Analyse d'un rapport ComboFix

[Martatin]

Bonjour,

Je souhaiterais de l'aide pour analyser le rapport obtenu après un scan de combofix sur mon pc.

Mes capacités en informatique sont trop limitées pour comprendre le contenu de ce rapport.

Merci par avance pour les réponses,

Bonne soirée,

 

Martatin

 

 

ComboFix 09-11-13.02 - Martin 12/11/2009 19:15.1.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.511.234 [GMT 1:00]

Lancé depuis: c:\documents and settings\Martin\Bureau\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-12 au 2009-11-12 ))))))))))))))))))))))))))))))))))))

.

 

2009-11-12 18:06 . 2002-11-14 19:43 221184 -c--a-w- c:\windows\system32\dllcache\srrstr.dll

2009-11-12 18:06 . 2002-11-14 19:43 221184 ----a-w- c:\windows\system32\srrstr.dll

2009-11-12 13:54 . 2009-11-12 13:54 -------- d-s---w- c:\documents and settings\Martin\UserData

2009-11-12 12:07 . 2009-11-12 12:07 -------- d-----w- c:\windows\system32\bits

2009-11-12 11:58 . 2004-07-01 22:08 331776 ----a-w- c:\windows\system32\winhttp.dll

2009-11-12 11:58 . 2004-07-01 22:08 7680 -c----w- c:\windows\system32\dllcache\bitsprx2.dll

2009-11-12 11:58 . 2004-07-01 22:08 7680 ------w- c:\windows\system32\bitsprx2.dll

2009-11-12 11:58 . 2004-07-01 22:08 7168 -c----w- c:\windows\system32\dllcache\bitsprx3.dll

2009-11-12 11:58 . 2004-07-01 22:08 7168 ------w- c:\windows\system32\bitsprx3.dll

2009-11-12 11:58 . 2004-07-01 22:08 360960 -c--a-w- c:\windows\system32\dllcache\qmgr.dll

2009-11-12 11:58 . 2004-07-01 22:08 17408 -c--a-w- c:\windows\system32\dllcache\qmgrprxy.dll

2009-11-12 11:58 . 2004-07-01 22:08 17408 ----a-w- c:\windows\system32\qmgrprxy.dll

2009-11-12 11:51 . 2008-10-16 13:13 202776 ----a-w- c:\windows\system32\wuweb.dll

2009-11-12 11:51 . 2008-10-16 13:12 323608 ----a-w- c:\windows\system32\wucltui.dll

2009-11-12 11:51 . 2008-10-16 13:12 561688 ----a-w- c:\windows\system32\wuapi.dll

2009-11-12 11:51 . 2008-10-16 13:08 34328 ----a-w- c:\windows\system32\wups.dll

2009-11-12 11:51 . 2004-08-03 13:00 187160 ----a-w- c:\windows\system32\wuaueng1.dll

2009-11-12 11:51 . 2004-08-03 12:59 170776 ----a-w- c:\windows\system32\wuauclt1.exe

2009-11-12 11:49 . 2009-11-12 11:49 -------- d-----w- c:\documents and settings\Martin\Application Data\Malwarebytes

2009-11-12 11:49 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-12 11:49 . 2009-11-12 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-12 11:49 . 2009-09-10 13:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-12 11:49 . 2009-11-12 11:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-11 20:46 . 2009-11-11 20:46 -------- d-----w- c:\program files\AC3Filter

2009-11-11 20:45 . 2009-11-11 20:45 -------- d-----w- c:\program files\Fichiers communs\Elecard

2009-11-11 20:45 . 2009-11-11 20:45 -------- d-----w- c:\program files\Elecard

2009-11-11 20:44 . 2009-11-11 20:44 -------- d-----w- c:\program files\XviD

2009-11-11 15:01 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-11 15:01 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-11 15:01 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-11-11 15:01 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-11-11 15:01 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-11-11 15:01 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-11 15:01 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-11 15:01 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-11 15:01 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll

2009-11-11 15:01 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll

2009-11-11 15:01 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll

2009-11-11 15:01 . 2009-11-11 15:01 -------- d-----w- c:\program files\Alwil Software

2009-11-11 14:21 . 2009-11-11 14:21 -------- d-----w- c:\program files\Lavasoft

2009-11-11 14:00 . 2009-11-11 14:00 -------- d-----w- c:\documents and settings\Martin\DoctorWeb

