Mon rapport combofix
rezkiadsl
Messages postés
3
Date d'inscription
Statut
Membre
-
fix200 Messages postés 3365 Statut Contributeur sécurité -
fix200 Messages postés 3365 Statut Contributeur sécurité -
Bonjour,
ComboFix 09-06-13.09 - crsic 14/06/2009 11:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.191.78 [GMT 2:00]
Lancé depuis: c:\documents and settings\crsic\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\crsic\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\avcandac.exe
c:\documents and settings\crsic\reader_s.exe
c:\documents and settings\crsic\Application Data\addons.dat
c:\documents and settings\crsic\reader_s.exe
c:\windows\KBPK090531.log
c:\windows\KBPK090602.log
c:\windows\KBPK090603.log
c:\windows\KBPK090607.log
c:\windows\KBPK090610.log
c:\windows\KBPK090611.log
.
---- Exécution préalable -------
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Service_6to4
-------\Service_dhcpsrv
-------\Service_msncache
-------\Service_ntalme
-------\Service_sopidkc
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 ))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:16 . 2009-06-14 09:16 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-14 08:48 . 2004-08-04 04:54 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-14 07:10 . 2009-06-14 07:10 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
2009-06-07 13:04 . 2009-06-07 13:04 75 ----a-w- C:\ACCM1GEN.DAT
2009-06-07 13:03 . 2009-06-07 13:03 -------- d-----w- c:\documents and settings\crsic\WINDOWS
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\program files\Java
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\program files\Fichiers communs\Java
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\documents and settings\crsic\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142070}
2009-06-03 12:47 . 2009-06-03 12:55 -------- d-----w- c:\program files\Greenstone
2009-06-02 12:14 . 2009-06-02 12:14 -------- d-----w- c:\program files\Yahoo! Companion
2009-05-31 07:08 . 2009-06-14 09:14 -------- d-----w- c:\windows\dhcp
2009-05-31 07:05 . 2009-06-07 12:12 0 ----a-w- c:\windows\system32\drivers\cc05f061.sys
2009-05-31 06:59 . 2009-05-31 06:59 9216 ----a-w- C:\d34575e.exe
2009-05-25 10:20 . 2009-05-25 10:20 -------- d-----w- c:\documents and settings\crsic\Application Data\Greenstone
2009-05-25 10:16 . 2009-05-25 10:16 -------- d-----w- c:\documents and settings\crsic\.ov4n
2009-05-25 10:16 . 2009-06-03 12:44 -------- d-----w- c:\documents and settings\crsic\Greenstone2
2009-05-23 12:15 . 2007-06-18 08:38 14848 ----a-w- c:\windows\system32\tpfmxp.dll
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\tpfmon
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\program files\Axmapresse
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InternetFax
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:29 . 2009-04-27 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-14 09:28 . 2009-04-27 08:19 327712 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-14 09:28 . 2009-04-27 08:19 3248 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-14 09:28 . 2009-04-27 08:19 1430048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-14 09:28 . 2009-04-27 08:19 13300 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-03 13:13 . 2009-04-30 09:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-09 12:06 . 2009-04-28 07:42 -------- d-----w- c:\documents and settings\crsic\Application Data\Skype
2009-05-09 10:57 . 2002-09-07 00:00 49494 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-09 10:57 . 2002-09-07 00:00 370414 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-03 07:14 . 2009-04-26 09:44 73872 ----a-w- c:\documents and settings\crsic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 08:08 . 2009-05-02 07:58 -------- d-----w- c:\program files\Pinnacle
2009-05-02 08:02 . 2009-04-26 11:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-02 07:59 . 2009-05-02 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-05-02 07:57 . 2009-04-26 11:24 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-04-29 09:31 . 2009-04-26 09:19 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 07:42 . 2009-04-28 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-28 07:42 . 2009-04-28 07:42 -------- d-----w- c:\program files\Skype
2009-04-27 10:43 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-04-27 10:43 . 2009-04-27 08:20 101287 ----a-w- c:\windows\system32\drivers\klin.dat
2009-04-27 10:43 . 2009-04-27 08:20 89601 ----a-w- c:\windows\system32\drivers\klick.dat
2009-04-27 10:43 . 2009-04-27 10:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-04-27 10:43 . 2009-04-27 10:43 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-04-27 10:43 . 2009-04-27 10:43 21256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-04-27 10:43 . 2009-04-27 10:42 861448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-04-27 10:42 . 2009-04-27 10:42 83208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-04-27 10:42 . 2009-04-27 10:42 62728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-04-27 10:42 . 2009-04-27 10:42 43784 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-04-27 10:42 . 2009-04-27 10:42 365832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-04-27 10:42 . 2009-04-27 10:42 201992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-04-27 09:38 . 2009-04-26 09:18 -------- d-----w- c:\program files\Services en ligne
2009-04-27 08:41 . 2009-04-27 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-27 08:36 . 2009-04-27 08:35 -------- d-----w- c:\program files\CCleaner
2009-04-27 08:36 . 2009-04-27 08:35 -------- d-----w- c:\program files\Yahoo!
