Comment analyse de rapports ComboFix

Fermé
jelil99 - 9 nov. 2009 à 15:25
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 9 nov. 2009 à 16:12
Bonjour,
ComboFix 09-11-04.05 - gescom 09/11/2009 13:01.3.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.503.199 [GMT 0:00]
Running from: c:\documents and settings\gescom\Mes documents\ComboFix.exe
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-10-22 12:03 . 2009-10-22 12:03 -------- d-----w- c:\documents and settings\Invité

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 12:49 . 2009-01-20 08:50 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-27 16:03 . 2008-11-12 12:10 -------- d-----w- c:\documents and settings\gescom\Application Data\Skype
2009-10-25 11:55 . 2006-08-31 09:52 -------- d-----w- c:\program files\المكتبة الشاملة
2009-09-28 17:46 . 2009-09-28 17:46 -------- d-----r- c:\program files\Skype
2009-09-28 17:46 . 2008-11-12 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-27 10:41 . 2008-11-12 12:40 -------- d-----w- c:\documents and settings\gescom\Application Data\skypePM
2009-09-24 15:57 . 2008-12-15 11:36 -------- d-----w- c:\program files\ma-config.com
2009-09-23 12:04 . 2009-09-23 12:04 -------- d-----w- c:\documents and settings\gescom\Application Data\True Sword
2009-09-23 10:17 . 2009-08-19 12:01 -------- d-----w- c:\program files\REALTEK
2009-09-11 14:34 . 2001-12-15 01:08 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:26 . 2008-12-15 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-09-04 20:46 . 2001-12-15 01:08 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:15 . 2001-12-15 01:10 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 12:52 . 2008-10-17 14:01 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-08-19 12:02 . 2009-08-19 12:02 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-04-07 08:55 . 2009-09-24 09:22 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-08-23 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-07 69632]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-20 151597]
"CAPON"="c:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-14 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Fenˆtre d'‚tat Canon LBP-810.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2001-2-14 114688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitDefender\\BitDefender 2009\\seccenter.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [04/09/2008 16:33 82696]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [19/08/2009 12:01 38144]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 11:09 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [17/10/2008 14:01 104456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/09/2009 08:07 234864]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 6D5C77EE
*NewlyCreated* - 912CE397
*Deregistered* - 6d5c77ee
*Deregistered* - 912ce397
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{75C2C537-2E50-408A-A700-097377BA7192}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\gescom\Application Data\Mozilla\Firefox\Profiles\hfzfwxxp.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 13:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4168)
c:\windows\system32\webcheck.dll
.
Completion time: 2009-11-09 13:12
ComboFix-quarantined-files.txt 2009-11-09 13:12
ComboFix2.txt 2009-11-09 12:34

Pre-Run: 29 743 472 640 octets libres
Post-Run: 29 695 451 136 octets libres
A voir également:

1 réponse

sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
9 nov. 2009 à 16:12
mais pourquoi avoir fait un combofix ?
tu a pris des risques , cet outils est dangereux , tu doit avoir une raison
0