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-11 20:51 . 2001-08-28 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat

2009-11-11 20:51 . 2001-08-28 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat

2009-11-11 20:51 . 2009-11-11 10:26 -------- d-----w- c:\program files\Services en ligne

2009-11-11 11:26 . 2009-11-11 11:26 -------- d-----w- c:\program files\VideoLAN

2009-11-11 11:16 . 2009-11-11 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-11-11 11:09 . 2009-11-11 11:09 0 ----a-w- c:\windows\nsreg.dat

2009-11-11 10:59 . 2009-11-11 10:59 18718 ----a-r- c:\documents and settings\Martin\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut3_8315396A5EA1419DBEC4978284BDF556.exe

2009-11-11 10:59 . 2009-11-11 10:59 18718 ----a-r- c:\documents and settings\Martin\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe

2009-11-11 10:59 . 2009-11-11 10:59 18718 ----a-r- c:\documents and settings\Martin\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe

2009-11-11 10:59 . 2009-11-11 10:59 18718 ----a-r- c:\documents and settings\Martin\Application Data\Microsoft\Installer\{532EFE70-19BC-4F0F-8F50-D5F15C243133}\ARPPRODUCTICON.exe

2009-11-11 10:59 . 2009-11-11 10:59 -------- d-----w- c:\program files\Kerio

2009-11-11 10:59 . 2009-11-11 10:59 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\documents and settings\Martin\Application Data\Apple Computer

2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\program files\iTunes

2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\program files\iPod

2009-11-11 10:57 . 2009-11-11 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\program files\QuickTime

2009-11-11 10:57 . 2009-11-11 10:56 -------- d-----w- c:\program files\Apple Software Update

2009-11-11 10:56 . 2009-11-11 10:56 -------- d-----w- c:\program files\SuperCopier

2009-11-11 10:53 . 2009-11-11 10:53 -------- d-----w- c:\program files\directx

2009-11-11 10:52 . 2009-11-11 10:52 -------- d-----w- c:\documents and settings\Martin\Application Data\AdobeUM

2009-11-11 10:52 . 2009-11-11 10:52 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-11-11 10:48 . 2009-11-11 10:48 -------- d-----w- c:\program files\D-Tools

2009-11-11 10:29 . 2009-11-11 10:29 -------- d-----w- c:\program files\microsoft frontpage

2009-11-11 10:28 . 2009-11-11 10:20 1536 ----a-w- c:\windows\system32\TrueSoft.dat

2009-11-11 10:28 . 2009-11-11 10:20 456 ----a-w- c:\windows\system32\pthsp.dat

2009-11-11 10:28 . 2009-11-11 10:28 80007 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat

2009-11-11 10:26 . 2009-11-11 10:26 21892 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier.exe"="c:\program files\SuperCopier\SuperCopier.exe" [2003-04-24 683520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-14 257088]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-28 13312]

 

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [11/11/2009 12:16 22360]

R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27/04/2003 12:39 8704]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/11/2009 16:01 114768]

R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [11/11/2009 12:16 45416]

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21/03/2005 15:39 270336]

R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27/04/2003 11:43 99360]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - MBR

*NewlyCreated* - PROCEXP113

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Contenu du dossier 'Tâches planifiées'

 

2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\16mn0yzh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-Cmaudio - cmicnfg.cpl

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-12 19:18

Windows 5.1.2600 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81E46380]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\atapi -> 0x81e46380

Warning: possible MBR rootkit infection !

user & kernel MBR OK

Use "Recovery Console" command "fixmbr" to clear infection !

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(660)

c:\windows\system32\ODBC32.dll

c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

 

- - - - - - - > 'lsass.exe'(716)

c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

c:\windows\System32\dssenh.dll

 

- - - - - - - > 'explorer.exe'(3720)

c:\windows\system32\WS2_32.dll

c:\windows\system32\WS2HELP.dll

.

Heure de fin: 2009-11-12 19:19

ComboFix-quarantined-files.txt 2009-11-12 18:19

 

Avant-CF: 18 147 667 968 octets libres

Après-CF: 18 182 774 784 octets libres

 

WinXP_FR_PRO_BF.EXE

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect

 

- - End Of File - - 112572D60E2FD85B2AACDBB2B071EF74