2009-04-27 08:35 . 2009-04-27 08:35 -------- d-----w- c:\documents and settings\crsic\Application Data\Yahoo!
2009-04-27 08:32 . 2009-04-27 08:32 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-04-27 08:19 . 2009-04-27 08:19 -------- d-----w- c:\program files\Kaspersky Lab
2009-04-27 08:18 . 2009-04-27 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-27 08:11 . 2009-04-27 08:11 -------- d-----w- c:\program files\epson
2009-04-26 11:26 . 2009-04-26 11:26 -------- d-----w- c:\documents and settings\crsic\Application Data\SmarThru4
2009-04-26 11:26 . 2009-04-26 11:25 -------- d-----w- c:\program files\SmarThru 4
2009-04-26 11:26 . 2009-04-26 11:25 -------- d-----w- c:\program files\Readiris
2009-04-26 11:22 . 2009-04-26 11:22 -------- d-----w- c:\program files\Samsung
2009-04-26 09:20 . 2009-04-26 09:20 -------- d-----w- c:\program files\microsoft frontpage
2009-04-26 09:17 . 2009-04-26 09:17 21892 ----a-w- c:\windows\system32\emptyregdb.dat
1990-01-01 01:01 . 1990-01-01 01:01 53248 --sh--r- c:\windows\system32\lpg32.dll
2004-08-04 04:54 . 2004-08-04 04:54 168509 --sha-r- c:\windows\system32\vfmfedsr.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-27 201992]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_07\bin\jusched.exe" [2005-01-15 32881]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
kasp6.0_ak_refguidefr.pdf [2008-10-9 3524288]
kav6.0fr.pdf [2009-3-4 1699654]
kav6.0_winwksen.pdf [2008-8-11 3057457]
kav6.0_winwksfr.pdf [2007-10-9 4559220]
kav6.0_wseeappschemes_fr.pdf [2009-3-4 491351]
kav6.0_wseeinstallguide_fr.pdf [2009-3-4 2725040]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
kasp6.0_ak_refguidefr.pdf [2008-10-9 3524288]
kav6.0fr.pdf [2009-3-4 1699654]
kav6.0_winwksen.pdf [2008-8-11 3057457]
kav6.0_winwksfr.pdf [2007-10-9 4559220]
kav6.0_wseeappschemes_fr.pdf [2009-3-4 491351]
kav6.0_wseeinstallguide_fr.pdf [2009-3-4 2725040]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9DCB0AE8-633C-B1D2-29E1-3A8A1A15D25A}"= "c:\windows\system32\lpg32.dll" [1990-01-01 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Updater6\\Adobe_Updater.exe"=
"c:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\SmarThru 4\\ControlPanel.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6760:TCP"= 6760:TCP:njqzvyni
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20:07 24592]
S1 cc05f061;cc05f061;c:\windows\system32\drivers\cc05f061.sys [31/05/2009 09:05 0]
S2 cwwcvy;Driver Time;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 06:55 14336]
S2 uhhmopz;Helper Shell;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 06:55 14336]
S3 etugvndvr;etugvndvr;\??\c:\windows\system32\[u]0/u1.tmp --> c:\windows\system32\[u]0/u1.tmp [?]
