Sujet Précédent Sujet Suivant

Rapport combofix : avis

Résolu
ade604 Messages postés 93 Statut Membre -  
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour, d'après ce rapport, voyez vous quelque choses d'anormal ?

ComboFix 09-08-30.04 - Adeline 01/09/2009 21:54.3.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.1919.1216 [GMT 2:00]
Running from: c:\users\Adeline\Desktop\antitruc.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 20:01 . 2009-09-01 20:01 -------- d-----w- c:\users\Adeline\AppData\Local\temp
2009-09-01 20:01 . 2009-09-01 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-01 20:01 . 2009-09-01 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-01 20:01 . 2009-09-01 20:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-09-01 18:57 . 2009-09-01 18:57 -------- d-----w- c:\users\Adeline\AppData\Local\Symantec
2009-09-01 17:40 . 2009-08-27 08:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\NAVENG.SYS
2009-09-01 17:40 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\EECTRL.SYS
2009-09-01 17:40 . 2009-08-27 08:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\CCERASER.DLL
2009-09-01 17:40 . 2009-08-27 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\ECMSVR32.DLL
2009-09-01 17:40 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\NAVENG32.DLL
2009-09-01 17:40 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\NAVEX32A.DLL
2009-09-01 17:40 . 2009-08-27 08:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\NAVEX15.SYS
2009-09-01 17:40 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090901.006\ERASER.SYS
2009-09-01 17:16 . 2009-09-01 17:59 -------- d-----w- c:\users\Adeline\AppData\Roaming\vlc
2009-09-01 17:01 . 2009-09-01 17:01 -------- d-----w- c:\program files\VLC
2009-08-31 19:58 . 2009-08-31 21:32 -------- d-----w- c:\users\Adeline\AppData\Local\Microsoft Games
2009-08-30 17:50 . 2009-08-30 17:50 -------- d-----w- c:\users\Adeline\AppData\Local\Microsoft Help
2009-08-30 17:40 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-30 17:40 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-30 17:40 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-30 17:40 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-30 17:40 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-30 17:40 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-30 17:40 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-30 17:40 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-30 15:42 . 2009-08-30 15:42 -------- d-----w- c:\program files\CCleaner
2009-08-29 19:20 . 2009-08-29 19:20 -------- d-----w- c:\users\Adeline\AppData\Roaming\Microsoft Web Folders
2009-08-29 18:50 . 2009-08-29 18:55 -------- d-----r- C:\cd1
2009-08-29 16:48 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 16:48 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-27 16:54 . 2009-07-11 23:15 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-27 16:54 . 2009-07-11 23:15 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-27 16:54 . 2009-07-11 23:15 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-27 16:54 . 2009-07-11 23:15 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-27 16:54 . 2009-07-11 23:15 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-27 16:34 . 2009-08-27 16:34 -------- d--h--w- c:\windows\PIF
2009-08-27 15:15 . 2009-08-27 15:15 1961720 ----a-w- c:\users\Adeline\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-08-27 15:09 . 2009-07-03 16:09 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-27 15:08 . 2009-08-27 15:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-27 15:08 . 2009-08-27 16:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-27 15:08 . 2009-08-27 15:08 -------- d-----w- c:\program files\Symantec
2009-08-27 10:46 . 2009-08-27 10:46 -------- d-----w- C:\utility
2009-08-27 10:45 . 2008-01-21 02:32 -------- d-----w- C:\PerfLogs
2009-08-26 15:45 . 2009-09-01 19:50 -------- d-----w- c:\users\Adeline\Tracing
2009-08-26 15:20 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 15:11 . 2009-08-26 15:11 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-08-26 14:47 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-26 14:47 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-26 14:47 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-26 14:47 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-26 14:47 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-26 14:47 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-26 14:47 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-26 14:25 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-26 14:25 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-26 14:25 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-26 14:24 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-26 14:24 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-26 14:20 . 2009-08-26 14:20 5132604 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-08-26 07:54 . 2009-08-25 00:25 -------- d-----w- c:\windows\RE_DRIVE
2009-08-25 20:26 . 2009-08-25 20:26 -------- d-----w- c:\users\Administrator
2009-08-25 01:24 . 2009-08-25 01:24 -------- d-----w- c:\users\Adeline\Sauvegarde cours du 17.06.09
2009-08-25 01:16 . 2009-08-25 01:16 -------- d-----w- c:\users\Adeline\Sauvegarde cours du 28.04.09
2009-08-25 01:13 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-25 01:13 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-25 01:13 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-25 01:13 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-25 01:13 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-08-25 01:11 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-25 01:11 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-25 01:11 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-25 01:11 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-25 01:11 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-08-25 01:00 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-25 01:00 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-25 01:00 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-25 01:00 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-25 01:00 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-08-25 01:00 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-08-25 01:00 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-08-25 01:00 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-25 01:00 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-08-25 00:36 . 2009-08-25 00:36 -------- d-----w- c:\users\Adeline\AppData\Roaming\Ulead Systems
2009-08-24 22:55 . 2009-08-24 22:55 -------- d-----w- c:\users\Adeline\AppData\Local\Toshiba
2009-08-24 22:55 . 2009-08-24 22:55 -------- d-----w- c:\users\Adeline\AppData\Local\ArcSoft
2009-08-24 22:54 . 2009-08-24 22:54 -------- d-----w- c:\users\Adeline\AppData\Roaming\ATI
