Infection par virus heat
Tchika
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'ai été infecté par virus heat, voici le log généré par Combo Fix, que dois-je faire ?
Merci.
ComboFix 08-03-30.2 - O.BENDJEDOU 2008-03-30 17:52:38.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.282 [GMT 2:00]
Endroit: C:\Documents and Settings\O.BENDJEDOU\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))
.
2008-03-30 17:49 . 2008-03-30 17:54 <REP> d-------- C:\TEMP\~nsu.tmp
2008-03-30 17:43 . 2008-03-30 17:43 <REP> d-------- C:\TEMP\awtmp
2008-03-30 17:43 . 2008-03-30 17:49 <REP> d-------- C:\Program Files\AntiSpyKit 5.3
2008-03-30 17:43 . 2008-03-30 17:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:39 . 2008-03-30 17:39 <REP> d-------- C:\WINDOWS\LastGood
2008-03-30 16:13 . 2008-03-30 16:13 <REP> d-------- C:\Program Files\Enigma Software Group
2008-03-30 15:51 . 2008-03-30 17:39 <REP> d-------- C:\TEMP\hsperfdata_SYSTEM
2008-03-30 15:32 . 2008-03-30 15:32 <REP> d-------- C:\Program Files\Trend Micro
2008-03-30 14:14 . 2008-03-30 16:38 <REP> d-------- C:\Program Files\NetProject
2008-03-30 11:15 . 2008-03-30 11:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-28 10:46 . 2008-03-30 11:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 20:06 . 2008-03-19 20:06 <REP> d-------- C:\Documents and Settings\O.BENDJEDOU\Application Data\Juniper Networks
2008-02-22 20:01 . 2008-02-22 20:01 275,733 --a------ C:\WINDOWS\system32\hfzxsqbmlp.exe
2008-02-22 09:52 . 2008-02-22 09:52 <REP> d-------- C:\Program Files\MSXML 6.0
2008-02-21 17:16 . 2008-02-21 17:16 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Workshare
2008-02-21 17:16 . 2006-10-17 08:43 2,134,016 --a------ C:\WINDOWS\system32\cdintf251.dll
2008-02-21 16:52 . 2008-02-21 16:52 606 --a------ C:\WINDOWS\system32\DWRCCMDError.ini
2008-02-16 19:36 . 2008-02-16 19:36 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks
2008-02-15 18:44 . 2008-02-15 18:44 <REP> d-------- C:\Program Files\Neoteris
2008-02-15 18:42 . 2008-02-15 18:43 <REP> d-------- C:\Program Files\Juniper Networks
2008-02-15 18:42 . 2008-02-15 18:42 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-02-15 18:33 . 2008-03-30 14:27 43,860 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-15 18:33 . 2008-02-15 19:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-15 18:32 . 2008-02-15 19:12 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-15 18:31 . 2008-03-30 14:27 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-13 13:34 . 2007-10-25 16:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-02-13 13:34 . 2007-10-25 16:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 12:47 --------- d-----w C:\Program Files\Yahoo!
2008-03-30 09:09 13,312 --s-a-w C:\WINDOWS\system32\baoohy.dll
2008-03-28 19:07 1,113,600 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-27 07:30 --------- d-----w C:\Program Files\Java
2008-03-21 12:21 738,304 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-16 19:42 1,606,819 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-14 16:52 314,368 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-12 18:42 429,568 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-12 18:42 2,331,648 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-10 18:34 503,296 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-10 18:34 2,281,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-07 16:10 488,448 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-04 17:44 198,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-03 18:28 197,632 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-29 17:56 383,488 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-27 17:56 825,344 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-22 16:27 1,499,648 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-21 15:20 --------- d-----w C:\Documents and Settings\O.BENDJEDOU\Application Data\Workshare
2008-02-21 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Workshare
2008-02-21 15:12 --------- d-----w C:\Program Files\Workshare
2008-02-21 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-15 16:32 --------- d-----w C:\Program Files\CheckPoint
2008-02-06 17:47 --------- d-----w C:\Documents and Settings\O.BENDJEDOU\Application Data\FileOpen
2008-01-31 12:24 --------- d-----w C:\Program Files\MSECache
2008-01-31 12:12 --------- d-----w C:\Program Files\Microsoft Works
2008-01-28 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 14:59 --------- d-----w C:\Documents and Settings\O.BENDJEDOU\Application Data\Yahoo!
2008-01-28 13:37 --------- d-----w C:\Program Files\Google
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 12:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-30_15.49.21,61 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-05-17 09:23:38 579,888 ----a-w C:\WINDOWS\LastGood\system32\LegitCheckControl.DLL
- 2006-05-17 09:23:38 579,888 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2004-12-07 07:11:00 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2006-09-11 08:56:00 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
+ 2006-12-21 12:18:00 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
2008-03-30 14:27 10240 --a------ C:\Program Files\NetProject\sbmdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-05 14:00 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-07-18 20:44 4164816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"= C:\Program Files\NetProject\scit.exe
"start"= C:\Program Files\NetProject\sbmntr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{f43bfc6c-47cc-4798-8798-a0721b8ed7ab}"= C:\WINDOWS\system32\baoohy.dll [2008-03-30 11:09 13312]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-04-01 17:48 24668 C:\WINDOWS\system32\ckpNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Agent de Planification.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Agent de Planification.lnk
backup=C:\WINDOWS\pss\Agent de Planification.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^O.BENDJEDOU^Menu Démarrer^Programmes^Démarrage^Surveiller mes eRooms (V7).lnk]
path=C:\Documents and Settings\O.BENDJEDOU\Menu Démarrer\Programmes\Démarrage\Surveiller mes eRooms (V7).lnk
backup=C:\WINDOWS\pss\Surveiller mes eRooms (V7).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirCardEnabler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 11:33 155648 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
--a------ 2005-07-18 20:44 4164816 C:\Program Files\Microsoft Office Communicator\Communicator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator2005]
--a------ 2005-07-18 20:44 4164816 C:\Program Files\Microsoft Office Communicator\communicator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 17:41 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 17:45 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 17:44 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2007-10-25 16:06 136512 C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
--a------ 2003-10-07 10:48 147514 C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-02-08 20:43 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2004-09-22 09:00 98304 C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 18:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwPrnMon]
-ra------ 2006-01-11 15:26 552960 C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Watcher3G]
--a------ 2006-09-15 12:33 914976 C:\Program files\Sierra Wireless Inc\Watcher\Watcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
--a------ 2006-09-15 12:33 95776 C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workshare3GW]
--a------ 2007-12-07 13:13 1896448 C:\Program Files\Workshare\Modules\WMConfigAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-03-07 20:48 784144 C:\Program Files\CheckPoint\Integrity Client\iclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe"= C:\\Program Files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1503:TCP"= 1503:TCP:NetMeeting
"6891:TCP"= 6891:TCP:MOC
R0 vmscsi;vmscsi;C:\WINDOWS\system32\DRIVERS\vmscsi.sys [2004-12-11 08:19]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2005-05-16 11:29]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys [2006-10-04 11:29]
R2 Neoteris Setup Service;Neoteris Setup Service;"C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe" [2005-12-03 15:37]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-04-01 16:48]
R2 SO2Scheduler;BUSS RapidoBackup - Service de Planification;"C:\Program Files\RapidoBackup 2\SchedulerNT.exe" [2005-09-18 21:27]
R2 TunerClient;TunerClient;C:\program files\marimba\tunerclient\Tuner.exe [2007-08-08 08:16]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-04-01 16:48]
R2 Workshare Client Caching Service;Workshare Client Caching Service;"C:\Program Files\Workshare\Modules\Workshare.Policy.Services.ClientCaching.exe" [2007-11-30 18:46]
