Besoin d'aide virus Total Security
Maudbilou
Messages postés
2
Statut
Membre
-
Maudbilou Messages postés 2 Statut Membre -
Maudbilou Messages postés 2 Statut Membre -
Bonjour,
Voilà j'ai le virus Total Security qui s'est installé sur mon ordinateur. Je ne m'y connais pas vraiment en informatique mais j'ai téléchargé le logiciel combofix comme préconisé sur certains posts. J'ai suivi les indications et j'ai maintenant le rapport alors comme je suis un peu désespérée, je souhaiterais savoir si je peux le transmettre à quelqu'un ce rapport en espérant que vous pourrez faire quelquechose. Je ne comprends pas vraiment le but de poster ce rapport car je ne sais pas comment vous pourrez intervenir mais en tout cas je vous remercie par avance si quelqu'un peut faire qqchose ou si vous pouvez me dicter les démarches à suivre en fonction de ça.
Dans l'attente de votre aide
Maud
Voilà j'ai le virus Total Security qui s'est installé sur mon ordinateur. Je ne m'y connais pas vraiment en informatique mais j'ai téléchargé le logiciel combofix comme préconisé sur certains posts. J'ai suivi les indications et j'ai maintenant le rapport alors comme je suis un peu désespérée, je souhaiterais savoir si je peux le transmettre à quelqu'un ce rapport en espérant que vous pourrez faire quelquechose. Je ne comprends pas vraiment le but de poster ce rapport car je ne sais pas comment vous pourrez intervenir mais en tout cas je vous remercie par avance si quelqu'un peut faire qqchose ou si vous pouvez me dicter les démarches à suivre en fonction de ça.
Dans l'attente de votre aide
Maud
A voir également:
- Besoin d'aide virus Total Security
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Total uninstall - Télécharger - Divers Utilitaires
- Virus mcafee - Accueil - Piratage
- Total video converter - Télécharger - Conversion & Codecs
- 360 total security - Télécharger - Antivirus & Antimalwares
2 réponses
Le voilà, merci
ComboFix 09-08-22.06 - adm_sogeti 23/08/2009 20:01.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1033.18.1014.383 [GMT 2:00]
Running from: d:\profiles\adm_sogeti\Desktop\caty.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SfX
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.
2009-08-23 17:58 . 2009-08-23 18:00 -------- d-s---w- C:\combofix
2009-08-21 21:03 . 2009-08-21 21:03 0 ----a-w- c:\windows\ex1234.dat
2009-08-19 09:38 . 2009-08-19 09:38 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-19 09:32 . 2009-08-19 09:32 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-19 09:32 . 2009-08-19 09:32 -------- d-----w- c:\program files\DDnsFilter
2009-08-19 09:32 . 2009-08-19 09:32 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-19 09:32 . 2009-08-19 09:32 1 ---h--w- c:\windows\ex23567.dat
2009-07-26 18:39 . 2009-07-26 18:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 18:13 . 2007-12-20 23:08 -------- d-----w- c:\program files\Wanadoo
2009-07-22 12:05 . 2009-07-22 12:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-07-22 12:05 . 2009-07-22 12:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-22 12:03 . 2009-07-22 11:46 -------- d-----w- c:\program files\Motorola Phone Tools
2009-07-22 11:59 . 2009-07-22 11:59 -------- d-----w- c:\program files\Avanquest update
2009-07-22 11:59 . 2007-01-29 10:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 11:53 . 2009-07-22 11:46 -------- d-----w- d:\profiles\All Users\Application Data\BVRP Software
2009-07-22 11:47 . 2009-07-22 11:47 -------- d-----w- c:\program files\Motorola
2009-07-22 11:47 . 2009-07-22 11:47 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-07-22 11:46 . 2009-07-22 11:46 -------- d-----w- d:\profiles\adm_sogeti\Application Data\InstallShield
2009-07-14 12:30 . 2008-05-17 06:54 -------- d-----w- d:\profiles\adm_sogeti\Application Data\dvdcss
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-26 68856]
"WOOKIT"="c:\program files\Wanadoo\Shell.exe" [2004-08-23 122880]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"GoBoingo"="c:\program files\Boingo\GoBoingo\GoBoingo.exe" [2007-09-18 329008]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-29 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2006-02-28 110592]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"forof"="d:\profiles\adm_sogeti\Local Settings\Application Data\Google\Toolbar History\thumbnails\forof.exe" [2009-08-15 69120]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:ddnsfilter
R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [28/02/2006 14:00 14336]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 11:32 38016]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [29/01/2007 16:28 58048]
R2 ITGrdEngine;Guard Service;d:\profiles\adm_sogeti\Local Settings\Application Data\Microsoft\Windows\services.exe [21/08/2009 21:55 209408]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC8B4D35-FC70-4A52-9655-E8784FDEEB87}]
msiexec /fu {FC8B4D35-FC70-4A52-9655-E8784FDEEB87}
.
