silverhack

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 23 octobre 2010
Dernière visite
le 24 octobre 2010

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par silverhack

Besoin d'aide pour probleme récurent d'un virus

silverhack a posté un sujet dans Analyses et éradication malwares

Bonjour à tous, Je suis nouveau sur ce forum où j'ai pu lire quelques discutions assez intéressante, alors j'ai décidé de vous exposer mon problème de virus qui est assez compliqué due à l'encrage de celui ci! En gros pour moi, après avoir refait plusieurs fois mon pc (formatage, réinscription de la table, flash bios) et tester des système D ainsi que plusieurs logiciels, j'en ai conclu qu'il se loge dans le MBR et infecte tout les composants internes. Les symptôme sont des freezes intempestif ainsi qu'une bande passante affectée. C'est alors que dans ma quête de restauration de mon PC, qui dure déjà depuis près de 3 ans où j'ai pu apprendre beaucoup sur l'informatique (mais pas assez apparemment ), J'en arrive à demander de l'aide des expert de ce site pour m'aider à résoudre ce problème en un premier temps si quelqu'un connait déjà celui-ci, ainsi qu'un œil expertisé pour la lecture de mon rapport combofix qui pourrai m'indiquer les démarches a suivre par la suite! Voilà j'espère avoir bien exposé la chose et que quelqu'un pourra vraiment venir a mon secours et me sortir de cette galère qui dure. Et je remercie par avance tout ceux qui voudrons bien porter attention a mon problème PS : Je poste avec ce message mon rapport combofix! ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2679 [GMT 2:00] Lancé depuis: c:\documents and settings\silver\Mes documents\Téléchargements\ComboFix.exe AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\silver\Application Data\PriceGong c:\documents and settings\silver\Application Data\PriceGong\Data\1.xml c:\documents and settings\silver\Application Data\PriceGong\Data\a.xml c:\documents and settings\silver\Application Data\PriceGong\Data\b.xml c:\documents and settings\silver\Application Data\PriceGong\Data\c.xml c:\documents and settings\silver\Application Data\PriceGong\Data\d.xml c:\documents and settings\silver\Application Data\PriceGong\Data\e.xml c:\documents and settings\silver\Application Data\PriceGong\Data\f.xml c:\documents and settings\silver\Application Data\PriceGong\Data\g.xml c:\documents and settings\silver\Application Data\PriceGong\Data\h.xml c:\documents and settings\silver\Application Data\PriceGong\Data\i.xml c:\documents and settings\silver\Application Data\PriceGong\Data\J.xml c:\documents and settings\silver\Application Data\PriceGong\Data\k.xml c:\documents and settings\silver\Application Data\PriceGong\Data\l.xml c:\documents and settings\silver\Application Data\PriceGong\Data\m.xml c:\documents and settings\silver\Application Data\PriceGong\Data\mru.xml c:\documents and settings\silver\Application Data\PriceGong\Data\n.xml c:\documents and settings\silver\Application Data\PriceGong\Data\o.xml c:\documents and settings\silver\Application Data\PriceGong\Data\p.xml c:\documents and settings\silver\Application Data\PriceGong\Data\q.xml c:\documents and settings\silver\Application Data\PriceGong\Data\r.xml c:\documents and settings\silver\Application Data\PriceGong\Data\s.xml c:\documents and settings\silver\Application Data\PriceGong\Data\t.xml c:\documents and settings\silver\Application Data\PriceGong\Data\u.xml c:\documents and settings\silver\Application Data\PriceGong\Data\v.xml c:\documents and settings\silver\Application Data\PriceGong\Data\w.xml c:\documents and settings\silver\Application Data\PriceGong\Data\x.xml c:\documents and settings\silver\Application Data\PriceGong\Data\y.xml c:\documents and settings\silver\Application Data\PriceGong\Data\z.xml . ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-23 au 2010-10-23 )))))))))))))))))))))))))))))))))))) . 2010-10-22 23:48 . 2010-10-22 23:48 -------- d-----w- c:\documents and settings\silver\Local Settings\Application Data\Cooliris 2010-10-19 16:55 . 2010-10-19 16:55 864080 ----a-w- c:\program files\Internet Explorer\minftnet.exe 2010-10-19 16:55 . 2010-10-19 16:55 -------- d-----w- c:\program files\DevNet 2010-10-14 13:53 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-10-14 13:13 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-10-14 13:06 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-14 13:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-14 13:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-14 00:02 . 2010-10-14 00:02 -------- d-----w- c:\documents and settings\silver\Application Data\fretsonfire 2010-10-13 19:14 . 2010-10-13 19:14 -------- d-----w- c:\documents and settings\silver\Application Data\OpenOffice.org 2010-10-13 19:10 . 2010-10-19 20:18 -------- d-----w- c:\program files\OpenOffice.org 3 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-30 15:18 . 2010-05-30 21:18 30528 ----a-w- c:\windows\system32\TURegOpt.exe 2010-09-30 15:12 . 2010-05-30 21:18 30016 ----a-w- c:\windows\system32\uxtuneup.dll 2010-09-18 10:23 . 2001-08-28 14:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2001-08-28 14:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2001-08-28 14:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2001-08-28 14:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:50 . 2010-05-24 20:44 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:50 . 2010-05-24 20:44 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-10 05:50 . 2010-05-24 20:44 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-07 15:11 . 2010-05-25 13:30 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2010-05-25 13:30 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2010-05-25 13:30 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2010-05-25 13:30 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2010-05-25 13:30 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-09-07 14:47 . 2010-05-25 13:30 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-09-07 14:47 . 2010-05-25 13:30 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-07 14:46 . 2010-05-25 13:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-09-05 17:11 . 2010-09-05 16:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-09-05 17:11 . 2010-09-05 16:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-09-05 13:58 . 2010-09-05 13:55 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-09-05 13:58 . 2010-09-05 13:55 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-09-05 13:58 . 2010-09-05 13:55 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-09-01 11:51 . 2001-08-28 14:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:55 . 2001-08-28 14:00 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2001-08-28 14:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:58 . 2001-08-28 14:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2001-08-28 14:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2001-08-28 14:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2001-08-28 14:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:44 . 2010-05-24 20:44 590848 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] 2010-03-28 19:53 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3EA8D036-C9E7-4721-BCDF-C13D00C4CC39}"= "c:\program files\DevNet\Toolbar\DevNet.dll" [2010-10-19 487248] [HKEY_CLASSES_ROOT\clsid\{3ea8d036-c9e7-4721-bcdf-c13d00c4cc39}] [HKEY_CLASSES_ROOT\IadahToolbar.IEHook.1] [HKEY_CLASSES_ROOT\TypeLib\{A26CCE4F-8765-482B-A9F5-7D0A1635C08C}] [HKEY_CLASSES_ROOT\IadahToolbar.IEHook] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-26 328056] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "AnumanLive"="c:\documents and settings\silver\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2007-08-29 347648] "InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-04 1000960] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-08 39408] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "bcpopup"="c:\program files\RAIDCore\bcpopup.exe" [2008-06-24 3542403] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "WheelMouse"="c:\advanc~1\wh_exec.exe" [2008-02-21 98304] "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "DelReg"="c:\program files\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-05-20 317368] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "i:\\GAMES\\Game Instal windows XP\\SoF-Payback\\sof3.exe"= "i:\\GAMES\\Game Instal windows XP\\PES2010\\pes2010.exe"= "i:\\GAMES\\Game Instal windows XP\\singularity\\Binaries\\Singularity.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "i:\\GAMES\\Game Instal windows XP\\Prince of Persia Les Sables Oubliés\\Prince of Persia.exe"= "i:\\GAMES\\Game Instal windows XP\\Prince of Persia Les Sables Oubliés\\GameSettings.exe"= "i:\\GAMES\\Game Instal windows XP\\Prince of Persia Les Sables Oubliés\\gu.exe"= "i:\\GAMES\\Game Instal windows XP\\Prince of Persia Les Sables Oubliés\\UPlayBrowser.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Documents and Settings\\silver\\Mes documents\\Téléchargements\\utorrent(2).exe"= "c:\\Program Files\\Activision\\Prototype\\prototypef.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/05/2010 15:30 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/05/2010 15:30 17744] R2 bc_service;RAIDConsole - Event Service;c:\progra~1\RAIDCore\BC_SER~1.EXE [25/05/2010 03:56 2046880] R2 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/05/2010 11:34 271728] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2010 21:04 135664] S3 bcapiservice;RAIDConsole - Remote API;c:\progra~1\RAIDCore\BCAPIS~1.EXE [25/05/2010 03:56 2157804] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [08/06/2010 03:17 28672] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [08/06/2010 03:17 55296] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 Usbatos;LGE SP DL USB Serial Port;c:\windows\system32\drivers\lgusbatos.sys [21/06/2010 03:00 22016] S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [25/01/2007 17:45 6784] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/05/2010 02:59 691696] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - GTNDIS5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:04] 2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 19:04] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.iadah.com/web-A-9 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: {26BFCF88-DFB5-4092-9E74-3FDE8E12EF1D} = 192.168.1.1,0.0.0.0 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\silver\Application Data\Mozilla\Firefox\Profiles\xlcokv30.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2542115&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Softonic_France Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?mkt=fr-FR&form=MIMWA5&q= FF - component: c:\documents and settings\silver\Application Data\Mozilla\Firefox\Profiles\xlcokv30.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}\components\FFExternalAlert.dll FF - component: c:\documents and settings\silver\Application Data\Mozilla\Firefox\Profiles\xlcokv30.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}\components\RadioWMPCore.dll FF - component: c:\documents and settings\silver\Application Data\Mozilla\Firefox\Profiles\xlcokv30.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\PriceGong\2.1.0\FF\components\PriceGongFF.dll FF - plugin: c:\documents and settings\silver\Application Data\Mozilla\Firefox\Profiles\xlcokv30.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-10-23 21:10 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-796845957-1004336348-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHôwæ*] "DisplayName"="???\17?\11\09" "DeviceDesc"="???\17?\11\09" "ProviderName"="?o?\11?\17?\11??" "MFG"="???????" "ReinstallString"=".10.1000.8" "DeviceInstanceIds"=multi:"d:\\ati\\atidrv\\sbdrv\\smbus\\smbusati.inf\00" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1216) c:\program files\AlienGUIse\fastload.dll . Heure de fin: 2010-10-23 21:12:10 ComboFix-quarantined-files.txt 2010-10-23 19:12 Avant-CF: 446 980 096 octets libres Après-CF: 722 624 512 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP �dition familiale" /fastdetect /NoExecute=OptIn /usepmtimer /TUTag=1SAX1Q /Kernel=TUKernel.exe multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP �dition familiale (TuneUp Backup)" /fastdetect /NoExecute=OptIn /usepmtimer /TUTag=1SAX1Q-BAK - - End Of File - - B8C1BC33ED5C3A78B9531874CF8E798E
- le 23 octobre 2010

Connexion

silverhack

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par silverhack

Besoin d'aide pour probleme récurent d'un virus

Zebulon

Outils en ligne

Naviguer