2009-08-24 22:54 . 2009-08-24 22:54 -------- d-----w- c:\users\Adeline\AppData\Local\ATI
2009-08-24 22:54 . 2009-08-27 15:10 -------- d-----w- c:\users\Adeline\AppData\Roaming\ArcSoft
2009-08-24 22:54 . 2009-08-25 20:03 -------- d-----w- c:\users\Adeline\AppData\Local\Adobe
2009-08-24 22:54 . 2009-05-21 02:06 32850120 ----a-w- c:\windows\system32\msi1366.scr
2009-08-24 22:38 . 2009-08-31 21:48 -------- d-----w- c:\programdata\Ulead Systems
2009-08-24 22:38 . 2009-08-30 16:13 -------- d-----w- c:\users\Adeline\AppData\Local\VirtualStore
2009-08-24 22:35 . 2009-08-26 15:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-24 22:34 . 2009-08-24 22:34 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-24 22:34 . 2008-12-08 15:01 55264 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-08-24 22:34 . 2009-08-24 22:34 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-24 22:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-08-24 22:33 . 2009-08-24 22:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-24 22:31 . 2009-08-24 22:35 -------- d-----w- c:\program files\Microsoft
2009-08-24 22:31 . 2009-08-24 22:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-24 22:31 . 2009-08-24 22:34 -------- d-----w- c:\program files\Windows Live
2009-08-24 22:29 . 2009-08-24 22:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-24 22:29 . 2009-08-30 17:58 70880 ----a-w- c:\users\Adeline\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-24 22:24 . 2009-08-31 21:41 -------- d-----w- c:\users\Adeline\AppData\Local\Microsoft
2009-08-24 22:24 . 2009-08-31 21:33 -------- d-----w- c:\users\Adeline
2009-08-24 22:24 . 2009-08-24 22:24 -------- d-sh--we c:\users\Adeline\AppData\Local\Temporary Internet Files
2009-08-24 22:24 . 2009-08-24 22:24 -------- d-sh--we c:\users\Adeline\AppData\Local\Historique
2009-08-24 22:24 . 2009-08-24 22:24 -------- d-sh--we c:\users\Adeline\AppData\Local\Application Data
2009-08-24 22:24 . 2006-11-02 12:37 -------- d-----w- c:\users\Adeline\AppData\Roaming\Media Center Programs
2009-08-24 22:21 . 2009-08-24 22:21 -------- d-----w- c:\programdata\WindowsSearch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 19:55 . 2009-07-02 21:06 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-01 19:55 . 2009-07-02 21:06 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-31 21:48 . 2009-07-02 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-31 17:09 . 2009-07-03 18:14 -------- d-----w- c:\programdata\Microsoft Help
2009-08-30 19:34 . 2009-07-03 00:35 -------- d-----w- c:\program files\MSI
2009-08-30 17:49 . 2009-07-03 18:23 -------- d-----w- c:\program files\Microsoft Works
2009-08-27 15:12 . 2009-07-03 16:13 -------- d-----w- c:\programdata\ArcSoft
2009-08-27 15:11 . 2009-07-03 16:10 -------- d-----w- c:\programdata\Symantec
2009-08-27 15:10 . 2009-07-03 16:09 -------- d-----w- c:\programdata\Norton
2009-08-27 15:08 . 2009-08-27 15:08 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-27 15:08 . 2009-08-27 15:08 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-26 15:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-24 22:25 . 2009-08-24 22:25 6 ----a-w- c:\windows\silentOnce.tmp
2009-07-21 21:52 . 2009-08-25 01:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-25 01:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-25 01:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-25 01:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-25 01:12 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-11 23:15 . 2009-07-03 16:09 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 23:15 . 2009-07-03 16:09 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 23:15 . 2009-07-03 16:09 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-11 23:15 . 2009-07-03 16:09 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 23:15 . 2009-07-03 16:09 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-03 21:36 . 2009-07-03 21:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-03 21:16 . 2009-07-03 21:16 -------- d-----w- c:\programdata\TOSHIBA
2009-07-03 20:44 . 2009-07-03 20:44 -------- d-----w- c:\program files\Toshiba
2009-07-03 16:09 . 2009-07-03 16:09 1294680 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-03 16:09 . 2009-07-03 16:09 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-03 16:09 . 2009-07-03 16:09 791920 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-03 16:09 . 2009-07-03 16:09 288104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CPDOEM\CPDOEM.dll
2009-06-10 12:12 . 2009-08-25 01:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:07 . 2009-08-25 01:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-06-05 12:34 . 2009-08-25 01:12 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-05 10:08 . 2009-08-25 01:12 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-04 12:34 . 2009-08-25 01:12 2066432 ----a-w- c:\windows\system32\mstscax.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-14 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-06-12 2064384]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-08-27 79232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-9-19 2356552]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C37CF850-F779-4F9D-A344-BF9AB15E29D1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{274D7C5F-B662-4607-A31E-20140E218368}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{538635E4-A3A1-4273-8A3A-4DA5BC9C6CCD}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [03/07/2009 18:09 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [03/07/2009 18:09 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [03/07/2009 18:09 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [27/08/2009 18:54 293424]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [03/07/2009 18:02 159744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [03/07/2009 18:09 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 10:00 102448]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [03/07/2009 23:30 451584]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [03/07/2009 18:09 40496]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [03/07/2009 18:14 17920]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [25/08/2009 00:34 55264]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [08/12/2008 17:01 533344]
S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\System32\drivers\rtl819xp.sys [03/07/2009 22:40 496640]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{E1B5B4C6-0423-48FC-AFE5-84BCFDE5B5F4}.job
- c:\windows\system32\msfeedssync.exe [2009-08-25 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 22:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\Adeline\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-01 22:05
ComboFix-quarantined-files.txt 2009-09-01 20:04

