 2008-12-07 17:18 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-07 17:18 . 2008-12-07 17:18 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-07 17:17 . 2008-12-09 11:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-07 17:17 . 2008-12-09 12:05 727,584 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-07 17:17 . 2008-12-09 12:05 180,256 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-07 17:17 . 2008-12-09 12:05 7,812 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-07 17:17 . 2008-12-09 12:05 2,744 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-07 17:15 . 2008-12-07 17:15 268 --ah----- C:\sqmdata01.sqm
2008-12-07 17:15 . 2008-12-07 17:15 244 --ah----- C:\sqmnoopt01.sqm
2008-12-07 16:55 . 2008-12-07 16:55 <REP> d-------- c:\program files\Intel
2008-12-07 16:31 . 2008-12-07 16:31 <REP> d-------- c:\documents and settings\hichou\WINDOWS
2008-12-07 16:31 . 1996-11-05 16:13 299,008 --a------ c:\windows\uninst.exe
2008-12-07 16:31 . 2004-06-24 11:00 6,656 --a------ c:\windows\system32\drivers\AsProbe.sys
2008-12-07 16:31 . 1997-04-22 10:16 6,272 --a------ c:\windows\system32\drivers\ASLM75.SYS
2008-12-07 16:21 . 2005-09-20 10:36 147,456 --a------ c:\windows\system32\igfxres.dll
2008-12-07 16:21 . 2008-12-07 16:21 268 --ah----- C:\sqmdata00.sqm
2008-12-07 16:21 . 2008-12-07 16:21 244 --ah----- C:\sqmnoopt00.sqm
2008-12-07 16:19 . 2008-12-07 16:19 <REP> d----c--- c:\windows\system32\DRVSTORE
2008-12-07 16:19 . 2008-12-07 16:19 <REP> d-------- c:\program files\MSN Messenger
2008-12-07 16:16 . 2008-12-07 16:16 <REP> d-------- c:\program files\Huawei technologies
2008-12-07 16:16 . 2006-09-08 16:24 65,152 --a------ c:\windows\system32\drivers\ewusbser.sys
2008-12-07 16:16 . 2006-09-08 16:24 65,152 --a------ c:\windows\system32\drivers\ewusbmdm.sys
2008-12-07 16:16 . 2006-09-08 16:24 65,152 --a------ c:\windows\system32\drivers\ewusbapp.sys
2008-12-07 16:16 . 2006-09-08 16:24 2,560 --a------ c:\windows\system32\E600CoInstaller.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 17:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 16:29 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-12-07 13:47 --------- d-----w c:\program files\microsoft frontpage
2008-12-07 13:45 --------- d-----w c:\program files\Services en ligne
2008-11-11 19:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 04:54 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 02:32 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 02:31 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 02:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 02:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\DRIVERS\ewusbmdm.sys [2008-12-07 65152]
R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\DRIVERS\ewusbser.sys [2008-12-07 65152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb877-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - G:\ylr.exe
\Shell\explore\Command - G:\ylr.exe
\Shell\open\Command - G:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb878-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - H:\ylr.exe
\Shell\explore\Command - H:\ylr.exe
\Shell\open\Command - H:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb879-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - I:\ylr.exe
\Shell\explore\Command - I:\ylr.exe
\Shell\open\Command - I:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb87a-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - J:\ylr.exe
\Shell\explore\Command - J:\ylr.exe
\Shell\open\Command - J:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb87b-c469-11dd-a717-a5ead9bbd2d2}]
\Shell\AutoRun\command - K:\ylr.exe
\Shell\explore\Command - K:\ylr.exe
\Shell\open\Command - K:\ylr.exe
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-12-09 12:06:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-09 12:08:39 - La machine a redémarré [hichou]
ComboFix-quarantined-files.txt 2008-12-09 12:08:32
Avant-CF: 55 050 711 040 octets libres
Après-CF: 55,048,097,792 octets libres
161
ComboFix 08-12-07.04 - hichou 2008-12-09 12:03:39.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.62 [GMT 0:00]
Lancé depuis: D:\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))
.