S3 kodkfghwo;kodkfghwo;\??\c:\windows\system32\[u]0/u2.tmp --> c:\windows\system32\[u]0/u2.tmp [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uhhmopz
cwwcvy
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-crsic - c:\documents and settings\crsic\crsic.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {3E87828C-26CF-4C8E-A809-FEFC5963A18A} = 193.194.80.116,193.194.64.11
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 11:30
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etugvndvr]
"ImagePath"="\??\c:\windows\system32\[u]0/u1.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kodkfghwo]
"ImagePath"="\??\c:\windows\system32\[u]0/u2.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cwwcvy]
"ServiceDll"="c:\windows\system32\vfmfedsr.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhhmopz]
"ServiceDll"="c:\windows\system32\vfmfedsr.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,af,73,53,cb,ae,
29,cf,eb,e2,63,26,f1,3f,c8,ff,68,77,23,0a,3f,ad,ee,08,14,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,38,7c,4b,86,1c,
40,e2,1c,6a,9c,d6,61,af,45,84,18,9e,d2,00,0c,6d,26,8c,fd,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,53,07,7e,7b,ee,
fd,8d,b6,ff,7c,85,e0,43,d4,0e,fe,73,ca,24,d1,07,06,47,40,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,13,44,45,53,be,
38,84,92,86,8c,21,01,be,91,eb,e7,a9,c8,6a,bd,68,b4,98,9f,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,7c,ee,44,71,77,
fa,f9,6a,f5,1d,4d,73,a8,13,5c,05,b4,86,ff,5f,78,34,53,7f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,c2,f4,23,e0,e9,
23,6f,7e,df,20,58,62,78,6b,cf,c8,2c,4f,1e,03,37,62,b1,a1,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,85,0c,29,66,cf,
87,f5,4b,fb,a7,78,e6,12,2f,9a,ea,8c,b7,cc,99,44,b6,b1,86,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,b0,c2,22,01,ee,
89,a8,bb,01,3a,48,fc,e8,04,4a,f1,f5,3f,19,11,33,5c,e3,0a,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,e8,db,4f,2c,ce,
a0,a0,e4,f6,0f,4e,58,98,5b,89,c9,a3,f0,1c,d6,c1,98,2b,ed,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a5,c5,26,c5,23,
1c,6b,7c,3d,ce,ea,26,2d,45,aa,78,25,4c,8f,0b,72,26,83,8b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1c,08,34,3c,14,
8c,41,18,2a,b7,cc,b5,b9,7f,41,e7,a2,dd,2a,cb,ec,66,7b,d0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,df,68,aa,41,ac,
30,2e,57,6c,43,2d,1e,aa,22,2f,9c,2a,19,23,de,be,6e,07,1b,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-14 11:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-14 09:32
Avant-CF: 34 057 687 040 octets libres
Après-CF: 34 140 225 536 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
285
ComboFix 09-06-13.09 - crsic 14/06/2009 11:25.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.191.78 [GMT 2:00]
Lancé depuis: c:\documents and settings\crsic\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\crsic\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\avcandac.exe
c:\documents and settings\crsic\reader_s.exe
c:\documents and settings\crsic\Application Data\addons.dat
c:\documents and settings\crsic\reader_s.exe
c:\windows\KBPK090531.log
c:\windows\KBPK090602.log
c:\windows\KBPK090603.log
c:\windows\KBPK090607.log
c:\windows\KBPK090610.log
c:\windows\KBPK090611.log
.
---- Exécution préalable -------
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6to4
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Service_6to4
-------\Service_dhcpsrv
-------\Service_msncache
-------\Service_ntalme
-------\Service_sopidkc
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 ))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:16 . 2009-06-14 09:16 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-14 08:48 . 2004-08-04 04:54 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-14 07:10 . 2009-06-14 07:10 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
2009-06-07 13:04 . 2009-06-07 13:04 75 ----a-w- C:\ACCM1GEN.DAT
2009-06-07 13:03 . 2009-06-07 13:03 -------- d-----w- c:\documents and settings\crsic\WINDOWS
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\program files\Java
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\program files\Fichiers communs\Java
2009-06-03 12:51 . 2009-06-03 12:51 -------- d-----w- c:\documents and settings\crsic\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142070}
2009-06-03 12:47 . 2009-06-03 12:55 -------- d-----w- c:\program files\Greenstone
2009-06-02 12:14 . 2009-06-02 12:14 -------- d-----w- c:\program files\Yahoo! Companion
2009-05-31 07:08 . 2009-06-14 09:14 -------- d-----w- c:\windows\dhcp
2009-05-31 07:05 . 2009-06-07 12:12 0 ----a-w- c:\windows\system32\drivers\cc05f061.sys
2009-05-31 06:59 . 2009-05-31 06:59 9216 ----a-w- C:\d34575e.exe
2009-05-25 10:20 . 2009-05-25 10:20 -------- d-----w- c:\documents and settings\crsic\Application Data\Greenstone
2009-05-25 10:16 . 2009-05-25 10:16 -------- d-----w- c:\documents and settings\crsic\.ov4n
2009-05-25 10:16 . 2009-06-03 12:44 -------- d-----w- c:\documents and settings\crsic\Greenstone2
2009-05-23 12:15 . 2007-06-18 08:38 14848 ----a-w- c:\windows\system32\tpfmxp.dll
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\tpfmon
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\program files\Axmapresse
2009-05-23 12:15 . 2009-05-23 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InternetFax
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 09:29 . 2009-04-27 08:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-14 09:28 . 2009-04-27 08:19 327712 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-14 09:28 . 2009-04-27 08:19 3248 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-14 09:28 . 2009-04-27 08:19 1430048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-14 09:28 . 2009-04-27 08:19 13300 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-03 13:13 . 2009-04-30 09:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-09 12:06 . 2009-04-28 07:42 -------- d-----w- c:\documents and settings\crsic\Application Data\Skype
2009-05-09 10:57 . 2002-09-07 00:00 49494 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-09 10:57 . 2002-09-07 00:00 370414 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-03 07:14 . 2009-04-26 09:44 73872 ----a-w- c:\documents and settings\crsic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 08:08 . 2009-05-02 07:58 -------- d-----w- c:\program files\Pinnacle
2009-05-02 08:02 . 2009-04-26 11:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-02 07:59 . 2009-05-02 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-05-02 07:57 . 2009-04-26 11:24 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-04-29 09:31 . 2009-04-26 09:19 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 07:42 . 2009-04-28 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-28 07:42 . 2009-04-28 07:42 -------- d-----w- c:\program files\Skype
2009-04-27 10:43 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-04-27 10:43 . 2009-04-27 08:20 101287 ----a-w- c:\windows\system32\drivers\klin.dat
2009-04-27 10:43 . 2009-04-27 08:20 89601 ----a-w- c:\windows\system32\drivers\klick.dat
2009-04-27 10:43 . 2009-04-27 10:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-04-27 10:43 . 2009-04-27 10:43 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-04-27 10:43 . 2009-04-27 10:43 21256 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-04-27 10:43 . 2009-04-27 10:42 861448 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-04-27 10:42 . 2009-04-27 10:42 83208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-04-27 10:42 . 2009-04-27 10:42 62728 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-04-27 10:42 . 2009-04-27 10:42 43784 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-04-27 10:42 . 2009-04-27 10:42 365832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-04-27 10:42 . 2009-04-27 10:42 201992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-04-27 09:38 . 2009-04-26 09:18 -------- d-----w- c:\program files\Services en ligne
2009-04-27 08:41 . 2009-04-27 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-27 08:36 . 2009-04-27 08:35 -------- d-----w- c:\program files\CCleaner
2009-04-27 08:36 . 2009-04-27 08:35 -------- d-----w- c:\program files\Yahoo!
