Aller au contenu

Torg

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    5

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Torg

  1. Torg
    Il n'y a rien en quarantaine, je viens de le mettre à jour et rien n'y fait :s
  2. Torg
    Je ne peux pas l'analyser étant donné qu'il n'y est pas :s C'est un genre de ninja ^^
  3. Torg
    A... Bizarre... Le virus est detecté pendant le scan Malwarebyte, il le coupe, et Officescan m'affiche ce popup: Et quand je vais dans le dossier system en question, il n'est plus là ...
  4. Torg
    J'ai pas pu te repondre avant, en tout cas merci pour ta réponse rapide ! Voici les deux rapports générés par OTL: OTL.txt Extro.txt
  5. Torg
    Bonjour, Suite à une infection, je viens vous voir pour en savoir plus sur ce virus nommé BOBOTURBO.exe En effet, quand je lance un scan Malwarebyte, le virus ferme le programme. J'ai tenté avec Emsisoft => même résultat. Hijackthis n'a rien supprimer (une cinquantaine de postiifs => redemarrage => raAnalyse => les même positifs resortent). Voici le rapport de Combofix: ComboFix 12-11-29.01 - a-foulard 29/11/2012 9:20.1.2 - x64 Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4079.1673 [GMT 1:00] Lancé depuis: \\cast\Sources\Divers\Anti malware\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA} SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un antivirus résident est actif . . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-10-28 au 2012-11-29 )))))))))))))))))))))))))))))))))))) . . 2012-11-29 08:33 . 2012-11-29 08:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-11-29 08:33 . 2012-11-29 08:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-29 08:33 . 2012-11-29 08:33 -------- d-----w- c:\users\info1\AppData\Local\temp 2012-11-29 08:33 . 2012-11-29 08:33 -------- d-----w- c:\users\info\AppData\Local\temp 2012-11-29 08:33 . 2012-11-29 08:33 -------- d-----w- c:\users\capi\AppData\Local\temp 2012-11-29 08:33 . 2012-11-29 08:33 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2012-11-29 08:26 . 2012-11-29 08:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC8373A5-0FC5-4344-9491-E1F597E596AE}\offreg.dll 2012-11-29 04:38 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC8373A5-0FC5-4344-9491-E1F597E596AE}\mpengine.dll 2012-11-28 14:43 . 2012-11-28 15:18 16200 ----a-w- c:\windows\stinger.sys 2012-11-28 14:43 . 2012-11-28 15:18 -------- d-----w- c:\program files (x86)\stinger 2012-11-28 13:00 . 2012-11-28 13:00 388096 ----a-r- c:\users\pdjite\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-28 12:33 . 2012-11-28 12:36 -------- d-----w- c:\program files (x86)\RegistryNuke 2012 2012-11-28 12:25 . 2012-11-28 12:25 -------- d-----w- c:\users\pdjite\AppData\Roaming\Malwarebytes 2012-11-28 12:25 . 2012-11-28 12:25 -------- d-----w- c:\programdata\Malwarebytes 2012-11-28 12:25 . 2012-11-28 12:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-28 12:25 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-28 11:45 . 2012-11-28 11:45 -------- d-----w- c:\users\A-FOULARD 2012-11-16 09:56 . 2012-11-16 09:56 -------- d-----w- c:\programdata\GroupPolicy 2012-11-12 08:28 . 2012-11-12 08:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-12 08:28 . 2012-11-12 08:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-12 08:28 . 2012-11-12 08:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-12 08:28 . 2012-11-12 08:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-12 08:28 . 2012-11-12 08:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-12 08:28 . 2012-11-12 08:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-12 08:28 . 2012-11-12 08:28 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-11-12 08:27 . 2012-11-12 08:28 -------- d-----w- c:\program files (x86)\QuickTime 2012-11-05 08:33 . 2012-11-05 08:33 -------- d-----w- c:\users\Default\AppData\Local\Google . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-09 08:50 . 2012-04-02 07:07 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-09 08:50 . 2011-09-02 12:32 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2010-11-21 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2012-05-14 1841248] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\0\0] "Script"=install-base-vision.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\1\0] "Script"=Inventaire-Utilisateurs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\2\0] "Script"=Connexion_Imp_Scanner-v2.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\3\0] "Script"=inventaire sans office 2007.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\4\0] "Script"=Sccm.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\5\0] "Script"=Capi.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\6\0] "Script"=Inventaire-Postes.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\7\0] "Script"=Activation_Citrix_SSO_Utilisateur.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\8\0] "Script"=Script_Partages_Siege_V6.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11668\Scripts\Logon\9\0] "Script"=\\eurobat.com\SysVol\eurobat.com\scripts\runocs.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\0\0] "Script"=INSTALL-LANCEMENT OLFEO.VBS . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\1\0] "Script"=\\eurobat.com\NETLOGON\_PICHET\install-base-vision.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\1\1] "Script"=\\eurobat.com\NETLOGON\_PICHET\Capi.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\1\2] "Script"=\\eurobat.com\NETLOGON\_PICHET\Connexion_Imp_Scanner-v8.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\1\3] "Script"=\\eurobat.com\NETLOGON\_PICHET\Office-Scan-10.6.cmd . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\1\4] "Script"=\\eurobat.com\NETLOGON\_PICHET\Activation_Citrix_SSO_Utilisateur.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\1\5] "Script"=\\EUROBAT.COM\NETLOGON\_PICHET\runocs.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-11671\Scripts\Logon\2\0] "Script"=\\eurobat.com\NETLOGON\_PICHET\Script_Partages_Siege_V8.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\0\0] "Script"=install-base-vision.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\1\0] "Script"=Inventaire-Utilisateurs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\2\0] "Script"=Connexion_Imp_Scanner-v2.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\3\0] "Script"=inventaire sans office 2007.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\4\0] "Script"=Sccm.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\5\0] "Script"=Capi.bat . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\6\0] "Script"=Inventaire-Postes.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\7\0] "Script"=Activation_Citrix_SSO_Utilisateur.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\8\0] "Script"=Script_Partages_Siege_V6.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-343818398-113007714-682003330-9270\Scripts\Logon\9\0] "Script"=\\eurobat.com\SysVol\eurobat.com\scripts\runocs.bat . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2012-03-15 918032] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-25 1255736] S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2008-03-13 30720] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-11-28 19744] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728] S2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files (x86)\OCS Inventory Agent\ocsservice.exe [2007-02-27 61440] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-10 381248] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-04-19 64304] S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2012-07-17 344376] S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2012-07-17 42808] S3 DWDSCARD;DWDSCARD;c:\windows\system32\drivers\dwdscard.sys [2010-05-06 62080] S3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [2008-03-14 5632] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-31 1431888] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] . . Contenu du dossier 'Tâches planifiées' . 2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:50] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 12:25] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16 12:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-11-08 15:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1694016] "DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2011-04-21 297848] . ------- Examen supplémentaire ------- . mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.223.3 192.168.223.8 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2012-11-29 09:38:51 ComboFix-quarantined-files.txt 2012-11-29 08:38 . Avant-CF: 28 178 137 088 octets libres Après-CF: 29 055 332 352 octets libres . - - End Of File - - 763CE79851783F2FCF9896D5528ED74C Quelqu'un pourrais m'en dire plus sur ce virus/malware ? Est-il possible qu'il se propage sur le réseau ? Merci d'avance. Cordialement.
×
×
  • Créer...