Astrus

Membres

Afficher le profil Afficher son activité

Compteur de contenus
2
Inscription
le 23 juillet 2012
Dernière visite
le 24 juillet 2012

Autres informations

Mes langues
francais

Astrus's Achievements

Junior Member (3/12)

Réputation sur la communauté

Infection Sirefef avec déconnexion Internet

Astrus a répondu à un(e) sujet de Astrus dans Analyses et éradication malwares

bonjour, désintallation de combofix effectué avec succés et j'ai effectué la procédure que tu m'as demandé... après redémarrage de windows, je ne peux toujours pas réactiver le parefeu de Bitdéfender sous peine de perte de connexion internet. Merci pour votre aide. Astrus
- le 23 juillet 2012
- 3 réponses
Infection Sirefef avec déconnexion Internet

Astrus a posté un sujet dans Analyses et éradication malwares

Bonjour, j'ai lu le sujet de Venetor afin de trouver une solution mais ça n'a pas marché (bien sur, je n'ai pas utilisé le script fait par Pear à son intention). la configuration est la suivante (n'étant pas mon pc mais celui de mon beau-frère) : windows7 edition familliale prenuim bitdefender 2010 à jour pbs : perte de la connexion internet suite à une infection avec le trojan sirefef. actions entreprises: désactivation du parefeu pour accéder au net. mise en mode agressif de l'antivirus, antisphing et autres d'où des alertes incessantes de tentative d'infection des virus : trojan sirefef.GZ /HK /GY que Bitdéfender supprime. tentative de mise à jour de adobe flash alors que celui ci est déjà updaté. alors j'ai utilisé combofix comme Venetor et qui m'a donné un rapport que je vous link : ComboFix 12-07-21.01 - Olivier 23/07/2012 12:04:08.2.4 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6135.4940 [GMT 2:00] Lancé depuis: c:\users\Olivier\Desktop\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E} FW: BitDefender Pare-feu *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5} SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Olivier\AppData\Local\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\@ c:\users\Olivier\AppData\Local\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\n c:\windows\Installer\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\@ c:\windows\Installer\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\L\00000004.@ c:\windows\Installer\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\n c:\windows\Installer\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\U\80000000.@ c:\windows\Installer\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\U\80000032.@ c:\windows\Installer\{0b13bb1d-29c8-07f5-9ce3-3777c26b0a2e}\U\80000064.@ . Une copie infectée de c:\windows\system32\services.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\erdnt\cache64\services.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-23 au 2012-07-23 )))))))))))))))))))))))))))))))))))) . . 2012-07-23 08:28 . 2012-07-23 08:28 -------- d-----w- c:\programdata\McAfee Security Scan 2012-07-23 08:28 . 2012-07-23 09:14 -------- d-----w- c:\program files (x86)\McAfee Security Scan 2012-07-22 21:35 . 2012-07-22 21:35 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-22 21:34 . 2012-07-22 21:34 -------- d-----w- c:\program files (x86)\Oracle 2012-07-22 21:34 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-22 21:34 . 2012-07-22 21:34 -------- d-----w- c:\program files (x86)\Java 2012-07-15 10:30 . 2012-07-15 10:30 -------- d-----w- c:\program files (x86)\Gameforge 2012-07-11 21:00 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-08 10:13 . 2012-07-08 10:13 -------- d-----w- c:\users\Olivier\AppData\Roaming\Malwarebytes 2012-07-08 10:13 . 2012-07-23 08:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-08 10:13 . 2012-07-08 10:13 -------- d-----w- c:\programdata\Malwarebytes 2012-07-08 10:13 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-07 20:51 . 2012-07-07 20:51 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-06 21:08 . 2012-07-06 21:08 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-07-06 21:07 . 2012-07-06 21:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-28 16:27 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-28 16:27 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-28 16:23 . 2012-06-28 16:23 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-25 12:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 12:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 12:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 12:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 12:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 12:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 12:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 12:12 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 12:12 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 18:24 . 2012-06-24 18:24 -------- d-----w- c:\windows\fr 2012-06-24 18:22 . 2012-06-24 18:22 -------- d-----w- c:\program files\Windows Live 2012-06-24 08:31 . 2012-06-24 08:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-06-24 08:31 . 2012-06-24 08:31 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-23 08:28 . 2012-03-29 08:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-23 08:28 . 2011-08-13 08:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 20:58 . 2009-10-19 09:01 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-08 10:17 . 2011-07-14 20:53 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-07-08 10:16 . 2011-07-14 20:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-07-06 21:07 . 2011-07-14 20:53 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-07-05 20:06 . 2010-09-23 08:57 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-13 02:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 02:55 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 02:55 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 02:55 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 02:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 02:55 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 02:55 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 02:55 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-03-06 102400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CANAL+ CANALSAT A LA DEMANDE"="c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2010-05-03 163992] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 250056] R3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-05-08 278224] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\ShotOnline\GameGuard\dump_wmimmc.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400] R3 X6va005;X6va005;c:\users\Olivier\AppData\Local\Temp\0052DAC.tmp [x] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2011-05-08 88144] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-05-08 89680] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-24 283200] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2011-05-08 103944] S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-05-03 188416] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2011-05-08 163936] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Contenu du dossier 'Tâches planifiées' . 2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-04 8060960] "BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2011-05-08 71152] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2011-05-08 76296] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2012-05-23 1702496] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\p1lymi83.default\ . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Olivier\AppData\Local\Temp\0052DAC.tmp" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c, 3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:d5,05,33,30,ab,68,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,ce,ca,a9,c1,1a,3d,46,b5,f6,52,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,ce,ca,a9,c1,1a,3d,46,b5,f6,52,\ . [HKEY_USERS\S-1-5-21-322590953-1399879509-692075408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-322590953-1399879509-692075408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Heure de fin: 2012-07-23 12:16:06 - La machine a redémarré ComboFix-quarantined-files.txt 2012-07-23 10:16 ComboFix2.txt 2012-07-07 21:45 . Avant-CF: 639 638 269 952 octets libres Après-CF: 640 051 818 496 octets libres . - - End Of File - - E832DFBBAA544C242CEEA5D679D48988 Une fois la machine redémarrée le même problème persiste avec la connexion internet mais je n'ai plus les alertes... je vous remercie pour l'aide que vous pourriez m'apporter. Astrus
- le 23 juillet 2012
- 3 réponses

Connexion

Astrus

Compteur de contenus

Inscription

Dernière visite

Autres informations

Astrus's Achievements

Junior Member (3/12)

Réputation sur la communauté

Infection Sirefef avec déconnexion Internet

Infection Sirefef avec déconnexion Internet

Zebulon

Outils en ligne

Naviguer