Helppour une Analyse combofix d'un trojan svp
marion
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
tout d'abord merci de votre aide d'avance...
J'ai été infectée par un trojan via un ami sur facebook....
J'ai tenté de résoudre le problème avec combofix mais il semblerait que le virus soit toujours présent sur l'ordinateur.
Je vous poste donc l'analyse de combofix en espérant trouver une solution, merci.
ComboFix 09-09-04.02 - MariOn 16/02/2010 13:21.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2591 [GMT 1:00]
Running from: g:\combofix - best malware utility - {mrkrish@h33t}\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081202-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3266313554-418176820-2171519514-500
c:\$recycle.bin\S-1-5-21-3266313554-418176820-2171519514-500\desktop.ini
.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.
2010-02-16 12:25 . 2010-02-16 12:25 -------- d-----w- c:\users\MariOn\AppData\Local\temp
2010-02-16 12:25 . 2010-02-16 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-15 09:05 . 2010-02-15 09:05 32768 ----a-w- c:\windows\system32\drivers\oko6.sys
2010-02-15 09:05 . 2010-02-15 09:05 102400 ----a-w- c:\windows\system32\oko6.dll
2010-02-15 09:04 . 2010-02-15 09:04 1 ---h--w- c:\windows\bk23567.dat
2010-02-13 14:23 . 2010-02-13 14:23 -------- d-----w- c:\users\MariOn\AppData\Roaming\Facebook
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 12:04 . 2008-08-06 13:54 668580 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-16 12:04 . 2008-08-06 13:54 122972 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-16 11:54 . 2009-04-24 11:52 -------- d-----w- c:\program files\Steam
2010-02-11 12:43 . 2009-04-24 11:58 -------- d-----w- c:\program files\Common Files\Steam
2010-02-11 12:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 20:23 . 2008-08-06 04:57 -------- d-----w- c:\program files\Google
2010-02-10 16:59 . 2008-11-03 13:58 -------- d-----w- c:\program files\MioNet
2010-02-08 21:43 . 2008-11-12 19:51 -------- d-----w- c:\users\MariOn\AppData\Roaming\dvdcss
2010-02-02 23:02 . 2009-03-02 13:26 -------- d-----w- c:\users\MariOn\AppData\Roaming\uTorrent
2010-01-24 18:21 . 2009-09-16 18:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-03 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 17:23 . 2008-11-08 20:45 -------- d-----w- c:\program files\Java
2009-12-28 12:35 . 2010-02-10 11:48 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 11:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 11:48 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 11:48 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 11:48 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 11:48 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 11:48 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 11:48 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 11:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 11:48 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 13:05 . 2010-01-22 12:39 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 12:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 12:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-10 11:48 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 11:48 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 11:48 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 11:48 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 11:48 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 16:12 . 2010-02-10 11:48 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 11:48 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-09 22:17 . 2009-12-09 22:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-06 13:46 . 2008-08-06 14:12 65536 --sha-w- c:\windows\OEM\mp\boot\bootstat.dat
2008-08-06 13:59 . 2008-08-06 13:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-25 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-01-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-27 6295552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\MariOn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20A4A5B2-5521-4060-B00C-1FF48E892143}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{A4CC7189-5231-4501-B1BD-0E376DE9466A}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{36D56F20-7A20-4666-B415-C71542F45F65}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C89AE04-C203-4BEB-8CFB-D0A9CD70D1B6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FD3522D6-D296-4E4C-9A7D-0B210891D5C5}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"UDP Query User{64AF13A9-00B4-4B11-BE0A-A41348CAD459}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"TCP Query User{94CBFADE-E597-478C-A8CC-238822B28D63}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"UDP Query User{28F01678-9CA1-469A-BC04-B2E45F640B4B}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"TCP Query User{39137DCB-1D0C-4DC2-ADEF-7C73C62DC3CB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{19F35178-A061-4AA7-A89A-59739B735280}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{33152B33-585F-4A7B-9F37-1B46A8051714}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{469886CB-5F6C-424B-B9CB-0C6F566F1856}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6E63B864-A896-4881-B925-688D1CEA1AC1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{47BC3D7F-C3C3-4FBD-BA3C-1EEEAE46F519}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{024AE68D-CA88-4552-B946-748ABE67E26E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{03A507AA-DE6F-42F6-B77B-E57758A3E1C8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AF687B1B-E435-4FEE-BEB6-607F2A554A2C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{C5E8D8AA-7CA5-418B-AEF6-66DA0179D400}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{6895E52D-2922-4247-B26F-5F60442FD0C9}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{BD05FAE9-3489-4379-BC71-B75BBDFE0D3F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0209548C-9DE9-4B6D-A915-151D5D014A18}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{FFEDD396-C0CE-45E8-8A1F-205623ED043F}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{18C44712-F3F9-43C7-96C1-5EF66D9C551E}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D48C93D5-A60D-481C-9F09-832E31E9F0BD}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F6E6572E-4AC2-473A-B4B7-301F7305F8A2}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{BD018911-A762-4CC3-A6C7-1382EA576091}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{34C87C9E-ED50-41B0-990C-65855206BA03}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{93E39AF7-53E4-42A1-8074-B089E0AD3379}c:\\users\\marion\\downloads\\freezer v1.4 fr\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\marion\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{1BA805A6-EADD-4EF0-88EE-C885EA37630D}c:\\users\\marion\\downloads\\freezer v1.4 fr\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\marion\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe:freezer.exe
"{B82B237C-1E09-42CD-A2A0-79C6D653183D}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{CBE35079-AA42-4768-8FFC-C99F537AC7FD}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{57FB5CA8-FF8F-4C91-9633-9CF717134AF2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [06/08/2008 05:40 52736]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [06/08/2008 05:36 22072]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/11/2008 21:35 114768]
S1 oko6;oko6;c:\windows\System32\drivers\oko6.sys [15/02/2010 10:05 32768]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [10/09/2007 23:45 124832]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/11/2008 21:35 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/11/2008 21:35 51792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/10/2009 18:09 133104]
S2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [14/01/2008 15:14 139264]
S2 okosrv;okosrv;c:\windows\sYSteM32\SvchOst.eXE -k okogrp [21/01/2008 03:23 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06/08/2008 05:57 30192]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [06/08/2008 14:46 85136]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [06/08/2008 14:46 380416]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
okogrp REG_MULTI_SZ okosrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f3546a-aa62-11dd-b711-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\NoLimit.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f35475-aa62-11dd-b711-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e17b3-042d-11de-911b-001e688972e3}]
\shell\AutoRun\command - G:\a1agmur.cmd
\shell\open\Command - G:\a1agmur.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dcf5aeb-c788-11dd-a478-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd375ea-aa86-11dd-a817-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dba36ee4-dcbf-11dd-abd1-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f753bd-34af-11de-8074-001e688972e3}]
\shell\AutoRun\command - g1ljsm.com
\shell\open\Command - g1ljsm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e81729d7-1ed6-11de-8bed-001e688972e3}]
\shell\AutoRun\command - f:\setup\rsrc\Autorun.exe
\shell\dinstall\command - f:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder
2010-02-16 c:\windows\Tasks\Extension de garantie-MariOn.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-08-06 10:13]
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 17:09]
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 17:09]
2010-02-16 c:\windows\Tasks\Recovery DVD Creator-MariOn.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-06 10:13]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyServer = localhost:8800
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\MariOn\AppData\Roaming\Mozilla\Firefox\Profiles\y4at9j3w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\MariOn\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 13:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-02-16 13:28
ComboFix-quarantined-files.txt 2010-02-16 12:28
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 33 563 480 064 octets libres
223 --- E O F --- 2010-02-13 13:58
tout d'abord merci de votre aide d'avance...
J'ai été infectée par un trojan via un ami sur facebook....
J'ai tenté de résoudre le problème avec combofix mais il semblerait que le virus soit toujours présent sur l'ordinateur.
Je vous poste donc l'analyse de combofix en espérant trouver une solution, merci.
ComboFix 09-09-04.02 - MariOn 16/02/2010 13:21.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2591 [GMT 1:00]
Running from: g:\combofix - best malware utility - {mrkrish@h33t}\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081202-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3266313554-418176820-2171519514-500
c:\$recycle.bin\S-1-5-21-3266313554-418176820-2171519514-500\desktop.ini
.
((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 )))))))))))))))))))))))))))))))
.
2010-02-16 12:25 . 2010-02-16 12:25 -------- d-----w- c:\users\MariOn\AppData\Local\temp
2010-02-16 12:25 . 2010-02-16 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-15 09:05 . 2010-02-15 09:05 32768 ----a-w- c:\windows\system32\drivers\oko6.sys
2010-02-15 09:05 . 2010-02-15 09:05 102400 ----a-w- c:\windows\system32\oko6.dll
2010-02-15 09:04 . 2010-02-15 09:04 1 ---h--w- c:\windows\bk23567.dat
2010-02-13 14:23 . 2010-02-13 14:23 -------- d-----w- c:\users\MariOn\AppData\Roaming\Facebook
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 12:04 . 2008-08-06 13:54 668580 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-16 12:04 . 2008-08-06 13:54 122972 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-16 11:54 . 2009-04-24 11:52 -------- d-----w- c:\program files\Steam
2010-02-11 12:43 . 2009-04-24 11:58 -------- d-----w- c:\program files\Common Files\Steam
2010-02-11 12:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 20:23 . 2008-08-06 04:57 -------- d-----w- c:\program files\Google
2010-02-10 16:59 . 2008-11-03 13:58 -------- d-----w- c:\program files\MioNet
2010-02-08 21:43 . 2008-11-12 19:51 -------- d-----w- c:\users\MariOn\AppData\Roaming\dvdcss
2010-02-02 23:02 . 2009-03-02 13:26 -------- d-----w- c:\users\MariOn\AppData\Roaming\uTorrent
2010-01-24 18:21 . 2009-09-16 18:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-03 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 17:23 . 2008-11-08 20:45 -------- d-----w- c:\program files\Java
2009-12-28 12:35 . 2010-02-10 11:48 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 11:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 11:48 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 11:48 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 11:48 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 11:48 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 11:48 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 11:48 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 11:48 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 11:48 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 13:05 . 2010-01-22 12:39 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 12:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 12:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-10 11:48 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 11:48 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 11:48 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 11:48 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 11:48 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 16:12 . 2010-02-10 11:48 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 11:48 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-09 22:17 . 2009-12-09 22:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-08-06 13:46 . 2008-08-06 14:12 65536 --sha-w- c:\windows\OEM\mp\boot\bootstat.dat
2008-08-06 13:59 . 2008-08-06 13:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-25 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-01-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-27 6295552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\MariOn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20A4A5B2-5521-4060-B00C-1FF48E892143}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{A4CC7189-5231-4501-B1BD-0E376DE9466A}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{36D56F20-7A20-4666-B415-C71542F45F65}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1C89AE04-C203-4BEB-8CFB-D0A9CD70D1B6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FD3522D6-D296-4E4C-9A7D-0B210891D5C5}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"UDP Query User{64AF13A9-00B4-4B11-BE0A-A41348CAD459}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"TCP Query User{94CBFADE-E597-478C-A8CC-238822B28D63}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= UDP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"UDP Query User{28F01678-9CA1-469A-BC04-B2E45F640B4B}c:\\program files\\mionet\\jvm\\bin\\mionet.exe"= TCP:c:\program files\mionet\jvm\bin\mionet.exe:Java(TM) Platform SE binary
"TCP Query User{39137DCB-1D0C-4DC2-ADEF-7C73C62DC3CB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{19F35178-A061-4AA7-A89A-59739B735280}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{33152B33-585F-4A7B-9F37-1B46A8051714}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{469886CB-5F6C-424B-B9CB-0C6F566F1856}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6E63B864-A896-4881-B925-688D1CEA1AC1}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{47BC3D7F-C3C3-4FBD-BA3C-1EEEAE46F519}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{024AE68D-CA88-4552-B946-748ABE67E26E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{03A507AA-DE6F-42F6-B77B-E57758A3E1C8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{AF687B1B-E435-4FEE-BEB6-607F2A554A2C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{C5E8D8AA-7CA5-418B-AEF6-66DA0179D400}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{6895E52D-2922-4247-B26F-5F60442FD0C9}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{BD05FAE9-3489-4379-BC71-B75BBDFE0D3F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0209548C-9DE9-4B6D-A915-151D5D014A18}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{FFEDD396-C0CE-45E8-8A1F-205623ED043F}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{18C44712-F3F9-43C7-96C1-5EF66D9C551E}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D48C93D5-A60D-481C-9F09-832E31E9F0BD}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F6E6572E-4AC2-473A-B4B7-301F7305F8A2}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{BD018911-A762-4CC3-A6C7-1382EA576091}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{34C87C9E-ED50-41B0-990C-65855206BA03}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{93E39AF7-53E4-42A1-8074-B089E0AD3379}c:\\users\\marion\\downloads\\freezer v1.4 fr\\freezer v1.4 fr\\freezer.exe"= UDP:c:\users\marion\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe:freezer.exe
"UDP Query User{1BA805A6-EADD-4EF0-88EE-C885EA37630D}c:\\users\\marion\\downloads\\freezer v1.4 fr\\freezer v1.4 fr\\freezer.exe"= TCP:c:\users\marion\downloads\freezer v1.4 fr\freezer v1.4 fr\freezer.exe:freezer.exe
"{B82B237C-1E09-42CD-A2A0-79C6D653183D}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{CBE35079-AA42-4768-8FFC-C99F537AC7FD}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{57FB5CA8-FF8F-4C91-9633-9CF717134AF2}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [06/08/2008 05:40 52736]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [06/08/2008 05:36 22072]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/11/2008 21:35 114768]
S1 oko6;oko6;c:\windows\System32\drivers\oko6.sys [15/02/2010 10:05 32768]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [10/09/2007 23:45 124832]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/11/2008 21:35 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/11/2008 21:35 51792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/10/2009 18:09 133104]
S2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [14/01/2008 15:14 139264]
S2 okosrv;okosrv;c:\windows\sYSteM32\SvchOst.eXE -k okogrp [21/01/2008 03:23 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06/08/2008 05:57 30192]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [06/08/2008 14:46 85136]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [06/08/2008 14:46 380416]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
okogrp REG_MULTI_SZ okosrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f3546a-aa62-11dd-b711-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\NoLimit.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15f35475-aa62-11dd-b711-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e17b3-042d-11de-911b-001e688972e3}]
\shell\AutoRun\command - G:\a1agmur.cmd
\shell\open\Command - G:\a1agmur.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dcf5aeb-c788-11dd-a478-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd375ea-aa86-11dd-a817-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dba36ee4-dcbf-11dd-abd1-001e688972e3}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f753bd-34af-11de-8074-001e688972e3}]
\shell\AutoRun\command - g1ljsm.com
\shell\open\Command - g1ljsm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e81729d7-1ed6-11de-8bed-001e688972e3}]
\shell\AutoRun\command - f:\setup\rsrc\Autorun.exe
\shell\dinstall\command - f:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder
2010-02-16 c:\windows\Tasks\Extension de garantie-MariOn.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-08-06 10:13]
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 17:09]
2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-16 17:09]
2010-02-16 c:\windows\Tasks\Recovery DVD Creator-MariOn.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-08-06 10:13]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyServer = localhost:8800
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\MariOn\AppData\Roaming\Mozilla\Firefox\Profiles\y4at9j3w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\MariOn\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 13:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-02-16 13:28
ComboFix-quarantined-files.txt 2010-02-16 12:28
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 33 563 480 064 octets libres
223 --- E O F --- 2010-02-13 13:58
A voir également:
- Helppour une Analyse combofix d'un trojan svp
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
- Analyse et réparation disque dur externe - Guide
1 réponse
bonjour
il ne faut pas utiliser combofix sans qu'une personne confirmée ne le conseille, car mal utilisé, peut supprimer des fichiers légitimes
tu as une infection provenant de supports amovibles
Télécharge UsbFix (de El Desaparecido, C_XX et Chimay8) sur ton bureau
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.txt
https://www.ionos.fr/?affiliate_id=77097
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
# Clic droit sur le raccourci UsbFix présent sur ton bureau et clique sur éxécuter en tant qu'administrateur .
# Sélectionne l'option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite poste le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
il ne faut pas utiliser combofix sans qu'une personne confirmée ne le conseille, car mal utilisé, peut supprimer des fichiers légitimes
tu as une infection provenant de supports amovibles
Télécharge UsbFix (de El Desaparecido, C_XX et Chimay8) sur ton bureau
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.txt
https://www.ionos.fr/?affiliate_id=77097
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
# Clic droit sur le raccourci UsbFix présent sur ton bureau et clique sur éxécuter en tant qu'administrateur .
# Sélectionne l'option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite poste le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