2008-12-08 21:11 . 2008-12-08 21:11 268 --ah----- C:\sqmdata19.sqm
2008-12-08 21:11 . 2008-12-08 21:11 244 --ah----- C:\sqmnoopt19.sqm
2008-12-08 21:08 . 2008-12-08 21:08 268 --ah----- C:\sqmdata18.sqm
2008-12-08 21:08 . 2008-12-08 21:08 244 --ah----- C:\sqmnoopt18.sqm
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-12-08 21:05 . 2008-12-07 13:43 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-12-08 21:05 . 2002-01-01 00:15 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-12-08 21:05 . 2002-01-01 00:15 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-12-08 21:05 . 2008-12-08 21:05 <REP> d-------- c:\documents and settings\Administrateur
2008-12-08 20:48 . 2008-12-08 20:48 268 --ah----- C:\sqmdata17.sqm
2008-12-08 20:48 . 2008-12-08 20:48 244 --ah----- C:\sqmnoopt17.sqm
2008-12-08 20:27 . 2008-12-08 20:27 268 --ah----- C:\sqmdata16.sqm
2008-12-08 20:27 . 2008-12-08 20:27 244 --ah----- C:\sqmnoopt16.sqm
2008-12-08 19:43 . 2008-12-08 19:43 268 --ah----- C:\sqmdata15.sqm
2008-12-08 19:43 . 2008-12-08 19:43 244 --ah----- C:\sqmnoopt15.sqm
2008-12-08 19:20 . 2008-12-08 19:20 268 --ah----- C:\sqmdata13.sqm
2008-12-08 19:20 . 2008-12-08 19:20 244 --ah----- C:\sqmnoopt13.sqm
2008-12-08 19:10 . 2008-12-08 19:10 268 --ah----- C:\sqmdata12.sqm
2008-12-08 19:10 . 2008-12-08 19:10 244 --ah----- C:\sqmnoopt12.sqm
2008-12-08 19:01 . 2008-12-08 19:01 268 --ah----- C:\sqmdata11.sqm
2008-12-08 19:01 . 2008-12-08 19:01 244 --ah----- C:\sqmnoopt11.sqm
2008-12-08 15:05 . 2008-12-08 15:05 268 --ah----- C:\sqmdata07.sqm
2008-12-08 15:05 . 2008-12-08 15:05 244 --ah----- C:\sqmnoopt07.sqm
2008-12-08 14:36 . 2008-12-08 14:36 268 --ah----- C:\sqmdata06.sqm
2008-12-08 14:36 . 2008-12-08 14:36 244 --ah----- C:\sqmnoopt06.sqm
2008-12-08 11:58 . 2008-12-08 11:58 <REP> d-------- c:\program files\Marvell
2008-12-08 11:56 . 2008-12-09 00:03 <REP> d---s---- c:\documents and settings\hichou\UserData
2008-12-07 21:18 . 2008-12-07 21:20 <REP> d-------- c:\documents and settings\hichou\Contacts
2008-12-07 19:17 . 2008-12-07 19:17 268 --ah----- C:\sqmdata03.sqm
2008-12-07 19:17 . 2008-12-07 19:17 244 --ah----- C:\sqmnoopt03.sqm
2008-12-07 17:20 . 2008-12-07 17:20 268 --ah----- C:\sqmdata02.sqm
2008-12-07 17:20 . 2008-12-07 17:20 244 --ah----- C:\sqmnoopt02.sqm
2008-12-07 17:18 . 2008-12-07 17:18 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-07 17:18 . 2008-12-07 17:18 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-07 17:17 . 2008-12-09 11:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-07 17:17 . 2008-12-09 12:05 727,584 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-07 17:17 . 2008-12-09 12:05 180,256 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-07 17:17 . 2008-12-09 12:05 7,812 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-07 17:17 . 2008-12-09 12:05 2,744 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-07 17:15 . 2008-12-07 17:15 268 --ah----- C:\sqmdata01.sqm
2008-12-07 17:15 . 2008-12-07 17:15 244 --ah----- C:\sqmnoopt01.sqm
2008-12-07 16:55 . 2008-12-07 16:55 <REP> d-------- c:\program files\Intel
2008-12-07 16:31 . 2008-12-07 16:31 <REP> d-------- c:\documents and settings\hichou\WINDOWS
2008-12-07 16:31 . 1996-11-05 16:13 299,008 --a------ c:\windows\uninst.exe
2008-12-07 16:31 . 2004-06-24 11:00 6,656 --a------ c:\windows\system32\drivers\AsProbe.sys
2008-12-07 16:31 . 1997-04-22 10:16 6,272 --a------ c:\windows\system32\drivers\ASLM75.SYS
2008-12-07 16:21 . 2005-09-20 10:36 147,456 --a------ c:\windows\system32\igfxres.dll
2008-12-07 16:21 . 2008-12-07 16:21 268 --ah----- C:\sqmdata00.sqm
2008-12-07 16:21 . 2008-12-07 16:21 244 --ah----- C:\sqmnoopt00.sqm
2008-12-07 16:19 . 2008-12-07 16:19 <REP> d----c--- c:\windows\system32\DRVSTORE
2008-12-07 16:19 . 2008-12-07 16:19 <REP> d-------- c:\program files\MSN Messenger
2008-12-07 16:16 . 2008-12-07 16:16 <REP> d-------- c:\program files\Huawei technologies
2008-12-07 16:16 . 2006-09-08 16:24 65,152 --a------ c:\windows\system32\drivers\ewusbser.sys
2008-12-07 16:16 . 2006-09-08 16:24 65,152 --a------ c:\windows\system32\drivers\ewusbmdm.sys
2008-12-07 16:16 . 2006-09-08 16:24 65,152 --a------ c:\windows\system32\drivers\ewusbapp.sys
2008-12-07 16:16 . 2006-09-08 16:24 2,560 --a------ c:\windows\system32\E600CoInstaller.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 17:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 16:29 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-12-07 13:47 --------- d-----w c:\program files\microsoft frontpage
2008-12-07 13:45 --------- d-----w c:\program files\Services en ligne
2008-11-11 19:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 04:54 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 02:32 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 02:31 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 02:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 02:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
R3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\DRIVERS\ewusbmdm.sys [2008-12-07 65152]
R3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\DRIVERS\ewusbser.sys [2008-12-07 65152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb877-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - G:\ylr.exe
\Shell\explore\Command - G:\ylr.exe
\Shell\open\Command - G:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb878-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - H:\ylr.exe
\Shell\explore\Command - H:\ylr.exe
\Shell\open\Command - H:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb879-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - I:\ylr.exe
\Shell\explore\Command - I:\ylr.exe
\Shell\open\Command - I:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb87a-c469-11dd-a717-806d6172696f}]
\Shell\AutoRun\command - J:\ylr.exe
\Shell\explore\Command - J:\ylr.exe
\Shell\open\Command - J:\ylr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169eb87b-c469-11dd-a717-a5ead9bbd2d2}]
\Shell\AutoRun\command - K:\ylr.exe
\Shell\explore\Command - K:\ylr.exe
\Shell\open\Command - K:\ylr.exe
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-12-09 12:06:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-09 12:08:39 - La machine a redémarré [hichou]
ComboFix-quarantined-files.txt 2008-12-09 12:08:32
Avant-CF: 55 050 711 040 octets libres
Après-CF: 55,048,097,792 octets libres
161
