Aller au contenu

Sonic_

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Francais anglais

Sonic_'s Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Sonic_

    Virus Bagle

    Sonic_ a répondu à un(e) sujet de Sonic_ dans Analyses et éradication malwares

    ComboFix 09-02-24.02 - Sinead 2009-02-25 18:40:28.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1256.213.1036.18.511.293 [GMT 1:00] Running from: c:\documents and settings\Sinead\Bureau\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\aifmfuiw.ini c:\windows\system32\bhlcjbii.ini c:\windows\system32\cuuqbhhk.ini c:\windows\system32\fjtfiolf.ini c:\windows\system32\jmuhewvf.ini c:\windows\system32\mqjxhntw.ini c:\windows\system32\nmxcnquh.ini c:\windows\system32\ovqxdwrh.ini c:\windows\system32\vbehophw.ini c:\windows\system32\vsahlynr.ini c:\windows\system32\wlletbcb.ini . ((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 ))))))))))))))))))))))))))))))) . 2009-02-24 16:46 . 2009-02-24 16:46 69,120 --a------ c:\windows\system32\whpohebv.VIR000 2009-02-23 16:42 . 2009-02-23 16:42 236,544 --a------ c:\windows\system32\byXPhIbA.VIR000 2009-02-22 01:48 . 2009-02-22 01:48 68,608 --a------ c:\windows\system32\huqncxmn.VIR 2009-02-22 01:47 . 2009-02-22 01:47 237,056 --a------ c:\windows\system32\vtUmJBSk.VIR000 2009-02-20 01:06 . 2009-02-20 01:06 68,608 --a------ c:\windows\system32\iibjclhb.VIR000 2009-02-20 01:04 . 2009-02-20 01:05 236,544 --a------ c:\windows\system32\cbXNDSll.VIR 2009-02-18 02:51 . 2009-02-18 03:06 <REP> d-------- c:\windows\BDOSCAN8 2009-02-17 03:56 . 2009-02-17 03:56 236,544 --a------ c:\windows\system32\tuvVOEXp.VIR000 2009-02-12 11:55 . 2009-02-12 11:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-12 11:00 . 2009-02-12 11:00 <REP> d-------- c:\documents and settings\LocalService\Menu Démarrer 2009-02-12 10:56 . 2009-02-12 10:56 86,792 --a------ c:\windows\system32\drivers\bdfndisf.sys 2009-02-12 10:31 . 2009-02-12 11:27 <REP> d-------- c:\program files\BitDefender 2009-02-12 00:32 . 2009-02-24 21:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Google Updater 2009-02-11 22:02 . 2009-02-11 22:02 <REP> d-------- c:\documents and settings\Sinead\Application Data\PCToolsFirewallPlus 2009-02-11 22:01 . 2009-02-11 22:01 <REP> d-------- c:\documents and settings\Sinead\Application Data\PCToolsSpamMonitorPlus 2009-02-11 19:56 . 2009-02-12 10:26 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-11 19:55 . 2009-02-13 16:37 <REP> d-------- c:\program files\PC Tools Internet Security 2009-02-11 19:55 . 2009-02-12 10:27 <REP> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2009-02-11 19:23 . 2009-02-11 19:23 159,578 --a------ c:\windows\Marsu-Fix 2.5 Uninstaller.exe 2009-02-11 13:57 . 2009-02-11 13:57 <REP> d-------- c:\program files\RAR Password Cracker 2009-02-11 13:47 . 2009-02-11 13:47 <REP> d-------- c:\program files\Rar Repair Tool 2009-02-11 13:26 . 2009-02-11 13:26 <REP> d-------- c:\program files\PicoZipRT 2009-02-10 18:43 . 2009-02-10 18:43 <REP> d-------- c:\program files\LizardTech 2009-02-10 16:00 . 2009-02-24 22:00 <REP> d-------- c:\program files\PDF Password Cracker Pro v3.0 2009-02-10 15:58 . 2009-02-10 15:58 <REP> d-------- C:\Archivos de programa 2009-02-10 15:52 . 2009-02-11 13:29 480 --a------ c:\windows\crackpdf.INI 2009-02-10 15:51 . 2009-02-10 15:52 <REP> d-------- c:\program files\PDF Password Cracker v3.0 2009-02-10 00:03 . 2009-02-10 00:03 <REP> d-------- c:\program files\ESET 2009-02-09 20:36 . 2009-02-09 20:36 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-09 20:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-09 20:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-09 19:55 . 2009-02-09 20:32 <REP> d-------- c:\program files\FindyKill 2009-02-09 19:37 . 