Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Mon rapport combofix

Dernière réponse le 14 jun 2009 à 13:41:44 rezkiadsl, le 14 jun 2009 à 13:14:13

Signaler ce message aux modérateurs

Bonjour,
ComboFix 09-06-13.09 - crsic 14/06/2009 11:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.191.78 [GMT 2:00]
Lancé depuis: c:\documents and settings\crsic\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\crsic\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\avcandac.exe
c:\documents and settings\crsic\reader_s.exe
c:\documents and settings\crsic\Application Data\addons.dat
c:\documents and settings\crsic\reader_s.exe
c:\windows\KBPK090531.log
c:\windows\KBPK090602.log
c:\windows\KBPK090603.log
c:\windows\KBPK090607.log
c:\windows\KBPK090610.log
c:\windows\KBPK090611.log
.
---- Exécution préalable -------
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Service_6to4
-------\Service_dhcpsrv
-------\Service_msncache
-------\Service_ntalme
-------\Service_sopidkc

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 ))))))))))))))))))))))))))))))))))))
.

2009-06-14 09:16 . 2009-06-14 09:16 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-14 08:48 . 2004-08-04 04:54 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-14 07:10 . 2009-06-14 07:10 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
2009-06-07 13:04 . 2009-06-07 13:04 75 ----a-w- C:\ACCM1GEN.DAT
2009-06-07 13:03 . 2009-06-07 13:03 -------- d-----w- c:\documents and settings\crsic\WINDOWS
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\program files\Java
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\program files\Fichiers communs\Java
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\documents and settings\crsic\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142070}
2009-06-03 12:47 . 2009-06-03 12:55 -------- d-----w- c:\program files\Greenstone
2009-06-02 12:14 . 2009-06-02 12:14 -------- d-----w- c:\program files\Yahoo! Companion
2009-05-31 07:08 . 2009-06-14 09:14 -------- d-----w- c:\windows\dhcp
2009-05-31 07:05 . 2009-06-07 12:12 0 ----a-w- c:\windows\system32\drivers\cc05f061.sys
2009-05-31 06:59 . 2009-05-31 06:59 9216 ----a-w- C:\d34575e.exe
2009-05-25 10:20 . 2009-05-25 10:20 -------- d-----w- c:\documents and settings\crsic\Application Data\Greenstone
2009-05-25 10:16 . 2009-05-25 10:16 -------- d-----w- c:\documents and settings\crsic\.ov4n
2009-05-25 10:16 . 2009-06-03 12:44 -------- d-----w- c:\documents and settings\crsic\Greenstone2
2009-05-23 12:15 . 2007-06-18 08:38 14848 ----a-w- c:\windows\system32\tpfmxp.dll
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\tpfmon
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\program files\Axmapresse
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InternetFax