R3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys [2006-07-12 16:59]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2005-12-04 00:43]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-04-01 16:48]
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-02-15 11:06]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-04-01 16:48]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]
S3 vsinstdv;vsinstdv;C:\TEMP\{CF20E9E4-4933-40D2-B305-CA9EDB585CA7}\vsinstdv.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3575d0-5a51-11dc-8490-00a0d5ffff8c}]
\Shell\AutoRun\command - reper.exe
*Newly Created Service* - MCHINJDRV
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\As_proxy_11_Enable]
C:\Program Files\Proxy http 1.1 Enable\As_Http1_enable.EXE /s
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Office2k7_Std_FR_Modeles2k3to2k7]
C:\Program Files\Microsoft Office\2k3to2k7.EXE /s
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7A85C7C8-43FE-430E-AEAC-13B61CE70343}]
C:\WINDOWS\system32\msiexec.exe /Fus {7A85C7C8-43FE-430E-AEAC-13B61CE70343} /qb-! /l*+ C:\LOG\OfficeCommunicator_2005_User.log
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{HKCU_Java_Virtual_Machine_5_00_3802_FR}]
C:\WINDOWS\Installer\Java_Virtual_Machine_5_00_3802_U.EXE /S
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{modifDPj2re1_4_2_04}]
C:\WINDOWS\Installer\modifDPj2re1_4_2_04.EXE /S
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-12-04 09:33:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-30 14:58:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 17:54:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\baoohy.dll
.
Temps d'accomplissement: 2008-03-30 17:55:47
ComboFix-quarantined-files.txt 2008-03-30 15:55:29
Pre-Run: 12,513,923,072 octets libres
Post-Run: 12,507,795,456 octets libres
J'ai été infecté par virus heat, voici le log généré par Combo Fix, que dois-je faire ?
Merci.
ComboFix 08-03-30.2 - O.BENDJEDOU 2008-03-30 17:52:38.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.282 [GMT 2:00]
Endroit: C:\Documents and Settings\O.BENDJEDOU\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))
.
2008-03-30 17:49 . 2008-03-30 17:54 <REP> d-------- C:\TEMP\~nsu.tmp
2008-03-30 17:43 . 2008-03-30 17:43 <REP> d-------- C:\TEMP\awtmp
2008-03-30 17:43 . 2008-03-30 17:49 <REP> d-------- C:\Program Files\AntiSpyKit 5.3
2008-03-30 17:43 . 2008-03-30 17:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:39 . 2008-03-30 17:39 <REP> d-------- C:\WINDOWS\LastGood
2008-03-30 16:13 . 2008-03-30 16:13 <REP> d-------- C:\Program Files\Enigma Software Group
2008-03-30 15:51 . 2008-03-30 17:39 <REP> d-------- C:\TEMP\hsperfdata_SYSTEM
2008-03-30 15:32 . 2008-03-30 15:32 <REP> d-------- C:\Program Files\Trend Micro
2008-03-30 14:14 . 2008-03-30 16:38 <REP> d-------- C:\Program Files\NetProject
2008-03-30 11:15 . 2008-03-30 11:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-28 10:46 . 2008-03-30 11:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 20:06 . 2008-03-19 20:06 <REP> d-------- C:\Documents and Settings\O.BENDJEDOU\Application Data\Juniper Networks
2008-02-22 20:01 . 2008-02-22 20:01 275,733 --a------ C:\WINDOWS\system32\hfzxsqbmlp.exe
2008-02-22 09:52 . 2008-02-22 09:52 <REP> d-------- C:\Program Files\MSXML 6.0
2008-02-21 17:16 . 2008-02-21 17:16 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Workshare
2008-02-21 17:16 . 2006-10-17 08:43 2,134,016 --a------ C:\WINDOWS\system32\cdintf251.dll
2008-02-21 16:52 . 2008-02-21 16:52 606 --a------ C:\WINDOWS\system32\DWRCCMDError.ini
2008-02-16 19:36 . 2008-02-16 19:36 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks
2008-02-15 18:44 . 2008-02-15 18:44 <REP> d-------- C:\Program Files\Neoteris
2008-02-15 18:42 . 2008-02-15 18:43 <REP> d-------- C:\Program Files\Juniper Networks
2008-02-15 18:42 . 2008-02-15 18:42 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-02-15 18:33 . 2008-03-30 14:27 43,860 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-15 18:33 . 2008-02-15 19:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-15 18:32 . 2008-02-15 19:12 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-15 18:31 . 2008-03-30 14:27 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-13 13:34 . 2007-10-25 16:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-02-13 13:34 . 2007-10-25 16:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 12:47 --------- d-----w C:\Program Files\Yahoo!
