lecyure d un rapport combofix

[libouner]

salut,voici le rapport d un ami qui n est pas arrivé a s enregistrer,merci de l etudier et de me dire si il y a un probleme,l analyse a ete faite une fois avec combofix,je lui ais desinstaler,merci d avance pour lui,a bientot

 

voici le rapport:

 

ComboFix 09-10-01.05 - BENJI 02/10/2009 21:39.1.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.316 [GMT 2:00]

Lancé depuis: c:\documents and settings\BENJI\Mes documents\ComboFix.exe

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\BENJI\Bureau\S-curit-routi-re(2).mpg

c:\documents and settings\BENJI\Bureau\S-curit-routi-re(2).mpg

c:\documents and settings\BENJI\Bureau\S-curit-routi-re.mpg

c:\documents and settings\BENJI\Bureau\S-curit-routi-re.mpg

c:\program files\internetgamebox

c:\program files\internetgamebox\InternetGameBox.exe

c:\program files\internetgamebox\language

c:\program files\internetgamebox\ressources\AttenteOff.html

c:\program files\internetgamebox\ressources\AttenteOn.html

c:\program files\internetgamebox\ressources\configv2_en.xml

c:\program files\internetgamebox\ressources\configv2_es.xml

c:\program files\internetgamebox\ressources\configv2_fr.xml

c:\program files\internetgamebox\ressources\favoris\defaultv2.swf

c:\program files\internetgamebox\skins\skinv2.skn

c:\windows\Installer\1c5406.msi

c:\windows\Installer\1c540e.msi

c:\windows\system32\_005973_.tmp.dll

c:\windows\system32\_005974_.tmp.dll

c:\windows\system32\_005975_.tmp.dll

c:\windows\system32\_005976_.tmp.dll

c:\windows\system32\_005983_.tmp.dll

c:\windows\system32\_005984_.tmp.dll

c:\windows\system32\_005985_.tmp.dll

c:\windows\system32\_005986_.tmp.dll

c:\windows\system32\_005988_.tmp.dll

c:\windows\system32\_005989_.tmp.dll

c:\windows\system32\_005992_.tmp.dll

c:\windows\system32\_005993_.tmp.dll

c:\windows\system32\_005995_.tmp.dll

c:\windows\system32\_005996_.tmp.dll

c:\windows\system32\_005997_.tmp.dll

c:\windows\system32\_005999_.tmp.dll

c:\windows\system32\_006002_.tmp.dll

c:\windows\system32\_006003_.tmp.dll

c:\windows\system32\_006007_.tmp.dll

c:\windows\system32\_006008_.tmp.dll

c:\windows\system32\_006010_.tmp.dll

c:\windows\system32\_006013_.tmp.dll

c:\windows\system32\_006015_.tmp.dll

c:\windows\system32\_006016_.tmp.dll

c:\windows\system32\_006017_.tmp.dll

c:\windows\system32\_006018_.tmp.dll

c:\windows\system32\_006019_.tmp.dll

c:\windows\system32\_006022_.tmp.dll

c:\windows\system32\_006023_.tmp.dll

c:\windows\system32\_006024_.tmp.dll

c:\windows\system32\_006025_.tmp.dll

c:\windows\system32\_006026_.tmp.dll

c:\windows\system32\_006031_.tmp.dll

c:\windows\system32\AutoRun.inf

c:\windows\system32\nvs2.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-02 au 2009-10-02 ))))))))))))))))))))))))))))))))))))

.

 

2009-10-02 18:18 . 2009-10-02 18:18 -------- d-----w- c:\documents and settings\BENJI\Application Data\Auslogics

2009-10-02 18:18 . 2009-10-02 18:18 -------- d-----w- c:\program files\Auslogics

2009-09-19 09:15 . 2009-09-19 09:16 -------- d-----w- c:\program files\Google

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-02 19:57 . 2008-05-02 09:49 48068640 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-10-02 19:57 . 2008-05-02 09:49 1657888 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-10-02 19:48 . 2008-05-02 09:49 156428 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-10-02 19:48 . 2008-05-02 09:49 644780 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-10-02 14:51 . 2008-01-21 12:04 -------- d-----w- c:\program files\eMule

2009-10-02 04:41 . 2009-04-30 14:00 158414 ----a-w- c:\windows\hpoins15.dat

2009-10-02 04:30 . 2008-05-02 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-09-22 18:55 . 2008-05-02 09:50 107547 ----a-w- c:\windows\system32\drivers\klin.dat

2009-09-22 18:55 . 2008-05-02 09:50 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2009-08-05 09:06 . 2002-11-12 17:10 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 18:56 . 2002-11-12 17:09 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2007-09-07 11:55 286208 ----a-w- c:\windows\system32\wmpdxm.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-19 39408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="NvQTwk" [X]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]

"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-07-16 106549]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"etMonitor"="c:\windows\etMon.exe" [2005-10-12 36864]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-03-26 364544]

"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2002-06-06 28672]

"ATIPTA"="atiptaxx.exe" - c:\program files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe [2002-06-21 290816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\zzzzzz\\Nouveau dossier\\Nouveau dossier\\eMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"33500:TCP"= 33500:TCP:emule

 

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 14:58 24344]

S3 asbp2poa;asbp2poa;\??\c:\docume~1\BENJI\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\BENJI\LOCALS~1\Temp\asbp2poa.sys [?]

S3 DCamUSBET;ET USB 2750 Camera;c:\windows\system32\drivers\etDevice.sys [30/12/2007 16:46 106496]

S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [30/12/2007 16:46 160128]

S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [30/12/2007 16:46 6016]

S3 v800bus;Sony Ericsson V800-Vodafone 802SE driver (WDM);c:\windows\system32\drivers\v800bus.sys [08/09/2007 15:32 52416]

S3 v800obex;Sony Ericsson V800-Vodafone 802SE USB WMC OBEX Interface;c:\windows\system32\drivers\v800obex.sys [08/09/2007 15:37 75584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2008-08-13 c:\windows\Tasks\Connexion facile à Internet.job

- c:\program files\Hewlett-Packard\EZ Internet Signup\HPSdpApp.exe [2002-01-01 03:10]

 

2009-10-02 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 13:47]

 

2009-10-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.orange.fr

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?7cfc31d8454e4fa9a6316b5a80183525

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?7cfc31d8454e4fa9a6316b5a80183525

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab

FF - ProfilePath - c:\documents and settings\BENJI\Application Data\Mozilla\Firefox\Profiles\5imxphdt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)

FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\Shell.exe

HKLM-Run-PS2 - c:\windows\system32\ps2.exe

Notify-dimsntfy - (no file)

AddRemove-Python 2.2 combined Win32 extensions - c:\python22\Lib\SITE-P~1\UNWISE~1.EXE

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-02 21:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(968)

c:\windows\system32\klogon.dll

 

- - - - - - - > 'explorer.exe'(2920)

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\wscntfy.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Heure de fin: 2009-10-02 22:05 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-10-02 20:05

 

Avant-CF: 22 117 761 024 octets libres

Après-CF: 22 624 710 656 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

232 --- E O F --- 2009-09-14 19:29