Aller au contenu

malitou84

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

malitou84's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. malitou84
    salut moi je viens de l'enlever avec combofix, un tutoriel est mis à disposition sur www.bleepingcomputer.com/combofix/fr bon courage!!!
  2. malitou84
    Bonjour! J'ai eu un virus avec vista guardian qui s'est installé tout seul sur mon ordinateur. Après avoir essayé d'eradiquer ce virus avec malwarebyte qui n'a rien trouvé, j'ai téléchargé combofix et suivi les instructions données sur un site internet. Dans les instructions, on me demande de verifier dans le rapport que tout est parti mais n'y connaissant riiiieeeeen dutout et ne souhaitant pas faire de bétises, est-ce que quelqu'un pourrait me dire si tout est parti et en même temps répondre à ma question: comment éviter d'attraper ces choses (c'est la deuxième fois pour moi...)?? merci d'avance du temps prit pour me répondre! Voici le fichier rapport de combofix: ComboFix 10-03-12.04 - mali 13/03/2010 13:41:07.1.2 - x86 Microsoft® Windows Vista™ Édition Intégrale 6.0.6002.2.1252.33.1036.18.3326.2170 [GMT 1:00] Lancé depuis: c:\users\mali\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500 c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\users\Administrateur\AppData\Roaming\Desktopicon c:\users\Administrateur\AppData\Roaming\Desktopicon\config.ini c:\users\mali\AppData\Local\av.exe c:\users\mali\AppData\Local\MSASCui.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-13 au 2010-03-13 )))))))))))))))))))))))))))))))))))) . 2010-03-13 12:48 . 2010-03-13 12:50 -------- d-----w- c:\users\mali\AppData\Local\temp 2010-03-13 12:28 . 2010-03-13 12:28 0 ----a-w- c:\windows\nsreg.dat 2010-03-13 12:28 . 2010-03-13 12:28 -------- d-----w- c:\users\mali\AppData\Local\Mozilla 2010-03-13 12:23 . 2010-03-13 12:23 -------- d-----w- c:\users\mali\AppData\Roaming\Malwarebytes 2010-03-13 12:23 . 2010-03-13 12:23 125120 ----a-w- c:\users\mali\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-12 19:37 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-12 19:37 . 2010-03-12 19:37 -------- d-----w- C:\Malwarebytes' Anti-Malware 2010-03-12 19:37 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-12 19:11 . 2010-03-12 19:11 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-03-12 18:45 . 2010-03-12 18:45 2 --shatr- c:\windows\winstart.bat 2010-03-12 18:45 . 2010-03-12 18:45 -------- d-----w- c:\program files\Greatis 2010-03-12 16:31 . 2010-03-12 16:31 -------- d-----w- c:\programdata\Yahoo! Companion 2010-03-12 16:31 . 2010-03-12 16:31 -------- d-----w- c:\users\Invité 2010-03-12 16:14 . 2010-03-12 16:14 -------- d-----w- c:\program files\Yahoo! 2010-03-12 16:14 . 2010-03-12 16:14 -------- d-----w- c:\program files\CCleaner 2010-03-12 15:29 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-12 15:29 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-12 15:29 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-12 15:26 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll 2010-03-12 15:26 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-03-12 15:26 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-03-12 15:25 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-03-12 15:25 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll 2010-03-12 15:25 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-03-12 15:25 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-03-12 15:25 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-03-12 15:25 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-03-12 15:25 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-03-12 15:25 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-03-12 15:25 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-03-12 15:25 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-03-12 15:25 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-03-12 15:25 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-03-12 11:50 . 2010-03-12 11:50 -------- d-----w- c:\users\Administrateur\Tracing 2010-03-08 18:50 . 2010-03-08 18:52 -------- d-----w- c:\program files\Risk 2010-02-25 13:59 . 2010-03-05 18:43 -------- d-----w- c:\program files\Nvu 2010-02-25 13:56 . 2010-02-25 13:56 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Nvu 2010-02-23 16:57 . 2010-02-23 17:04 -------- d-----w- c:\program files\AutoCAD 2010 2010-02-23 16:56 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2010-02-23 16:56 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2010-02-23 16:56 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 12:46 . 2006-11-02 16:03 669328 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-13 12:46 . 2006-11-02 16:03 123350 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-12 19:08 . 2010-01-08 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-12 15:48 . 2009-06-07 11:36 125120 ----a-w- c:\users\Administrateur\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-12 15:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-12 15:32 . 2008-12-10 19:27 -------- d-----w- c:\programdata\Microsoft Help 2010-03-11 15:57 . 2008-12-30 21:26 -------- d-----w- c:\program files\Everest Poker 2010-03-02 14:53 . 2008-12-10 19:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-24 08:16 . 2010-01-19 19:02 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 17:04 . 2009-02-02 12:08 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-02-23 16:57 . 2009-02-02 12:08 -------- d-----w- c:\programdata\Autodesk 2010-02-05 17:22 . 2009-01-26 19:49 -------- d-----w- c:\program files\Google 2010-01-28 06:34 . 2009-05-09 19:59 -------- d-----w- c:\program files\Free Music Zilla 2010-01-28 05:53 . 2010-01-28 05:53 -------- d-----w- c:\program files\Windows Portable Devices 2010-01-28 05:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-01-28 05:48 . 2010-01-28 05:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-01-28 05:47 . 2010-01-28 05:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal 2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2010-01-26 12:46 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2010-01-24 08:22 . 2008-12-10 19:29 -------- d-----w- c:\program files\Microsoft Works 2010-01-19 18:14 . 2009-06-08 11:00 -------- d-----w- c:\program files\Navilog1 2010-01-19 18:12 . 2008-12-30 21:16 -------- d-----w- c:\program files\Player Metaboli 2010-01-19 18:01 . 2009-10-07 15:01 -------- d-----w- c:\programdata\Ulead Systems 2010-01-19 17:57 . 2010-01-19 17:57 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ImgBurn 2010-01-19 17:53 . 2009-10-02 20:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\vlc 2010-01-06 15:38 . 2010-03-12 15:25 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-03-12 15:25 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-03-12 15:25 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-03-12 15:25 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-06 07:23 . 2008-12-10 19:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-02 06:38 . 2010-01-24 00:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-24 00:08 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-24 00:08 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-24 00:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2008-10-27 09:37 . 2008-10-27 09:37 699488 ----a-w- c:\program files\JUN2007_d3dx10_34_x86.cab 2008-10-27 09:36 . 2008-10-27 09:36 526160 ----a-w- c:\program files\DXSETUP.exe 2007-07-26 20:02 . 2008-12-10 19:20 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-07-26 20:02 . 2008-12-10 19:20 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-07-26 20:02 . 2008-12-10 19:20 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-07-26 20:02 . 2008-12-10 19:20 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-07-26 20:02 . 2008-12-10 19:20 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2007-08-26 14:32 . 2007-08-26 14:32 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Administrateur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk] path=c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2007-08-16 11:24 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2008-07-24 17:46 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-07-26 11:48 13576736 ----a-w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-07-26 11:48 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-04-17 03:50 6111232 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2006-09-07 17:19 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):11,2a,2b,12,ac,c2,ca,01 R0 bsufhepw;bsufhepw; [x] R0 wtadgsvw;wtadgsvw;c:\windows\System32\drivers\okuc.sys [x] R3 {40F91BB9-339A-4EA8-B9609597E6261D0D};{40F91BB9-339A-4EA8-B9609597E6261D0D};c:\windows\System32\svchost.exe [2008-01-18 21504] R3 {E398A8CE-4375-4DF5-8B0ABBDB799AD4BA};{E398A8CE-4375-4DF5-8B0ABBDB799AD4BA};c:\windows\System32\svchost.exe [2008-01-18 21504] R3 Al_amnuev;Al_amnuev;c:\windows\system32\drivers\raspptp.sys [2008-01-18 62976] R3 lredbooo;lredbooo;c:\users\ADMINI~1\AppData\Local\Temp\lredbooo.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 38224] R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-03-12 24416] R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [x] R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 133104] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-06 721904] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-15 335240] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856] --- Autres Services/Pilotes en mémoire --- *Deregistered* - qeifx [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs {E398A8CE-4375-4DF5-8B0ABBDB799AD4BA} {40F91BB9-339A-4EA8-B9609597E6261D0D} . Contenu du dossier 'Tâches planifiées' 2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 11:10] 2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 11:10] 2010-03-13 c:\windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job - c:\windows\system32\msfeedssync.exe [2010-01-24 04:56] . . ------- Examen supplémentaire ------- . FF - ProfilePath - c:\users\mali\AppData\Roaming\Mozilla\Firefox\Profiles\wtsk5416.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\IMBooster.exe MSConfigStartUp-43036521 - c:\programdata\43036521\43036521.exe MSConfigStartUp-64978337 - c:\progra~2\64978337\64978337.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-13 13:50 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86AE61F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8c3c9d24 \Driver\ACPI -> acpi.sys @ 0x80741d68 \Driver\atapi -> 0x86ae61f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK copy of MBR has been found in sector 0x03A385800 malicious code @ sector 0x03A385803 ! PE file found in sector at 0x03A385819 ! ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet020\Services\{40F91BB9-339A-4EA8-B9609597E6261D0D}] "ServiceDll"="c:\users\ADMINI~1\AppData\Local\Temp\231C.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet020\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" [HKEY_LOCAL_MACHINE\system\ControlSet020\Services\{E398A8CE-4375-4DF5-8B0ABBDB799AD4BA}] "ServiceDll"="c:\users\ADMINI~1\AppData\Local\Temp\231C.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet020\Services\qeifx] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet020\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\conime.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\progra~1\AVG\AVG8\avgrsx.exe c:\windows\system32\WUDFHost.exe c:\program files\AVG\AVG8\avgtray.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Heure de fin: 2010-03-13 13:56:00 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-13 12:55 Avant-CF: 317 474 045 952 octets libres Après-CF: 316 942 942 208 octets libres - - End Of File - - C88D2629D7657AB547D27A49BBF96744
×
×
  • Créer...