Tom's Guide > Forum > Sécurité - Virus > Rapport Combofix

Rapport Combofix

Forum Sécurité - Virus : Rapport Combofix

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Anonyme   03-02-2009 à 08:35:53

Bonjour,
je viens d'effectuer un test avec combofix et je vous envoye ci-joint le rapport pour analyse.
Merci du temps que vous voulez bien m'accorder.
Amicalement.

ComboFix 09-02-02.04 - 2009-02-03 8:12:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3327.2796 [GMT 1:00]
Lancé depuis: h:\anti malware\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\20547.exe
C:\23326.exe
C:\25760.exe
C:\40265.exe
C:\4758.exe
C:\570.exe
C:\68892.exe
C:\70552.exe
C:\86464.exe
C:\93224.exe
c:\documents and settings\Jean-Charles\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.

2009-02-03 07:38 . 2009-02-03 07:38 <REP> d-------- c:\program files\Trend Micro
2009-02-03 07:37 . 2009-02-03 07:37 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\Malwarebytes
2009-02-03 07:36 . 2009-02-03 07:36 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 07:36 . 2009-02-03 07:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 07:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 07:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 17:34 . 2009-02-03 07:29 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-02-02 17:34 . 2009-02-03 07:29 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-02-02 17:33 . 2009-02-02 17:33 <REP> d-------- c:\program files\Kaspersky Lab
2009-02-02 17:33 . 2009-02-03 08:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-02 17:33 . 2009-02-03 08:17 3,469,344 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-02 17:33 . 2009-02-03 08:17 606,240 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-02 17:33 . 2009-02-03 08:17 32,376 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-02 17:33 . 2009-02-03 08:17 3,152 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-02 17:32 . 2009-02-02 17:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 08:55 . 2009-01-30 08:56 <REP> d-------- c:\program files\DxO Labs
2009-01-30 08:48 . 2009-02-02 08:33 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-30 08:34 . 2009-01-30 08:33 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-30 08:28 . 2009-01-30 08:28 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\program files\widget_programmes
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-01-29 08:45 . 2009-01-29 08:45 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1
2009-01-29 07:30 . 2009-01-29 07:30 <REP> d-------- c:\program files\Fichiers communs\Application
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\program files\Fichiers communs\PACE Anti-Piracy
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\PACE Anti-Piracy
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\Jean-Charles\Application Data\DxO Labs
2009-01-28 16:13 . 2009-01-28 16:13 <REP> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-01-28 15:01 . 2009-01-28 15:01 <REP> d-------- c:\program files\InterLok
2009-01-23 10:05 . 2009-01-23 10:05 <REP> d-------- c:\windows\GAMES
2009-01-23 10:05 . 2009-01-23 10:05 83,648 --a------ c:\windows\system\knps.dll
2009-01-23 10:05 . 2009-01-23 10:05 54,976 --a------ c:\windows\system\knpg.dll
2009-01-23 10:05 . 2009-01-23 10:05 29,536 --a------ c:\windows\system\dib.drv
2009-01-23 10:05 . 2009-01-23 10:05 19 --a------ c:\windows\KNP.INI
2009-01-22 14:34 . 2009-01-22 14:35 <REP> d-------- c:\program files\iTunes
2009-01-22 14:34 . 2009-01-22 14:34 <REP> d-------- c:\program files\iPod
2009-01-22 14:34 . 2009-01-22 14:35 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-22 14:32 . 2009-01-22 14:33 <REP> d-------- c:\program files\QuickTime
2009-01-22 10:54 . 2009-01-22 10:54 <REP> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-01-20 16:11 . 2009-01-30 08:47 <REP> d-------- c:\windows\Easy CD-DA Extractor 12
2009-01-20 16:11 . 2009-01-20 16:11 <REP> d-------- c:\program files\Easy CD-DA Extractor 12
2009-01-20 16:11 . 2009-01-20 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-01-19 09:17 . 2009-01-29 08:20 <REP> d-------- c:\program files\Safescan Time Attendance
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 07:16 --------- d-----w c:\program files\SPAMfighter
2009-02-02 14:27 --------- d-----w c:\program files\Yahoo!
2009-02-02 14:27 --------- d-----w c:\program files\Common Files
2009-02-02 14:26 --------- d-----w c:\program files\Google
2009-01-30 07:28 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-27 15:59 --------- d-----w c:\program files\TelCD
2009-01-22 13:34 --------- d-----w c:\program files\Fichiers communs\Apple
2009-01-22 13:23 --------- d-----w c:\program files\Bonjour
2009-01-22 13:20 --------- d-----w c:\program files\Canon
2009-01-22 09:53 --------- d-----w c:\program files\Fichiers communs\Canon
2009-01-21 06:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 15:20 --------- d-----w c:\program files\Fichiers communs\ACD Systems
2009-01-20 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-19 07:10 --------- d-----w c:\program files\IKEA HomePlanner
2009-01-19 06:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-15 13:40 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\iWin
2008-12-15 13:40 --------- d-----w c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-15 13:36 --------- d-----w c:\program files\GameHouse
2008-12-15 13:36 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\GameHouse
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:25 --------- d-----w c:\program files\Fichiers communs\Borland Shared
2008-12-11 10:24 --------- d-----w c:\program files\Hachette Multimédia
2008-12-10 15:42 --------- d-----w c:\program files\Ultra Mobile 3GP Video Converter
2008-12-05 14:36 32,768 ----a-w c:\windows\system32\drivers\ati8bqxx.sys
2008-12-05 14:21 0 ----a-w C:\jucaspj.exe
2008-12-05 14:21 0 ----a-w C:\ipjy.exe
2008-12-05 14:21 0 ----a-w C:\gihj.exe
2008-12-05 14:21 0 ----a-w C:\blyssq.exe
2008-12-05 14:18 --------- d-----w c:\program files\vso
2008-12-05 14:18 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\Vso
2008-12-03 15:26 --------- d-----w c:\program files\Windows Media Components
2008-12-03 14:23 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-03 14:23 --------- d-----w c:\program files\AVS4YOU
2008-12-03 13:52 --------- d-----w c:\program files\Fichiers communs\Nero
2008-12-03 13:51 --------- d-----w c:\program files\Nero
2008-12-03 13:39 --------- d-----w c:\documents and settings\Jean-Charles\Application Data\Nero
2008-12-03 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-03 13:33 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-12-03 13:33 --------- d-----w c:\program files\Ahead
2008-12-03 13:19 --------- d-----w c:\program files\Windows Sidebar
2008-12-03 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft
2008-12-03 08:27 --------- d-----w c:\program files\SlySoft
2008-12-02 15:45 128 ----a-w C:\muxmp4.bat
2008-05-28 08:38 47,360 ----a-w c:\documents and settings\Jean-Charles\Application Data\pcouffin.sys
2008-05-26 09:30 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-10-22 02:49 867,848 ----a-w c:\program files\NOV2007_d3dx10_36_x64.cab
2007-10-22 02:49 807,132 ----a-w c:\program files\NOV2007_d3dx10_36_x86.cab
2007-10-22 02:49 49,392 ----a-w c:\program files\NOV2007_X3DAudio_x64.cab
2007-10-22 02:49 44,850 ----a-w c:\program files\dxdllreg_x86.cab
2007-10-22 02:49 21,744 ----a-w c:\program files\NOV2007_X3DAudio_x86.cab
2007-10-22 02:49 200,010 ----a-w c:\program files\NOV2007_XACT_x64.cab
2007-10-22 02:49 151,512 ----a-w c:\program files\NOV2007_XACT_x86.cab
2007-10-22 02:49 1,805,306 ----a-w c:\program files\NOV2007_d3dx9_36_x64.cab
2007-10-22 02:49 1,712,608 ----a-w c:\program files\NOV2007_d3dx9_36_x86.cab
2002-07-26 15:02 153,088 ----a-w c:\program files\UNWISE.EXE
2008-06-19 08:16 118,784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
2008-02-11 13:31 88 --sh--r c:\windows\system32\C805CE2829.sys
2008-03-10 15:27 8,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-05-09 13:48 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-10-22 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2008-12-01 89024]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"VolPanel"="c:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
"vidc.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8bqxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jean-Charles^Menu Démarrer^Programmes^Démarrage^widget_programmes.lnk]
path=c:\documents and settings\Jean-Charles\Menu Démarrer\Programmes\Démarrage\widget_programmes.lnk
backup=c:\windows\pss\widget_programmes.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-30 08:33 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--------- 2008-10-07 14:54 75048 c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 00:00 45056 c:\program files\Creative\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
--a------ 2007-06-04 18:24 599600 c:\progra~1\CYBERL~1\InstantBurn\Win2K\IBurn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2008-05-14 14:48 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-10-22 19:57 2363392 c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maplom]
--a------ 2007-08-14 17:34 4876288 c:\program files\SlySoft\Game Jackal\GameJackal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a------ 2008-07-21 16:16 169312 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 23:43 8466432 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-28 23:43 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader]
--------- 2007-09-27 08:15 109640 c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--------- 2007-07-23 14:46 2499880 c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2008-07-21 17:32 87336 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a------ 2009-01-16 10:10 325768 c:\program files\SPAMfighter\SFAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2007-02-20 02:07 199752 c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
--a------ 2008-08-29 15:48 435536 c:\program files\Fichiers communs\ACD Systems\EN\DevDetect.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"NoteNotifier"=c:\windows\system32\NoteNotifier.exe
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"LaunchList"=c:\program files\Pinnacle\Studio 11\LaunchList2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
"StatusClient 2.6"=c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HPWG myPrintMileage Agent"=c:\program files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
"TomcatStartup 2.5"=c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DT LGE"=c:\program files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"CTxfiHlp"=CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-30 64160]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-11-28 16048]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2008-11-28 18:07:54 61424]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-11-28 162096]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2002-01-01 2521624]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S0 ati8bqxx;ati8bqxx;c:\windows\system32\drivers\ati8bqxx.sys [2008-12-05 32768]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2008-06-30 79360]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [2005-10-17 70272]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2007-11-04 1527900]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;c:\windows\system32\drivers\M9207BDA.sys [2005-10-17 37248]
S3 UPnPService;UPnPService;c:\program files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe [2007-11-04 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1030be73-54c3-11dd-ae61-001d60c8a807}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaa6f10d-11c4-11dd-adf9-001d60c8a807}]
\Shell\AutoRun\command - n:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-02-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-02 08:33]