2009-04-27 08:35 . 2009-04-27 08:35 -------- d-----w- c:\documents and settings\crsic\Application Data\Yahoo!
2009-04-27 08:32 . 2009-04-27 08:32 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-04-27 08:19 . 2009-04-27 08:19 -------- d-----w- c:\program files\Kaspersky Lab
2009-04-27 08:18 . 2009-04-27 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-27 08:11 . 2009-04-27 08:11 -------- d-----w- c:\program files\epson
2009-04-26 11:26 . 2009-04-26 11:26 -------- d-----w- c:\documents and settings\crsic\Application Data\SmarThru4
2009-04-26 11:26 . 2009-04-26 11:25 -------- d-----w- c:\program files\SmarThru 4
2009-04-26 11:26 . 2009-04-26 11:25 -------- d-----w- c:\program files\Readiris
2009-04-26 11:22 . 2009-04-26 11:22 -------- d-----w- c:\program files\Samsung
2009-04-26 09:20 . 2009-04-26 09:20 -------- d-----w- c:\program files\microsoft frontpage
2009-04-26 09:17 . 2009-04-26 09:17 21892 ----a-w- c:\windows\system32\emptyregdb.dat
1990-01-01 01:01 . 1990-01-01 01:01 53248 --sh--r- c:\windows\system32\lpg32.dll
2004-08-04 04:54 . 2004-08-04 04:54 168509 --sha-r- c:\windows\system32\vfmfedsr.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-27 201992]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_07\bin\jusched.exe" [2005-01-15 32881]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
kasp6.0_ak_refguidefr.pdf [2008-10-9 3524288]
kav6.0fr.pdf [2009-3-4 1699654]
kav6.0_winwksen.pdf [2008-8-11 3057457]
kav6.0_winwksfr.pdf [2007-10-9 4559220]
kav6.0_wseeappschemes_fr.pdf [2009-3-4 491351]
kav6.0_wseeinstallguide_fr.pdf [2009-3-4 2725040]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
kasp6.0_ak_refguidefr.pdf [2008-10-9 3524288]
kav6.0fr.pdf [2009-3-4 1699654]
kav6.0_winwksen.pdf [2008-8-11 3057457]
kav6.0_winwksfr.pdf [2007-10-9 4559220]
kav6.0_wseeappschemes_fr.pdf [2009-3-4 491351]
kav6.0_wseeinstallguide_fr.pdf [2009-3-4 2725040]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9DCB0AE8-633C-B1D2-29E1-3A8A1A15D25A}"= "c:\windows\system32\lpg32.dll" [1990-01-01 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Updater6\\Adobe_Updater.exe"=
"c:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\SmarThru 4\\ControlPanel.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6760:TCP"= 6760:TCP:njqzvyni
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18:29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 20:07 24592]
S1 cc05f061;cc05f061;c:\windows\system32\drivers\cc05f061.sys [31/05/2009 09:05 0]
S2 cwwcvy;Driver Time;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 06:55 14336]
S2 uhhmopz;Helper Shell;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 06:55 14336]
S3 etugvndvr;etugvndvr;\??\c:\windows\system32\[u]0/u1.tmp --> c:\windows\system32\[u]0/u1.tmp [?]
