lecture rapport ComboFix

[jeje77]

Salut tout le monde !!!

 

voila j'avais un petit soucis, je ne pouvais plus démarrer une session Windows en mode sans échec, et des fenêtres internet s'ouvraient intempestivement quand j'allais sur Firefox (site de jeux en ligne, site XXX entre autre ...).

 

On m'a conseiller de lancer combofix, je l'ai fait et suite au scan de combofix, la console de récupération de windows à été installée et je peut de nouveau redémarrer en mode sans échec et les fenetres ne s'ouvrent plus anormalement.

 

Je poste le résultat du san car j'aurais voulus savoir si tout est normal.

 

D'avance merci pour les éventuelles réponses.

 

 

ComboFix 08-11-12.02 - Jerome 2008-11-14 12:47:22.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.569 [GMT 1:00]

Lancé depuis: c:\documents and settings\Jerome\Bureau\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Jerome\Application Data\inst.exe

c:\windows\system32\Copie de pgckejvk.dll

c:\windows\system32\dao350.dll

c:\windows\system32\drivers\winfilse.exe

c:\windows\system32\ebbaaddfa8_z.dll

c:\windows\system32\ehcxpqcn.ini

c:\windows\system32\fnbvwakp.ini

c:\windows\system32\Gjkkkjjl.ini

c:\windows\system32\Gjkkkjjl.ini2

c:\windows\system32\hpkvjf.dll

c:\windows\system32\jpjamlsi.dll

c:\windows\system32\kvjekcgp.ini

c:\windows\system32\ljjkkkjG.dll

c:\windows\system32\mbvcdd.dll

c:\windows\system32\mUwxHRqr.ini2

c:\windows\system32\ncqpxche.dll

c:\windows\system32\nzfjas.dll

c:\windows\system32\pjqwva.dll

c:\windows\system32\qairjogl.ini

c:\windows\system32\sxamwaym.dll

c:\windows\system32\taemuudq.ini

c:\windows\system32\urlcwhtp.dll

c:\windows\system32\VDcIlnnn.ini

c:\windows\system32\VDcIlnnn.ini2

c:\windows\system32\wkcaknga.exe

c:\windows\system32\xqifdwvb.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-14 au 2008-11-14 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-13 19:15 . 2008-11-13 19:15 68,096 --a------ c:\windows\system32\pgckejvk.zzz

2008-11-13 18:16 . 2008-11-13 18:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Uniblue

2008-11-13 17:59 . 2008-11-13 18:01 2,015 -r-h----- c:\windows\system32\drivers\hosts

2008-11-11 12:30 . 2008-11-11 12:30 7,186 --a------ c:\windows\system32\%LocalXml%

2008-11-06 21:06 . 2008-11-06 21:07 7,168 --a------ c:\windows\system32\drivers\srosa2.sys

2008-10-25 16:19 . 2008-11-06 16:20 <REP> d-------- c:\program files\ViaMichelin

2008-10-20 19:51 . 2008-10-20 19:51 <REP> d----c--- c:\windows\system32\DRVSTORE

2008-10-20 19:51 . 2008-10-20 19:51 <REP> d-------- c:\program files\AMD

2008-10-20 19:51 . 2006-07-01 21:42 43,520 --a------ c:\windows\system32\drivers\AmdK8.sys

2008-10-20 19:47 . 2008-10-07 12:33 201,157 --a------ c:\windows\system32\nvapps.nvb

2008-10-20 18:30 . 2008-10-20 18:30 <REP> d--h----- c:\windows\PIF

2008-10-20 17:55 . 2008-10-20 17:56 <REP> d-------- c:\program files\ma-config.com

2008-10-20 17:55 . 2008-10-20 17:55 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com

2008-10-18 14:17 . 2008-10-18 14:17 <REP> d-------- c:\program files\MSECache

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-14 12:03 --------- d-----w c:\documents and settings\Jerome\Application Data\Spamihilator

2008-11-14 12:01 983,072 --sha-w c:\windows\system32\drivers\fidbox2.dat

2008-11-14 12:01 8,632 --sha-w c:\windows\system32\drivers\fidbox2.idx

2008-11-14 12:01 7,433,248 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-11-14 12:01 63,344 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-11-14 12:01 --------- d-----w c:\program files\FlashGet

2008-11-14 10:53 --------- d-----w c:\program files\Mozilla Thunderbird

2008-11-14 07:32 --------- d-----w c:\program files\eMule

2008-11-14 06:34 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab

2008-11-13 17:16 --------- d-----w c:\documents and settings\Jerome\Application Data\Uniblue

2008-11-07 09:35 --------- d-----w c:\program files\ZebHelpProcess 2

2008-11-06 15:19 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-25 17:03 --------- d-----w c:\program files\Microsoft ActiveSync

2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-20 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-13 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution

2008-10-04 17:05 694,800 ----a-w c:\windows\unins000.exe

2008-10-04 10:03 694,800 ----a-w c:\windows\unins002.exe

2008-10-04 10:03 694,800 ----a-w c:\windows\unins001.exe

2008-10-04 10:00 --------- d-----w c:\program files\Fmrid

2008-10-01 10:23 --------- d-----w c:\documents and settings\Jerome\Application Data\Droppix