2009-02-09 19:37 <REP> d-------- c:\windows\35C03C043F1F42C2A989A757EE691F65.TMP 2009-02-09 19:07 . 2009-02-10 00:10 <REP> d-------- c:\program files\ElcomSoft 2009-02-09 17:28 . 2009-02-09 17:28 4,608 --a------ c:\windows\system32\redcuhpn.dll 2009-02-09 10:17 . 2009-02-09 17:27 <REP> d-------- c:\program files\IsoBourse 2009-02-08 17:58 . 2009-02-08 18:03 <REP> d-------- c:\program files\eToro 2009-02-07 23:59 . 2009-02-07 23:59 <REP> d-------- C:\OpenSSL 2009-02-07 23:59 . 2009-02-07 23:59 155,648 --a------ c:\windows\system32\libssl32.dll 2009-02-07 20:09 . 2009-02-10 00:06 <REP> d-------- c:\program files\Download Direct 2009-02-05 19:26 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll 2009-02-05 19:26 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll 2009-02-05 19:26 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll 2009-02-05 19:26 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll 2009-02-05 19:26 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll 2009-02-05 19:26 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll 2009-02-05 19:26 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll 2009-02-05 19:26 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll 2009-02-02 00:38 . 2009-02-02 00:38 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared 2009-02-02 00:37 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2009-02-02 00:37 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2009-01-27 19:18 . 2009-01-27 19:18 59 --a------ c:\windows\system32\E_S15.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-25 17:04 --------- d-----w c:\program files\eMule 2009-02-24 18:17 --------- d-----w c:\documents and settings\Sinead\Application Data\Skype 2009-02-24 16:23 --------- d-----w c:\documents and settings\Sinead\Application Data\skypePM 2009-02-18 11:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-16 20:06 --------- d-----w c:\program files\MessengerDiscovery 2009-02-15 17:57 --------- d-----w c:\program files\Google 2009-02-10 17:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-10 15:26 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-02-09 22:59 --------- d-----w c:\program files\VS Revo Group 2009-02-06 10:20 --------- d-----w c:\program files\Yahoo! 2009-02-05 10:15 --------- d-----w c:\program files\Mp3 My Mp3 2.0 2009-01-30 12:32 --------- d-----w c:\program files\MediaMonkey 2009-01-23 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-01-22 17:54 --------- d-----w c:\documents and settings\Sinead\Application Data\TotalRecorder 2009-01-22 17:47 --------- d-----w c:\program files\HighCriteria 2009-01-22 16:06 --------- d-----w c:\documents and settings\Sinead\Application Data\Todae 2009-01-22 16:05 --------- d-----w c:\program files\The Rosetta Stone 2009-01-22 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-01-22 15:39 --------- d-----w c:\program files\Apple Software Update 2009-01-22 15:26 --------- d-----w c:\program files\NOS 2009-01-22 15:26 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-01-20 23:57 --------- d-----w c:\program files\Ela-Salaty 2009-01-20 23:08 --------- d-----w c:\program files\Total Video Converter 2009-01-16 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-16 16:55 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-15 09:43 --------- d-----w c:\program files\Sierra On-Line 2009-01-15 08:35 --------- d-----w c:\program files\TLC-Edusoft 2009-01-13 10:22 --------- d-----w c:\program files\TuneUp Utilities 2008 2009-01-13 10:22 --------- d-----w c:\documents and settings\Sinead\Application Data\Malwarebytes 2009-01-13 10:22 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-10 11:26 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-01-10 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2009-01-01 00:25 --------- d-----w c:\program files\QuickTime 2009-01-01 00:23 --------- d-----w c:\program files\Fichiers communs\Apple 2009-01-01 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-31 21:17 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-31 21:16 --------- d-----w c:\program files\Java 2008-12-27 08:34 --------- d-----w c:\documents and settings\Sinead\Application Data\Ahead 2004-08-04 04:54 65,024 --sha-w c:\windows\system32\asycfilt.dll 2006-08-25 15:51 617,472 --sha-w c:\windows\system32\comctl32.dll 2004-08-04 04:54 1,028,096 --sha-w c:\windows\system32\mfc42.dll 2002-09-07 00:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll 2004-08-04 04:54 413,696 --sha-w c:\windows\system32\msvcp60.dll 2004-08-04 04:54 343,040 --sha-w c:\windows\system32\msvcrt.dll 2002-09-07 00:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w c:\windows\system32\oleaut32.dll 2004-08-04 04:54 83,456 --sha-w c:\windows\system32\olepro32.dll 2004-08-04 04:54 30,749 --sha-w c:\windows\system32\vbajet32.dll . ((((((((((((((((((((((((((((( SnapShot@2009-02-24_20.00.46.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-25 11:19:27 16,384 ----atw c:\windows\temp\Perflib_Perfdata_314.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "eMuleAutoStart"="c:\program files\eMule\eMule.exe" [2008-05-14 5423104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "BigDogPath"="c:\windows\VM_STI.EXE" [2005-02-28 53248] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-19 180269] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Sinead\Menu D‚marrer\Programmes\D‚marrage\ Ela-Salaty.lnk - c:\program files\Ela-Salaty\Salaty.exe [2007-03-05 5353984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"= DrvTrNTm.dll "wave"= DrvTrNTm.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2008-08-21 16:45 888832 c:\program files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 05:54 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3200] --a------ 2002-07-01 04:05 74752 c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-06-19 16:02 180269 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName "PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC "BigDogPath"=c:\windows\VM_STI.EXE Vimicro USB PC Camera LTI301P "REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\eMule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "7571:UDP"= 7571:UDP:UDP "7561:TCP"= 7561:TCP:TCP R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328] R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2008-06-17 18004] R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-01-22 126984] S2 gupdate1c98ca1717b0722;Google Update Service (gupdate1c98ca1717b0722);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104] S3 lredbooo;lredbooo;\??\c:\docume~1\Sinead\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Sinead\LOCALS~1\Temp\lredbooo.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] \Shell\AutoRun\command - M:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23e7e9fd-92d8-11dd-99a2-00a1b0016a92}] \Shell\AutoRun\command - L:\fppg1.exe \Shell\explore\Command - L:\fppg1.exe \Shell\open\Command - L:\fppg1.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{350b92d0-8a84-11dd-998f-000000000000}] \Shell\AutoRun\command - L:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79e2bf31-4f5e-11dd-993e-000000000000}] \shell\explore\command - ZG.PIF \shell\open\Command - ZG.PIF . Contents of the 'Scheduled Tasks' folder 2009-02-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-12 00:32] 2009-02-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 00:35] 2009-02-20 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23] . . ------- Supplementary Scan ------- . uStart Page = hxxp://fr.yahoo.com/ mStart Page = hxxp://fr.yahoo.com uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab FF - ProfilePath - c:\documents and settings\Sinead\Application Data\Mozilla\Firefox\Profiles\vxtt5ju5.default\ FF - prefs.js: browser.search.selectedEngine - Wikipأ©dia (fr) FF - prefs.js: browser.startup.homepage - www.google.fr FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-25 18:44:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1757981266-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1FBB77BF-9CBB-56D3-1519-4345B33092FA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="A8597018E93E2152883BD1B8A26FF5420802086091B0C6C40D95926518A3EC129F45CCE9500 BF31B3078511BBABFAB58FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC C74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1 407BA7FD869164D679418CC964FCBE6833F8FA36E901976E50EDEBB6CA9D1026551B327146FDF0C42 91A60747E4B1D97479FDBF318564F4C09FC3B97F96BFB116692CB3E71088CC41F9C42885139291E92 980BDF9EF371A661D84496DBF0C12D860D1E05303721CA214B77E026270AFA42E1A349F6CE01D4CC5 016BD271EF1677F40438D5E7E343A6447A3E44623D75772B8021CB9922DCF91ECB069F7C9951512CD 129C4DE19B21FAEB8FEA427E2CCCB089EE37E9BAED78FED2D6218B6A900D7507F06C70D407C75BF54 3BD1C4BCC19DEE92BF0B9931B53CC2A1AED27738FD91EE0706DD9DFC57A224E3D1CC561A027D50AFD F16BE45BD466BD67ABB9BCE4F98D714C056BCE51F37CD2F886C7DBF648F5E7DCE9C3DFDDC867C313C 9383E9979A218738D51E06D156F3B605D958E65F0B90337D6C465E246ACDC74EEC147DA2DB23744BD 5F45D13B690A8D21291388DBEA24240A712DFC872FB676C31B76EDDB0FBA543237C5C29A4606CE167 D0573188124C4F46DC7023B4E70D399AD797DA848B95C8DDF16DFE7EE71B068047D52D5D24274712E 5EEB0DB34EFB93967C6CE5578F66BFA97E82438EB02F456A5BD89455E5E292B70B291A2C9F357F0DA 3D1534AB2C9C43311FCBD8F4234B37A20971DD8C30D70345848B5A5437DDF9AA322BC951CEB3540BD 2CA7AD43408437B29B5D5BD8F9CE0AE2108EAC4088160D1CDB34E5A2C691EF03B9DCE1B9E8FF26B01 C97345A1A4DE7D38124BCDEAD50353307211FD43DD653503E3179E7EA70EB66AC50DB9427EEC04EF5 B8AE916559533EAD2F3B2C893C22DC9DEAB79277D3324AF658EF60021CD9B623AC7D2755C217883E1 EDB8A570A332A17677091E1ED2FE120AF99C9BE1971E9A26B88A28AC8033F352878EF63E48A392B4F 9719A00B494C3B4620C0E7FB46D1ABAA8D483EC63702A7AE1F98C2B466197C945970D7871376E10F1 6E001AE5EA573C72B88DA4CC4709D2AC05EACA06D09E0703251543F6BE2F65622DD1353B7F390D0A0 482C1964EE57A2F7C4B1344DC0C656C090AFE878692A785F814B99D961FB572455095EAA48A32C3F0 99DE1173B5FDD1F5F3B0B8EA9F67BE440EF2C59FD76545521C574B69B5E1D738F66B5105679016601 03FF3D0CC5F87C53B13C40FA9EBAF413E9D89C01991EFEAB65C3F075F00AF035075F69C086AEA7848 ADFBDB4DBD74EF3FE74D545AEE9F6662B666F4D1D22CDD5B83D33B2F87899C1A3CA202F0F3677E611 79451934D92CBB6E6274AE4B3A830" . Completion time: 2009-02-25 18:49:02 ComboFix-quarantined-files.txt 2009-02-25 17:47:45 ComboFix2.txt 2009-02-24 19:02:31 ComboFix3.txt 2008-12-01 19:17:34 ComboFix4.txt 2008-10-07 23:42:00 ComboFix5.txt 2009-02-25 17:39:26 Pre-Run: 4 110 237 696 octets libres Post-Run: 4,103,696,384 octets libres 285 --- E O F --- 2009-02-12 02:01:01
  2. Sonic_

    Virus Bagle

    Sonic_ a répondu à un(e) sujet de Sonic_ dans Analyses et éradication malwares

    bonsoir, dsl du retard je viens de rentré et merci pour ta réponse pour les .exe j'ai deja réglé ca précédemment grâce a un tuto sur le net je vais donc envoyé le rapport de combofix
  3. Sonic_
    Bonsoir a tous, il y a environ une semaine mon ordinateur a été infecté par le virus bagle, je ne pouvais plus lancer les extensions .exe, bref j'ai suivis un tuto sur le net et j'ai réussi a régler le probleme, on m'a conseillé de migré vers antivir, ce que j'ai fais, mais voila maintenent antivir envoi des messages d'alertes trés souvent (toutes les 5mn minimum) et souvent pour les memes virus. j'ai windows XP pro service pack 2 et donc antivir comme antivirus avec la pare-feu standard de windows que faire? merci d'avance
×
×
  • Créer...