2008-03-30 09:09 13,312 --s-a-w C:\WINDOWS\system32\baoohy.dll
2008-03-28 19:07 1,113,600 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-27 07:30 --------- d-----w C:\Program Files\Java
2008-03-21 12:21 738,304 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-16 19:42 1,606,819 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-14 16:52 314,368 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-12 18:42 429,568 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-12 18:42 2,331,648 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-10 18:34 503,296 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-10 18:34 2,281,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-03-07 16:10 488,448 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-04 17:44 198,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-03 18:28 197,632 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-29 17:56 383,488 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-27 17:56 825,344 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-22 16:27 1,499,648 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-21 15:20 --------- d-----w C:\Documents and Settings\O.BENDJEDOU\Application Data\Workshare
2008-02-21 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Workshare
2008-02-21 15:12 --------- d-----w C:\Program Files\Workshare
2008-02-21 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-15 16:32 --------- d-----w C:\Program Files\CheckPoint
2008-02-06 17:47 --------- d-----w C:\Documents and Settings\O.BENDJEDOU\Application Data\FileOpen
2008-01-31 12:24 --------- d-----w C:\Program Files\MSECache
2008-01-31 12:12 --------- d-----w C:\Program Files\Microsoft Works
2008-01-28 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 14:59 --------- d-----w C:\Documents and Settings\O.BENDJEDOU\Application Data\Yahoo!
2008-01-28 13:37 --------- d-----w C:\Program Files\Google
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 12:00 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-30_15.49.21,61 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-05-17 09:23:38 579,888 ----a-w C:\WINDOWS\LastGood\system32\LegitCheckControl.DLL
- 2006-05-17 09:23:38 579,888 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2004-12-07 07:11:00 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2006-09-11 08:56:00 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
+ 2006-12-21 12:18:00 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
2008-03-30 14:27 10240 --a------ C:\Program Files\NetProject\sbmdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-05 14:00 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-07-18 20:44 4164816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"= C:\Program Files\NetProject\scit.exe
"start"= C:\Program Files\NetProject\sbmntr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{f43bfc6c-47cc-4798-8798-a0721b8ed7ab}"= C:\WINDOWS\system32\baoohy.dll [2008-03-30 11:09 13312]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-04-01 17:48 24668 C:\WINDOWS\system32\ckpNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Agent de Planification.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Agent de Planification.lnk
backup=C:\WINDOWS\pss\Agent de Planification.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^O.BENDJEDOU^Menu Démarrer^Programmes^Démarrage^Surveiller mes eRooms (V7).lnk]
path=C:\Documents and Settings\O.BENDJEDOU\Menu Démarrer\Programmes\Démarrage\Surveiller mes eRooms (V7).lnk
backup=C:\WINDOWS\pss\Surveiller mes eRooms (V7).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirCardEnabler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 11:33 155648 C:\Program Files\Apoint\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]
--a------ 2005-07-18 20:44 4164816 C:\Program Files\Microsoft Office Communicator\Communicator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator2005]
--a------ 2005-07-18 20:44 4164816 C:\Program Files\Microsoft Office Communicator\communicator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 01:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 17:41 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 17:45 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 17:44 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2007-10-25 16:06 136512 C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