Contents of the 'Scheduled Tasks' folder
2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-08-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.orange.fr
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 20:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\EntApi.dll
- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\EntApi.dll
c:\windows\system32\msi.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Wanadoo\Watch.exe
.
**************************************************************************
.
Completion time: 2009-08-23 20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 18:17
ComboFix2.txt 2009-08-23 17:40
Pre-Run: 10 700 378 112 bytes free
Post-Run: 10 640 527 360 octets libres
177
ComboFix 09-08-22.06 - adm_sogeti 23/08/2009 20:01.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1033.18.1014.383 [GMT 2:00]
Running from: d:\profiles\adm_sogeti\Desktop\caty.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SfX
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.
2009-08-23 17:58 . 2009-08-23 18:00 -------- d-s---w- C:\combofix
2009-08-21 21:03 . 2009-08-21 21:03 0 ----a-w- c:\windows\ex1234.dat
2009-08-19 09:38 . 2009-08-19 09:38 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-19 09:32 . 2009-08-19 09:32 38016 ----a-w- c:\windows\system32\drivers\DnsFilter.sys
2009-08-19 09:32 . 2009-08-19 09:32 -------- d-----w- c:\program files\DDnsFilter
2009-08-19 09:32 . 2009-08-19 09:32 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-19 09:32 . 2009-08-19 09:32 1 ---h--w- c:\windows\ex23567.dat
2009-07-26 18:39 . 2009-07-26 18:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 18:13 . 2007-12-20 23:08 -------- d-----w- c:\program files\Wanadoo
2009-07-22 12:05 . 2009-07-22 12:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-07-22 12:05 . 2009-07-22 12:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-22 12:03 . 2009-07-22 11:46 -------- d-----w- c:\program files\Motorola Phone Tools
2009-07-22 11:59 . 2009-07-22 11:59 -------- d-----w- c:\program files\Avanquest update
2009-07-22 11:59 . 2007-01-29 10:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 11:53 . 2009-07-22 11:46 -------- d-----w- d:\profiles\All Users\Application Data\BVRP Software
2009-07-22 11:47 . 2009-07-22 11:47 -------- d-----w- c:\program files\Motorola
2009-07-22 11:47 . 2009-07-22 11:47 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-07-22 11:46 . 2009-07-22 11:46 -------- d-----w- d:\profiles\adm_sogeti\Application Data\InstallShield
2009-07-14 12:30 . 2008-05-17 06:54 -------- d-----w- d:\profiles\adm_sogeti\Application Data\dvdcss
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-26 68856]
"WOOKIT"="c:\program files\Wanadoo\Shell.exe" [2004-08-23 122880]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"GoBoingo"="c:\program files\Boingo\GoBoingo\GoBoingo.exe" [2007-09-18 329008]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-29 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2006-02-28 110592]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"forof"="d:\profiles\adm_sogeti\Local Settings\Application Data\Google\Toolbar History\thumbnails\forof.exe" [2009-08-15 69120]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=d:\profiles\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:ddnsfilter
R?2 ddnsfilter;ddnsfilter;c:\windows\sySTEM32\SvchoSt.ExE -k ddnsfilter [28/02/2006 14:00 14336]
R1 DnsFilter;DnsFilter;c:\windows\system32\drivers\DnsFilter.sys [19/08/2009 11:32 38016]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [29/01/2007 16:28 58048]
R2 ITGrdEngine;Guard Service;d:\profiles\adm_sogeti\Local Settings\Application Data\Microsoft\Windows\services.exe [21/08/2009 21:55 209408]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC8B4D35-FC70-4A52-9655-E8784FDEEB87}]
msiexec /fu {FC8B4D35-FC70-4A52-9655-E8784FDEEB87}
.
Contents of the 'Scheduled Tasks' folder
2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-08-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.orange.fr
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 20:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\EntApi.dll
- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\EntApi.dll
c:\windows\system32\msi.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Wanadoo\Watch.exe
.
**************************************************************************
.
Completion time: 2009-08-23 20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 18:17
ComboFix2.txt 2009-08-23 17:40
Pre-Run: 10 700 378 112 bytes free
Post-Run: 10 640 527 360 octets libres
177