Pre-Run: 12 234 620 928 octets libres
Post-Run: 12 196 691 968 octets libres

258 --- E O F --- 2009-08-31 17:10

MERCI

2 réponses

Réponse 1 / 2
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
Bonsoir ,

C'est quoi ton soucis et surtout : " Pourquoi avoir lancer combofix" ?
0
ade604 Messages postés 93 Statut Membre 10
 
gros soucis sur cet ordinateur. infecté par brontok. Du coup l'antivirus demande sans cesse de supprimer des fichiers, en vain.
0
ade604 Messages postés 93 Statut Membre 10
 
Désolé, je me suis trompé de rapport. (je traite 2 ordi en meme temps). Celui ci corrspond à l'ordinateur portable, infecté par rontokbro. J'ai fait plein de démarche, le virus donc l'antivirus ne se manifestait plus mais voilà qu'il revient.
Je te demande juste si tu sais interpréter ces rapports, rien de plus...
0
Réponse 2 / 2
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
  
Je te demande juste si tu sais interpréter ces rapports, rien de plus...


Ce n'est pas ce genre de rapport qu'il faut interpréter afin de savoir si la machine est infecté .

Combofix sert a traiter les familles de rootkits .

Si tu veux vérifier ton pc fait ceci :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Aide en images si besoin
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses