marineo
-
Compteur de contenus
24 -
Inscription
-
Dernière visite
marineo's Achievements
Member (4/12)
0
Réputation sur la communauté
-
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
Salut! Et bien effectivement , ça marche beaucoup mieux! Enormes mercis pour ton aide et pour ce forum , très très utile! Bonne continuation, Marineo -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
ah oui, j oubliais, j'ai des problemes avec msn, je peux accéder à ma boite de reception mais pas lire mes messages. J'ai remarqué que la barre de chargement se met à clignoter , genre bug quoi... je ne sais pas si ça peut te donner un indice supplémentaire. -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
et voila! merci Thanos! -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
Bonsoir Thanos, voici le rapport de FoxScan: FoxScan Version 1.1.1 Par Loup blanc - Zebulon.fr Scan lancé le 22/11/2010 à 18:39 Microsoft Windows XP dition familiale Service Pack 3 [version 5.1.2600] Mozilla Firefox version : 3.6.12 (fr) Dossier d'installation : C:\Program Files\mozilla firefox ================================================================================= ---------- Compte utilisateur : Marine [session en cours] ================================================================================= Profil : default Dossier du profil : C:\Documents and Settings\Marine \Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\ Pages de démarrage prefs.js : "http://fr.msn.com/" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : Java Console Dossier : C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ Etat : actif Nom : Adblock Plus Dossier : C:\Documents and Settings\Marine\Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\ Etat : actif Nom : BabelFish Dossier : C:\Documents and Settings\Marine\Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}\ Etat : Inactif Nom : Adblock Plus: Element Hiding Helper Dossier : C:\Documents and Settings\Marine\Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\extensions\elemhidehelper@adblockplus.org\ Etat : actif Nom : cacaoweb Dossier : C:\Documents and Settings\Marine\Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\extensions\cacaoweb@cacaoweb.org\ Etat : actif Nom : Firebug Dossier : C:\Documents and Settings\Marine\Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\extensions\firebug@software.joehewitt.com\ Etat : actif Nom : Web Developer Dossier : C:\Documents and Settings\Marine\Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}\ Etat : Inactif Nom : Microsoft .NET Framework Assistant Dossier : C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Etat : Inactif Nom : RealPlayer Browser Record Plugin Dossier : C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext\ Etat : actif Nom : Java Quick Starter Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\Marine\Application Data\mozilla\firefox\Profiles\jiqq2sbn.default\searchplugins\LiveSearch.xml Template : Bing ================================================================================= ---------- Section commune ================================================================================= //////////// DLL présentes dans C:\Program Files\mozilla firefox\components \\\\\\\\\\\\\ browserdirprovider.dll brwsrcmp.dll ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml Template : Amazon.fr: : Bienvenue C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml Template : {SEARCHTERMS} : Définition de {SEARCHTERMS} C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml Template : Toutes les catégories C:\Program Files\mozilla firefox\searchplugins\google.xml Template : Google C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml Template : http://fr.wikipedia.org/wiki/Special:Recherche C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml Template : Yahoo! Search - Recherche Web ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10.1 Plugin" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/ShockwavePlayer] "Description"="Adobe Shockwave Player" "Vendor"="Adobe Systems Inc" "Path"="C:\WINDOWS\system32\Adobe\Director\np32dsw.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=] "Description"="Module iTunes Detector" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=1.0] "Vendor"="Apple Inc." "Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.com/DivX Player Plugin,version=1.0.0] [HKEY_LOCAL_MACHINE\software\mozillaplugins\@glowria.fr/FireVMGate] "Description"="Glowria Firefox Gateway for Video Manager" "Path"="C:\Program Files\Fichiers communs\Glowria\npFireVMGate.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@java.com/JavaPlugin] "Description"="Oracle® Next Generation Java™ Plug-In" "Vendor"="Oracle Corp." "Path"="C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Microsoft.com/NpCtrl,version=1.0] "Description"="Ag Player Plugin" "Vendor"="Microsoft" "Path"="c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WLPG,version=14.0.8051.1204] "Description"="WLPG Install MIME type" "Vendor"="Microsoft" "Path"="C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5] "Description"="Windows Presentation Foundation plug-in for Mozilla browsers" "Vendor"="Microsoft Corp." "Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@pack.google.com/Google Updater;version=13] "Description"="Google Updater" "Vendor"="Google Inc." "Path"="C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.12.450] "Description"="RealPlayer LiveConnect-Enabled Plug-In" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprjplug;version=1.0.3.448] "Description"="RealJukebox Netscape Plugin" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.448] "Description"="6.0.12.448" "Vendor"="RealNetworks" "Path"="C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=] [HKEY_LOCAL_MACHINE\software\mozillaplugins\@tools.google.com/Google Update;version=8] "Description"="Google Update" "Vendor"="Google" "Path"="C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@zylom.com/ZylomGamesPlayer] "Description"="Zylom Games Player 1.00" "Vendor"="zylom" "Path"="C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll" [HKEY_CURRENT_USER\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe Flash Player 9.0" "Vendor"="Adobe Systems Inc." "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" ------------------------------------------------------ //////////// Recherche additionnelles... \\\\\\\\\\\\\ ==== Extension supplémentaire ==== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.12\extensions] =========================== Fin du rapport =========================== -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
malgré le message d'erreur , j'ai quand même lancer le scan avec rootpeal: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/11/18 00:29 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: awtdypog.sys Image Path: C:\DOCUME~1\MARINE~1\LOCALS~1\Temp\awtdypog.sys Address: 0xA91F5000 Size: 94848 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAA5C6000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF89DC000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA92C8000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xf8abd026 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf8abd01c #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xf8abd02b #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xf8abd035 #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xf8abd03a #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf8abd008 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf8abd00d #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xf8abd044 #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xf8abd03f #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xf8abd030 ==EOF== -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
me re-voici, me re-voila! bon,pour le rapport javaRa, il n'a pas edité de rapport après reinstallation de la derniere version, je te mets celui qu'il a sorti a la suppression des anciens fichiers: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Nov 17 13:14:22 2010 Found and removed: C:\Program Files\Java\jre1.5.0_02 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Documents and Settings\Marine\Application Data\Sun\Java\jre1.6.0_11 Found and removed: C:\Documents and Settings\Marine \Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\Marine\Application Data\Sun\Java\jre1.6.0_15 Found and removed: C:\Documents and Settings\Marine\Application Data\Sun\Java\jre1.6.0_17 Found and removed: C:\Documents and Settings\Marine\Application Data\Sun\Java\jre1.6.0_19 Found and removed: C:\Documents and Settings\Marine\Application Data\Sun\Java\jre1.6.0_20 Found and removed: Software\JavaSoft\Java2D\1.5.0_02 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Classes\JavaPlugin.150_02 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\Classes\JavaPlugin.160_07 Found and removed: SOFTWARE\Classes\JavaPlugin.160_21 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_11 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_21 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_21 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02 Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\JavaPlugin.160_07 Found and removed: Software\Classes\JavaPlugin.160_11 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_21 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_07 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: Software\Classes\JavaPlugin.160_21 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Nov 17 13:15:36 2010 ------------------------------------ Finished reporting. et puis le scan de GMER (mais autant il y avait plein de lignes dans le 1er scan avant qu'il plante autant dans celui-la il n'y a que quelques lignes): GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-11-17 23:26:56 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 TOSHIBA_MK6025GAS rev.KA201A Running: wjw9rbtg.exe; Driver: C:\DOCUME~1\MARINE~1\LOCALS~1\Temp\awtdypog.sys ---- System - GMER 1.0.15 ---- SSDT F8ABD026 ZwCreateKey SSDT F8ABD01C ZwCreateThread SSDT F8ABD02B ZwDeleteKey SSDT F8ABD035 ZwDeleteValueKey SSDT F8ABD03A ZwLoadKey SSDT F8ABD008 ZwOpenProcess SSDT F8ABD00D ZwOpenThread SSDT F8ABD044 ZwReplaceKey SSDT F8ABD03F ZwRestoreKey SSDT F8ABD030 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7557F80] ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- J'ai essayé de lancer RootRepeal mais il m'affiche un message d'erreur : "DeviceIo control error! Error code=0xc000009a" merci encore pour ta patience... -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
Impossible d'enregistrer le scan! il a complétement buggé! obliger d'éteindre manuellement! a la fin du scan, il y avait plein de messages disant que l'ecriture avait echoué...ressources systeme insuffisantes... je ré-essaie avant de le faire valser par la fenêtre. -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
Bonjour! alors j'ai fait la manip en selectionnant "pas de proxy" dans Firefox , même souci . Toujours des pages qui prennent trois plombes à s'afficher...arghhhh, ça me rend dingue! Est-ce que j'essaie de relancer JavaRa en selectionnant la 2eme voie de mise à jour au lieu de jucheck.exe ? -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
alors entre-temps, j'ai reinstallé IE 8, fais ta manip mais alors au niveau du chargement des pages c'était pire. je ne comprends vraiment pas d'où ça peut venir. -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
Aie aie aie... je fais la manip sous firefox ou IE? parce que je ne trouve pas IE dans mes programmes (peut-être suis-je un peu neuneu...) -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
bonsoir Thanos! J'ai parlé un peu vite... les problèmes de chargement se sont améliorés mais toujours des pages qui ne se chargent pas completement ou alors au bout de 4 reload... J'ai voulu faire la manip que tu m'as indiquée mais un message s'affiche comme quoi "java update ne peut pas continuer avec les parametres de connexion actifs de votre systeme.verifiez dans le panneau de configuration de windows, que les parametres et informations de proxy qui se trouvent sous Options internet-Connexions sont corrects" kezako? -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
en fait, c'est deja ce que j'ai fait voyant que le nettoyage n'avait pas apporté de changement à ce niveau, j'ai reinitialisé firefox aux parametres par defaut et il y a un net progrés! Alleluia! j'ai également désactivé certains modules complémentaires java et il semble que cela fasse son effet. il y a toujours quelques bugs mais rien en comparaison avec la situation d'avant. En tout cas, mille mercis pour ton aide précieuse!je suis sure que ce petit nettoyage aura fait du bien à ma bécane! Heureusement qu'il existe des forums comme Zebulon! -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
bonjour Thanos, malheureusement, toujours la même chose: les pages sont en chargement permanent, besoin d'actualiser les pages plusieurs fois ...je m'arrache les cheveux En tout cas, merci pour ton aide! que dois-je faire? migrer de rubrique? -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
oups... voici le 2eme rapport supprimé -
[RESOLU]chargement page web très lent et detection Virtumonde
marineo a répondu à un(e) sujet de marineo dans Analyses et éradication malwares
voici le rapport ad-remover : http://www.cijoint.fr/cjlink.php?file=cj201011/cijPHQrYCR.txt