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:29 . 2009-04-27 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-14 09:28 . 2009-04-27 08:19 327712 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-14 09:28 . 2009-04-27 08:19 3248 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-14 09:28 . 2009-04-27 08:19 1430048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-14 09:28 . 2009-04-27 08:19 13300 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-03 13:13 . 2009-04-30 09:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-09 12:06 . 2009-04-28 07:42 -------- d-----w- c:\documents and settings\crsic\Application Data\Skype
2009-05-09 10:57 . 2002-09-07 00:00 49494 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-09 10:57 . 2002-09-07 00:00 370414 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-03 07:14 . 2009-04-26 09:44 73872 ----a-w- c:\documents and settings\crsic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 08:08 . 2009-05-02 07:58 -------- d-----w- c:\program files\Pinnacle
2009-05-02 08:02 . 2009-04-26 11:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-02 07:59 . 2009-05-02 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-05-02 07:57 . 2009-04-26 11:24 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-04-29 09:31 . 2009-04-26 09:19 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 07:42 . 2009-04-28 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-28 07:42 . 2009-04-28 07:42 -------- d-----w- c:\program files\Skype
2009-04-27 10:43 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-04-27 10:43 . 2009-04-27 08:20 101287 ----a-w- c:\windows\system32\drivers\klin.dat
2009-04-27 10:43 . 2009-04-27 08:20 89601 ----a-w- c:\windows\system32\drivers\klick.dat
2009-04-27 10:43 . 2009-04-27 10:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-04-27 10:43 . 2009-04-27 10:43 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-04-27 10:43 . 2009-04-27 10:43 21256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-04-27 10:43 . 2009-04-27 10:42 861448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-04-27 10:42 . 2009-04-27 10:42 83208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-04-27 10:42 . 2009-04-27 10:42 62728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-04-27 10:42 . 2009-04-27 10:42 43784 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-04-27 10:42 . 2009-04-27 10:42 365832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-04-27 10:42 . 2009-04-27 10:42 201992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-04-27 09:38 . 2009-04-26 09:18 -------- d-----w- c:\program files\Services en ligne
2009-04-27 08:41 . 2009-04-27 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-27 08:36 . 2009-04-27 08:35 -------- d-----w- c:\program files\CCleaner
2009-04-27 08:36 . 2009-04-27 08:35 -------- d-----w- c:\program files\Yahoo!
2009-04-27 08:35 . 2009-04-27 08:35 -------- d-----w- c:\documents and settings\crsic\Application Data\Yahoo!
2009-04-27 08:32 . 2009-04-27 08:32 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-04-27 08:19 . 2009-04-27 08:19 -------- d-----w- c:\program files\Kaspersky Lab
2009-04-27 08:18 . 2009-04-27 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-27 08:11 . 2009-04-27 08:11 -------- d-----w- c:\program files\epson
2009-04-26 11:26 . 2009-04-26 11:26 -------- d-----w- c:\documents and settings\crsic\Application Data\SmarThru4
2009-04-26 11:26 . 2009-04-26 11:25 -------- d-----w- c:\program files\SmarThru 4
2009-04-26 11:26 . 2009-04-26 11:25 -------- d-----w- c:\program files\Readiris
2009-04-26 11:22 . 2009-04-26 11:22 -------- d-----w- c:\program files\Samsung
2009-04-26 09:20 . 2009-04-26 09:20 -------- d-----w- c:\program files\microsoft frontpage
2009-04-26 09:17 . 2009-04-26 09:17 21892 ----a-w- c:\windows\system32\emptyregdb.dat
1990-01-01 01:01 . 1990-01-01 01:01 53248 --sh--r- c:\windows\system32\lpg32.dll
2004-08-04 04:54 . 2004-08-04 04:54 168509 --sha-r- c:\windows\system32\vfmfedsr.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-27 201992]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_07\bin\jusched.exe" [2005-01-15 32881]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
kasp6.0_ak_refguidefr.pdf [2008-10-9 3524288]
kav6.0fr.pdf [2009-3-4 1699654]
kav6.0_winwksen.pdf [2008-8-11 3057457]
kav6.0_winwksfr.pdf [2007-10-9 4559220]
kav6.0_wseeappschemes_fr.pdf [2009-3-4 491351]
kav6.0_wseeinstallguide_fr.pdf [2009-3-4 2725040]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
kasp6.0_ak_refguidefr.pdf [2008-10-9 3524288]
kav6.0fr.pdf [2009-3-4 1699654]
kav6.0_winwksen.pdf [2008-8-11 3057457]
kav6.0_winwksfr.pdf [2007-10-9 4559220]
kav6.0_wseeappschemes_fr.pdf [2009-3-4 491351]
kav6.0_wseeinstallguide_fr.pdf [2009-3-4 2725040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9DCB0AE8-633C-B1D2-29E1-3A8A1A15D25A}"= "c:\windows\system32\lpg32.dll" [1990-01-01 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Updater6\\Adobe_Updater.exe"=
"c:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\SmarThru 4\\ControlPanel.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6760:TCP"= 6760:TCP:njqzvyni

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20:07 24592]
S1 cc05f061;cc05f061;c:\windows\system32\drivers\cc05f061.sys [31/05/2009 09:05 0]
S2 cwwcvy;Driver Time;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 06:55 14336]
S2 uhhmopz;Helper Shell;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 06:55 14336]
S3 etugvndvr;etugvndvr;\??\c:\windows\system32\[u]0/u1.tmp --> c:\windows\system32\[u]0/u1.tmp [?]
S3 kodkfghwo;kodkfghwo;\??\c:\windows\system32\[u]0/u2.tmp --> c:\windows\system32\[u]0/u2.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uhhmopz
cwwcvy
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-crsic - c:\documents and settings\crsic\crsic.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {3E87828C-26CF-4C8E-A809-FEFC5963A18A} = 193.194.80.116,193.194.64.11
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 11:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etugvndvr]
"ImagePath"="\??\c:\windows\system32\[u]0/u1.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kodkfghwo]
"ImagePath"="\??\c:\windows\system32\[u]0/u2.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cwwcvy]
"ServiceDll"="c:\windows\system32\vfmfedsr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhhmopz]
"ServiceDll"="c:\windows\system32\vfmfedsr.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,af,73,53,cb,ae,
29,cf,eb,e2,63,26,f1,3f,c8,ff,68,77,23,0a,3f,ad,ee,08,14,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,38,7c,4b,86,1c,
40,e2,1c,6a,9c,d6,61,af,45,84,18,9e,d2,00,0c,6d,26,8c,fd,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,53,07,7e,7b,ee,
fd,8d,b6,ff,7c,85,e0,43,d4,0e,fe,73,ca,24,d1,07,06,47,40,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,13,44,45,53,be,
38,84,92,86,8c,21,01,be,91,eb,e7,a9,c8,6a,bd,68,b4,98,9f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,7c,ee,44,71,77,
fa,f9,6a,f5,1d,4d,73,a8,13,5c,05,b4,86,ff,5f,78,34,53,7f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,c2,f4,23,e0,e9,
23,6f,7e,df,20,58,62,78,6b,cf,c8,2c,4f,1e,03,37,62,b1,a1,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,85,0c,29,66,cf,
87,f5,4b,fb,a7,78,e6,12,2f,9a,ea,8c,b7,cc,99,44,b6,b1,86,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,b0,c2,22,01,ee,
89,a8,bb,01,3a,48,fc,e8,04,4a,f1,f5,3f,19,11,33,5c,e3,0a,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,e8,db,4f,2c,ce,
a0,a0,e4,f6,0f,4e,58,98,5b,89,c9,a3,f0,1c,d6,c1,98,2b,ed,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a5,c5,26,c5,23,
1c,6b,7c,3d,ce,ea,26,2d,45,aa,78,25,4c,8f,0b,72,26,83,8b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1c,08,34,3c,14,
8c,41,18,2a,b7,cc,b5,b9,7f,41,e7,a2,dd,2a,cb,ec,66,7b,d0,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,df,68,aa,41,ac,
30,2e,57,6c,43,2d,1e,aa,22,2f,9c,2a,19,23,de,be,6e,07,1b,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-14 11:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-14 09:32

Avant-CF: 34 057 687 040 octets libres
Après-CF: 34 140 225 536 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

285

Configuration: Windows XP Internet Explorer 6.0

Meilleures réponses pour « mon rapport combofix » dans :

Analyse rapport combofix (Résolu) Voir

Comment interpreter rapport combofix (Résolu) Voir

Rapport combofix suite a un rootkit Voir

Comment faire un rapport de stage ? Voir

Tutoriel : comment interpréter un rapport RSIT VoirPrésentation générale Détail des différentes informations données par les rapports Le rapport info.txt Le rapport log.txt Analyse ligne par ligne Identification des infections Explications sur les services Présentation...

Rapport combofi Voir

Rapport combofix Voir

Posez votre question Répondre

fix200, le 14 jun 2009 à 13:41:44

Salut,

Tu es trés infecté (virut , rootkits , trojan, par support amovible) etc
*****************************************************************

Driver::
cc05f061
cwwcvy
uhhmopz;
etugvndvr
kodkfghwo
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9DCB0AE8-633C-B1D2-29E1-3A8A1A15D25A}"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etugvndvr]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kodkfghwo]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cwwcvy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhhmopz]
FILE::
C:\32788R22FWJFW.0.tmp
C:\ACCM1GEN.DAT
C:\d34575e.exe
c:\windows\system32\drivers\cc05f061.sys
c:\windows\system32\drivers\klick.dat
c:\windows\system32\drivers\klin.dat
c:\windows\system32\lpg32.dll
c:\windows\system32\02.tmp
c:\windows\system32\01.tmp
c:\windows\system32\vfmfedsr.dll

- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

- Sauvegarde ce fichier sous le nom de CFScript.txt

- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

++ Un sujet résolu au statut "non résolu" c'est comme quelqu'un qui achète au magasin sans payer...
Alors, pensez a mettre votre sujet comme RESOLU

Répondre à fix200

Posez votre question Répondre