S3 kodkfghwo;kodkfghwo;\??\c:\windows\system32\[u]0/u2.tmp --> c:\windows\system32\[u]0/u2.tmp [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uhhmopz
cwwcvy
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-crsic - c:\documents and settings\crsic\crsic.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {3E87828C-26CF-4C8E-A809-FEFC5963A18A} = 193.194.80.116,193.194.64.11
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 11:30
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etugvndvr]
"ImagePath"="\??\c:\windows\system32\[u]0/u1.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kodkfghwo]
"ImagePath"="\??\c:\windows\system32\[u]0/u2.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cwwcvy]
"ServiceDll"="c:\windows\system32\vfmfedsr.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhhmopz]
"ServiceDll"="c:\windows\system32\vfmfedsr.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,af,73,53,cb,ae,
29,cf,eb,e2,63,26,f1,3f,c8,ff,68,77,23,0a,3f,ad,ee,08,14,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,38,7c,4b,86,1c,
40,e2,1c,6a,9c,d6,61,af,45,84,18,9e,d2,00,0c,6d,26,8c,fd,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,53,07,7e,7b,ee,
fd,8d,b6,ff,7c,85,e0,43,d4,0e,fe,73,ca,24,d1,07,06,47,40,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,13,44,45,53,be,
38,84,92,86,8c,21,01,be,91,eb,e7,a9,c8,6a,bd,68,b4,98,9f,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,7c,ee,44,71,77,
fa,f9,6a,f5,1d,4d,73,a8,13,5c,05,b4,86,ff,5f,78,34,53,7f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,c2,f4,23,e0,e9,
23,6f,7e,df,20,58,62,78,6b,cf,c8,2c,4f,1e,03,37,62,b1,a1,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,85,0c,29,66,cf,
87,f5,4b,fb,a7,78,e6,12,2f,9a,ea,8c,b7,cc,99,44,b6,b1,86,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,b0,c2,22,01,ee,
89,a8,bb,01,3a,48,fc,e8,04,4a,f1,f5,3f,19,11,33,5c,e3,0a,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,e8,db,4f,2c,ce,
a0,a0,e4,f6,0f,4e,58,98,5b,89,c9,a3,f0,1c,d6,c1,98,2b,ed,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a5,c5,26,c5,23,
1c,6b,7c,3d,ce,ea,26,2d,45,aa,78,25,4c,8f,0b,72,26,83,8b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1c,08,34,3c,14,
8c,41,18,2a,b7,cc,b5,b9,7f,41,e7,a2,dd,2a,cb,ec,66,7b,d0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,df,68,aa,41,ac,
30,2e,57,6c,43,2d,1e,aa,22,2f,9c,2a,19,23,de,be,6e,07,1b,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-14 11:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-14 09:32
Avant-CF: 34 057 687 040 octets libres
Après-CF: 34 140 225 536 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
285
Configuration: Windows XP Internet Explorer 6.0
A voir également:
- Mon rapport combofix
- Rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
- Exemple de thème de rapport de stage en ressources humaines - Forum Réseau
1 réponse
Salut,
Tu es trés infecté (virut , rootkits , trojan, par support amovible) etc
*****************************************************************
Driver::
cc05f061
cwwcvy
uhhmopz;
etugvndvr
kodkfghwo
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9DCB0AE8-633C-B1D2-29E1-3A8A1A15D25A}"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etugvndvr]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kodkfghwo]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cwwcvy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhhmopz]
FILE::
C:\32788R22FWJFW.0.tmp
C:\ACCM1GEN.DAT
C:\d34575e.exe
c:\windows\system32\drivers\cc05f061.sys
c:\windows\system32\drivers\klick.dat
c:\windows\system32\drivers\klin.dat
c:\windows\system32\lpg32.dll
c:\windows\system32\02.tmp
c:\windows\system32\01.tmp
c:\windows\system32\vfmfedsr.dll
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
++
Tu es trés infecté (virut , rootkits , trojan, par support amovible) etc
*****************************************************************
Driver::
cc05f061
cwwcvy
uhhmopz;
etugvndvr
kodkfghwo
Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{9DCB0AE8-633C-B1D2-29E1-3A8A1A15D25A}"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etugvndvr]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kodkfghwo]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cwwcvy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uhhmopz]
FILE::
C:\32788R22FWJFW.0.tmp
C:\ACCM1GEN.DAT
C:\d34575e.exe
c:\windows\system32\drivers\cc05f061.sys
c:\windows\system32\drivers\klick.dat
c:\windows\system32\drivers\klin.dat
c:\windows\system32\lpg32.dll
c:\windows\system32\02.tmp
c:\windows\system32\01.tmp
c:\windows\system32\vfmfedsr.dll
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
++