2008-10-01 10:23 --------- d-----w c:\documents and settings\All Users\Application Data\Droppix

2008-10-01 10:22 --------- d-----w c:\program files\Fichiers communs\Droppix

2008-10-01 10:22 --------- d-----w c:\program files\Droppix

2008-10-01 10:01 --------- d-----w c:\program files\Fichiers communs\Nero

2008-10-01 10:01 --------- d-----w c:\documents and settings\All Users\Application Data\Nero

2008-10-01 09:25 --------- d-----w c:\program files\Fichiers communs\LightScribe

2008-10-01 07:26 --------- d-----w c:\program files\Philips

2008-10-01 07:26 --------- d-----w c:\documents and settings\All Users\Application Data\Philips

2008-10-01 05:58 --------- d-----w c:\program files\SiSoftware

2008-09-30 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe

2008-09-22 17:54 --------- d-----w c:\program files\HT Video Editor 6.0

2008-09-22 17:47 --------- d-----w c:\program files\AVSMedia

2008-09-21 17:15 --------- d-----w c:\program files\AVS4YOU

2008-09-19 10:04 --------- d-----w c:\program files\Paragon Software

2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-08-28 10:26 665,088 ----a-w c:\windows\system32\spsplib1.dll

2008-08-27 06:54 2,322,176 ----a-w c:\windows\system32\TUKernel.exe

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-14 13:44 2,182,400 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:44 2,059,776 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-04-01 07:28 47,360 ----a-w c:\documents and settings\Jerome\Application Data\pcouffin.sys

2006-10-28 17:55 108 --sha-r c:\windows\neoqaz2.dll

2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll

2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue RegistryBooster 2"="d:\utilitaires\Hopital PC\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 1885464]

"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]

"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-04-22 154880]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-08-28 1223680]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\\WINDOWS\\system32\\logonuiX.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"VIDC.XVID"= xvid.dll

"MSACM.CEGSM"= mobilev.acm

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Uniblue RegistryBooster 2"=d:\utilitaires\Hopital PC\RegistryBooster 2\RegistryBooster.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"=

"<NO NAME>"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

"c:\\Program Files\\Spamihilator\\cdcc.exe"=

"c:\\Program Files\\Spamihilator\\dccproc.exe"=

"c:\\Program Files\\Spamihilator\\spamihilator.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]

R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2004-08-19 14336]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]

R3 pelmouse;Mouse Suite Driver;c:\windows\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]

R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]

S1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\DRIVERS\NetBurn.sys [2007-02-21 84752]

S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);c:\windows\system32\DRIVERS\archbus.sys [2005-08-30 52480]

S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;c:\windows\system32\DRIVERS\archmdfl.sys [2005-08-30 6032]

S3 archmdm;NEC WMC USB_BJ1 Modem Drivers;c:\windows\system32\DRIVERS\archmdm.sys [2005-08-30 87360]

S3 archobex;NEC WMC USB_BJ1 OBEX Interface Drivers (WDM);c:\windows\system32\DRIVERS\archobex.sys [2005-08-30 76976]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-08 98488]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-04-23 354560]

S4 SG_Service;SoftGuard Service;c:\program files\Fichiers communs\RbtProt\sgsrv.exe [2005-04-25 155648]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\Setupx.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e58ec8c-7037-11dd-8f5b-0015f21700a0}]

\Shell\AutoRun\command - i:\programs\nu2menu\nu2menu.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"

.

Contenu du dossier 'Tâches planifiées'

 

2008-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

 

2008-11-13 c:\windows\Tasks\Uniblue SpyEraser Nag.job

- d:\utilitaires\Hopital PC\SpyEraser\SpyEraser.exe [2007-12-03 15:39]

 

2008-11-13 c:\windows\Tasks\Uniblue SpyEraser.job

- d:\utilitaires\Hopital PC\SpyEraser\SpyEraser.exe [2007-12-03 15:39]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{0F2554C0-29A8-4199-8639-7B7F038A9CD3} - c:\windows\system32\nnnlIcDV.dll

BHO-{8ECD5D8E-C2EE-4F87-B387-A48C26E04433} - c:\windows\system32\ljjkkkjG.dll

BHO-{b7d6a564-98c3-4c5f-bd06-6d43d70fe2dc} - c:\windows\system32\hpkvjf.dll

HKLM-Run-30ddfabe - c:\windows\system32\pgckejvk.dll

 

 

.

------- Examen supplémentaire -------

.

FireFox -: Profile - c:\documents and settings\Jerome\Application Data\Mozilla\Firefox\Profiles\15uznzdb.default\

FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF -: plugin - c:\documents and settings\Jerome\Application Data\Mozilla\Firefox\Profiles\15uznzdb.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-14 13:03:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\LightScribe\LSSrvc.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Heure de fin: 2008-11-14 13:07:08 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-11-14 12:07:02

 

Avant-CF: 18 601 078 784 octets libres

Après-CF: 19,863,400,448 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /TUTag=1256XN /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=1256XN-BAK

 

230 --- E O F --- 2008-10-31 18:30:51

[angelique]

tu restes dans ton sujet initialement crée!! merci

 

http://forum.malekal.com/viewtopic.php?f=2...66d64d069110221