--a------ 2003-10-07 10:48 147514 C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-02-08 20:43 95800 C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2004-09-22 09:00 98304 C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-11-16 15:35 397312 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 18:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwPrnMon]
-ra------ 2006-01-11 15:26 552960 C:\Program Files\Fichiers communs\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Watcher3G]
--a------ 2006-09-15 12:33 914976 C:\Program files\Sierra Wireless Inc\Watcher\Watcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
--a------ 2006-09-15 12:33 95776 C:\Program files\Sierra Wireless Inc\Watcher\WaHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workshare3GW]
--a------ 2007-12-07 13:13 1896448 C:\Program Files\Workshare\Modules\WMConfigAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-03-07 20:48 784144 C:\Program Files\CheckPoint\Integrity Client\iclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe"= C:\\Program Files\\Sierra Wireless Inc\\Watcher\\SwiApiMux.exe
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1503:TCP"= 1503:TCP:NetMeeting
"6891:TCP"= 6891:TCP:MOC
R0 vmscsi;vmscsi;C:\WINDOWS\system32\DRIVERS\vmscsi.sys [2004-12-11 08:19]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2005-05-16 11:29]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys [2006-10-04 11:29]
R2 Neoteris Setup Service;Neoteris Setup Service;"C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe" [2005-12-03 15:37]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-04-01 16:48]
R2 SO2Scheduler;BUSS RapidoBackup - Service de Planification;"C:\Program Files\RapidoBackup 2\SchedulerNT.exe" [2005-09-18 21:27]
R2 TunerClient;TunerClient;C:\program files\marimba\tunerclient\Tuner.exe [2007-08-08 08:16]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-04-01 16:48]
R2 Workshare Client Caching Service;Workshare Client Caching Service;"C:\Program Files\Workshare\Modules\Workshare.Policy.Services.ClientCaching.exe" [2007-11-30 18:46]
R3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys [2006-07-12 16:59]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2005-12-04 00:43]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-04-01 16:48]
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-02-15 11:06]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-04-01 16:48]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]
S3 vsinstdv;vsinstdv;C:\TEMP\{CF20E9E4-4933-40D2-B305-CA9EDB585CA7}\vsinstdv.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3575d0-5a51-11dc-8490-00a0d5ffff8c}]
\Shell\AutoRun\command - reper.exe
*Newly Created Service* - MCHINJDRV
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\As_proxy_11_Enable]
C:\Program Files\Proxy http 1.1 Enable\As_Http1_enable.EXE /s
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Office2k7_Std_FR_Modeles2k3to2k7]
C:\Program Files\Microsoft Office\2k3to2k7.EXE /s
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7A85C7C8-43FE-430E-AEAC-13B61CE70343}]
C:\WINDOWS\system32\msiexec.exe /Fus {7A85C7C8-43FE-430E-AEAC-13B61CE70343} /qb-! /l*+ C:\LOG\OfficeCommunicator_2005_User.log
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{HKCU_Java_Virtual_Machine_5_00_3802_FR}]
C:\WINDOWS\Installer\Java_Virtual_Machine_5_00_3802_U.EXE /S
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{modifDPj2re1_4_2_04}]
C:\WINDOWS\Installer\modifDPj2re1_4_2_04.EXE /S
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-12-04 09:33:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-30 14:58:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 17:54:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\baoohy.dll
.
Temps d'accomplissement: 2008-03-30 17:55:47
ComboFix-quarantined-files.txt 2008-03-30 15:55:29
Pre-Run: 12,513,923,072 octets libres
Post-Run: 12,507,795,456 octets libres
A voir également:
- Infection par virus heat
- Asphalt 7: heat - Télécharger - Course
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
1 réponse
slt,
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
_________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
3/ redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée
_________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