2008-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]

2009-02-03 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-Java Update - c:\docume~1\JEAN-C~1\LOCALS~1\Temp\firefox.exe
MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
FF - ProfilePath - c:\documents and settings\Jean-Charles\Application Data\Mozilla\Firefox\Profiles\xvg5trrr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - component: c:\documents and settings\Jean-Charles\Application Data\Mozilla\Firefox\Profiles\xvg5trrr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 08:18:17
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1682526488-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:79,6b,86,fb,4b,0e,10,60,17,c6,9a,94,ef,ac,00,b7,4b,a5,a6,f2,f5,9c,08,
a9,3c,5f,aa,91,3d,10,a0,6f,6d,98,8d,1c,56,40,24,43,3a,33,da,f1,19,78,42,95,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5c,d5,b5,ae,0e,
49,b4,ce,c8,28,51,af,b0,29,a3,98,fc,1d,f1,92,b6,9f,21,cf,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,85,c6,05,80,29,
df,8f,f7,71,3b,04,66,8b,46,0d,96,16,e1,37,53,04,e6,9e,7d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,7b,8f,b3,20,9d,
82,77,3d,25,da,ec,7e,55,20,c9,26,1b,3d,d9,59,96,4f,bc,b0,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,52,d0,10,81,81,
cd,5e,17,3e,1e,9e,e0,57,5a,93,61,5b,f0,74,11,0c,89,d8,50,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,a8,62,91,34,52,
d2,82,c8,cd,44,cd,b9,a6,33,6c,cd,23,d1,b6,94,1c,01,41,fa,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,85,ae,97,27,de,
c9,47,bb,b0,18,ed,a7,3f,8d,37,a4,4b,70,38,98,38,8d,f5,09,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,90,1e,c1,97,73,
65,75,b8,31,77,e1,ba,b1,f8,68,02,b3,97,d2,b7,e2,6e,40,eb,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,9d,e7,dd,6d,55,
d0,13,0f,83,6c,56,8b,a0,85,96,ab,cb,e3,3d,38,c4,76,f3,6b,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,c9,8a,45,12,15,
8c,c7,ca,51,fa,6e,91,28,9e,14,cc,84,48,e4,1f,5e,46,55,67,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,21,1f,a7,b2,83,
60,0f,39,b1,cd,45,5a,a8,c4,f8,b9,3e,06,7e,19,5a,45,65,e8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a3,51,b4,db,6c,
e9,04,86,e3,0e,66,d5,eb,bc,2f,6b,e3,7c,5f,c6,07,a3,90,19,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,95,f0,10,3a,6b,
f5,a9,98,fa,ea,66,7f,d4,3b,6b,70,dd,0d,cb,58,4d,fe,1a,d8,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\drivers\WTSrv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\CTxfispi.exe
c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-03 8:22:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-03 07:22:56

Avant-CF: 245'434'556'416 octets libres
Après-CF: 245,633,191,936 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /NOEXECUTE=OPTIN /FASTDETECT

463 --- E O F --- 2009-01-19 06:52:31


Message édité par Anonyme le 03-02-2009 à 08:37:43
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Anonyme   03-02-2009 à 14:35:31

Angeldark a écrit :

Bonjour,

Quel est ton problème ?


le tuto me demande d'envoyer le rapport de combofix ce que j'ai fait
est ce que tout est en ordre? si oui un grand merci car tout marche du tonnerre de dieu

merci pour votre travail...

amicalement

Répondre à Anonyme
Angeldark   03-02-2009 à 18:25:02

Nan mais pourquoi tu as utilisé Combofix ?

Message cité 1 fois
------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Anonyme   04-02-2009 à 10:18:43

Angeldark a écrit :

Nan mais pourquoi tu as utilisé Combofix ?


parece que plus rien n'allait et que l'on ma dit de faire une double analyse (antimalware + combofix)
j'ai tenu compte de la mise en garde copncernant combofix
j'ai recupéré la console de recupe que j'avai perdue
tous à l'air de fonctionner parfaitement, j'ai l'impression d'avoir une nouvelle machine.
merci encore de tes réponse
bonne journée

Répondre à Anonyme
Angeldark   04-02-2009 à 12:19:23

Faut éviter de lancer Combofix au pif quand même :/
C'est ok sinon.

Message cité 1 fois
------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Anonyme   05-02-2009 à 07:32:45

Angeldark a écrit :

Faut éviter de lancer Combofix au pif quand même :/
C'est ok sinon.


merci du conseil , bonne continuation à toi.....

Répondre à Anonyme
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Rapport Combofix
Aller à :

Il y a 2231 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,201 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens