Se connecter / S'enregistrer
Votre question
Fermé

Virus rootkit

Tags :
  • Rootkit
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
23 Septembre 2010 16:05:28

Configuration: Windows Vista / Firefox 3.0.5

j'ai actuellement un virus de type rootkit sur mon PC, cela se manifeste par un ralentissement au démarrage (longue attente de plusieurs minutes avec un écran noir après l'écran Bios et le chargement de Windows) que je peux d'ailleurs court-circuiter en ouvrant mon lecteur CD pendant l'écran noir et donc éviter l'attente.
Pour autant je n'arrive pas à m'en débarrasser j'ai effectué divers scan avec spybot, malwarebyte, antivir sans pouvoir détecter quoique ce soit.
J'ai utilisé Combofix, dont le log se trouve à la fin de mon message, quant à Gmer il plante lors du scan et il m'est impossible de rebooter en mode sans echec (redémarrage automatique en mode normal dès l'accès au bureau en mode sans echec).
Je requiers donc votre aide, merci.


ComboFix 10-09-17.04 - Cyril Le Daddy 22/09/2010 18:59:12.6.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1964 [GMT 2:00]
Lancé depuis: c:\users\Cyril Le Daddy\Desktop\CCM.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-08-22 au 2010-09-22 ))))))))))))))))))))))))))))))))))))
.

2010-09-22 17:13 . 2010-09-22 17:13 -------- d-----w- c:\users\Cyril Le Daddy\AppData\Local\temp
2010-09-22 17:13 . 2010-09-22 17:13 -------- d-----w- c:\users\ReleaseEngineer.MACROVISION\AppData\Local\temp
2010-09-22 17:13 . 2010-09-22 17:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-22 17:13 . 2010-09-22 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-21 18:46 . 2010-09-21 19:13 -------- d-----w- C:\CCM
2010-09-19 12:11 . 2010-09-19 12:47 -------- d-----w- C:\ComboFix
2010-09-18 19:57 . 2010-09-18 19:57 -------- d-----w- c:\programdata\TVU Networks
2010-09-18 13:33 . 2010-09-18 13:33 -------- d-----w- C:\My Music
2010-09-15 17:29 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:29 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:29 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 16:10 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-13 18:34 . 2010-09-13 18:47 -------- d-----w- c:\users\Cyril Le Daddy\AppData\Roaming\DAEMON Tools Lite
2010-09-12 19:09 . 2010-08-30 12:34 1496064 ----a-w- c:\users\Cyril Le Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\yay4wqfy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-12 19:09 . 2010-08-30 12:33 43008 ----a-w- c:\users\Cyril Le Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\yay4wqfy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-12 19:09 . 2010-08-30 12:33 338944 ----a-w- c:\users\Cyril Le Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\yay4wqfy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-12 19:09 . 2010-08-30 12:33 346112 ----a-w- c:\users\Cyril Le Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\yay4wqfy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 16:57 . 2008-01-26 14:26 -------- d-----w- c:\programdata\NVIDIA
2010-09-22 16:44 . 2008-01-12 15:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-22 16:30 . 2010-03-06 16:59 35750 ----a-w- c:\programdata\nvModes.dat
2010-09-22 14:40 . 2009-11-17 19:40 -------- d-----w- c:\users\Cyril Le Daddy\AppData\Roaming\uTorrent
2010-09-21 15:41 . 2007-06-26 21:06 688194 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-21 15:41 . 2007-06-26 21:06 130868 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-18 20:00 . 2007-06-26 11:33 -------- d-----w- c:\program files\Packard Bell
2010-09-18 19:59 . 2008-12-16 19:47 -------- d-----w- c:\program files\VSO
2010-09-18 19:59 . 2008-12-16 19:47 47360 ----a-w- c:\users\Cyril Le Daddy\AppData\Roaming\pcouffin.sys
2010-09-18 19:59 . 2008-12-16 19:47 47360 ----a-w- c:\users\Cyril Le Daddy\AppData\Roaming\pcouffin.sys
2010-09-18 19:59 . 2008-12-16 19:47 -------- d-----w- c:\users\Cyril Le Daddy\AppData\Roaming\Vso
2010-09-18 19:57 . 2009-10-20 19:24 -------- d-----w- c:\program files\TVUPlayer
2010-09-17 11:55 . 2007-10-24 08:59 -------- d-----w- c:\users\Cyril Le Daddy\AppData\Roaming\OFFICEOne7
2010-09-15 18:43 . 2007-12-22 18:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 17:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-13 15:56 . 2008-01-12 15:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 11:24 . 2009-01-12 12:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 01:23 . 2009-11-17 19:42 -------- d-----w- c:\program files\uTorrent
2010-09-13 01:23 . 2009-03-11 18:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-12 19:08 . 2008-01-09 22:35 1356 ----a-w- c:\users\Cyril Le Daddy\AppData\Local\d3d9caps.dat
2010-08-15 11:31 . 2008-03-20 10:43 -------- d-----w- c:\program files\Safari
2010-08-15 11:30 . 2010-08-15 11:30 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-15 11:28 . 2010-08-15 11:28 -------- d-----w- c:\program files\iTunes
2010-08-15 11:28 . 2010-08-15 11:28 -------- d-----w- c:\program files\iPod
2010-08-15 11:28 . 2007-12-20 10:51 -------- d-----w- c:\program files\Common Files\Apple
2010-08-15 11:28 . 2007-12-15 17:57 -------- d-----w- c:\programdata\Apple Computer
2010-08-15 11:20 . 2007-12-15 13:44 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 11:19 . 2007-12-15 13:44 -------- d-----w- c:\program files\Java
2010-08-15 11:16 . 2010-08-15 11:16 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-15 11:11 . 2007-12-15 12:05 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-17 03:00 . 2010-04-22 17:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-14 16:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-14 16:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-14 16:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-14 16:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 16:15 . 2010-06-25 16:15 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2007-06-26 21:12 . 2007-06-26 21:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-13 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Cyril Le Daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PyGrenouille.lnk]
path=c:\users\Cyril Le Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PyGrenouille.lnk
backup=c:\windows\pss\PyGrenouille.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-11 21:18 13679720 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:18 110696 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2010-01-11 21:18 962664 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-21 01:18 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-13 11:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-15 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-11-05 108289]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2010-08-14 188416]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{901DFF25-4CAB-479D-A209-5DD472E78A24}.job
- c:\windows\system32\msfeedssync.exe [2010-08-14 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = http://login.live.com/...
uInternet Settings,ProxyOverride = local
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
FF - ProfilePath - c:\users\Cyril Le Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\yay4wqfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Cyril Le Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\yay4wqfy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Canal\Canal Widget\VOD\npCpVod.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npShiVa3D.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\TVUPlayer\npTVUAx.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Cyril Le Daddy\AppData\Roaming\Mozilla\Firefox\Profiles\yay4wqfy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 19:13
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85AFDB60]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a3b8d24
\Driver\ACPI -> acpi.sys @ 0x80614d68
\Driver\atapi -> 0x8665c5d0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3483169716-177007014-2927761483-1002\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2010\\data\\db\\1000\\lang_db.dat"
"LastSaveGame"=""
"Language"="French"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="C8-F045-2CF3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-3483169716-177007014-2927761483-1002\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\Cyril Le Daddy\\Documents\\Sports Interactive\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="C8-F045-2CF3"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-3483169716-177007014-2927761483-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,be,32,ed,f8,f8,a8,d8,f0,30,05,5a,5d,b1,3c,16,be,03,70,80,d4,58,ce,
59,ba,be,40,c7,9a,14,dc,94,8d,a4,6a,1f,69,a5,1d,e7,a8,dc,e9,8d,60,b4,13,9e,\
"??"=hex:f5,59,c4,30,94,5d,55,e4,82,b6,26,22,f7,08,56,5c

[HKEY_USERS\S-1-5-21-3483169716-177007014-2927761483-1002\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:3b,5c,6e,6b,f7,ab,f4,fe,84,aa,17,a8,73,80,f5,0c,b1,8c,4e,ab,a6,
69,9e,c5,1c,1e,11,f5,c1,a8,78,70,f0,90,0c,e0,8e,4c,c3,00,0d,e0,cf,3b,92,8a,\
"rkeysecu"=hex:a1,bd,82,d4,2a,b6,1f,ad,d7,4b,cb,a8,2a,c5,3c,f2

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-09-22 19:15:02
ComboFix-quarantined-files.txt 2010-09-22 17:15
ComboFix2.txt 2010-09-21 19:13
ComboFix3.txt 2010-09-19 12:47
ComboFix4.txt 2010-09-15 17:11
ComboFix5.txt 2010-09-22 16:50

Avant-CF: 46 221 983 744 octets libres
Après-CF: 46 189 481 984 octets libres

- - End Of File - - B196FC5A47FD3ACBF88CA9FAC0A2952F

Autres pages sur : virus rootkit

23 Septembre 2010 21:37:34

Bonsoir
euh.. rien :D 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS