Se connecter / S'enregistrer
Votre question

Infection Bubnix-H

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Août 2010 19:04:20

Hello,

J'ai des pubs intenpestives qui apparaissent ... j'ai vu sur TCPview que j'ai un services.exe qui balance tj des pubs vers rev.opentransfert.com .. bwef un rootkit je pense.

Je lance plusieurs scan et j'en trouve en effet un.

Le pb c'est que je n'arrive pas a virer le fichier qui doit etre responsable de ca : C:\Windows\System32\drivers\sdvbux.sys

J'ai lancé combofix mais il ne supprime pas apparemment le fichier voila le rapport:

Merci d'avance !

ComboFix 10-07-31.04 - Kain 01/08/2010 18:27:30.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3071.2198 [GMT 2:00]
Lancé depuis: c:\users\Kain\Desktop\LLComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-01 au 2010-08-01 ))))))))))))))))))))))))))))))))))))
.

2010-08-01 16:30 . 2010-08-01 16:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-01 16:30 . 2010-08-01 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-01 16:13 . 2010-08-01 16:30 -------- d-----w- c:\users\Kain\AppData\Local\temp
2010-08-01 15:44 . 2010-08-01 15:44 -------- d-----w- c:\program files\Unlocker
2010-08-01 14:56 . 2010-08-01 14:57 -------- d-----w- c:\users\Kain\AppData\Local\Google
2010-08-01 14:56 . 2010-08-01 14:56 -------- d-----w- c:\program files\Google
2010-08-01 14:56 . 2010-08-01 14:56 -------- d-----w- c:\programdata\Alwil Software
2010-08-01 14:56 . 2010-08-01 14:56 -------- d-----w- c:\program files\Alwil Software
2010-08-01 14:36 . 2010-08-01 14:36 -------- d-----w- c:\program files\Enigma Software Group
2010-08-01 14:16 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-08-01 14:15 . 2010-08-01 14:15 -------- d-----w- c:\programdata\Logitech
2010-08-01 14:11 . 2010-08-01 14:11 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-08-01 14:04 . 2010-08-01 14:06 -------- d-----w- c:\program files\Ad-Remover
2010-08-01 13:04 . 2010-08-01 13:40 -------- d-----w- c:\users\Kain\DoctorWeb
2010-07-30 23:59 . 2010-07-31 00:57 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-30 23:59 . 2010-07-30 23:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-30 23:56 . 2010-07-31 00:57 -------- d-----w- c:\programdata\Lavasoft
2010-07-30 23:11 . 2010-07-31 14:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-30 23:11 . 2010-07-31 05:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-30 23:03 . 2010-07-30 23:03 76560 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-07-30 22:49 . 2010-07-30 23:03 -------- d-----w- c:\program files\Trend Micro
2010-07-30 22:43 . 2010-07-30 22:44 -------- d---a-w- C:\Navilog1
2010-07-25 12:20 . 2010-07-25 12:20 -------- d-----w- c:\users\Kain\AppData\Roaming\Malwarebytes
2010-07-25 12:20 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 12:20 . 2010-07-25 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 12:20 . 2010-07-25 12:20 -------- d-----w- c:\programdata\Malwarebytes
2010-07-25 12:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 23:21 . 2010-07-24 23:21 21584 ----a-w- c:\windows\system32\drivers\lfhszuvl.sys
2010-07-24 23:20 . 2010-07-24 23:20 21584 ----a-w- c:\windows\system32\drivers\onkvqsdw.sys
2010-07-11 15:52 . 2003-10-17 09:25 505104 ----a-r- c:\windows\system32\msxml.dll
2010-07-11 15:52 . 2003-10-17 09:25 69632 ----a-r- c:\windows\system32\xmltok.dll
2010-07-11 15:52 . 2003-10-17 09:25 36864 ----a-r- c:\windows\system32\xmlparse.dll
2010-07-11 15:52 . 2003-10-17 09:25 26064 ----a-r- c:\windows\system32\xmlinst.exe
2010-07-11 15:52 . 2003-10-17 09:25 24576 ----a-r- c:\windows\system32\msxml3a.dll
2010-07-11 15:52 . 2010-07-11 15:52 -------- d-----w- c:\program files\Ubi Soft
2010-07-11 15:52 . 2003-10-17 09:25 89360 ----a-r- c:\windows\system32\VB5DB.DLL
2010-07-11 15:52 . 2003-10-17 09:25 28432 ----a-r- c:\windows\system32\msxmlr.dll
2010-07-02 21:37 . 2010-07-02 21:37 1 ----a-w- c:\windows\system32\SI.bin

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 16:29 . 2009-07-14 08:39 694766 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-01 16:29 . 2009-07-14 08:39 127478 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-01 16:23 . 2009-10-29 09:02 -------- d-----w- c:\programdata\NVIDIA
2010-08-01 16:14 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-08-01 14:36 . 2009-10-29 09:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-01 14:12 . 2009-10-29 00:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-01 14:11 . 2009-10-30 00:05 -------- d-----w- c:\program files\Creative
2010-08-01 14:11 . 2009-10-30 00:04 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-01 14:11 . 2009-10-30 00:04 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-01 13:46 . 2009-10-30 00:19 -------- d-----w- c:\users\Kain\AppData\Roaming\foobar2000
2010-08-01 00:57 . 2009-10-29 23:51 -------- d-----w- c:\program files\Trillian
2010-08-01 00:57 . 2009-10-30 00:33 -------- d-----w- c:\users\Kain\AppData\Roaming\FileZilla
2010-07-31 15:39 . 2009-10-31 03:53 -------- d-----w- c:\program files\SpeedFan
2010-07-30 23:22 . 2009-10-30 16:47 -------- d-----w- c:\program files\FileZilla Server
2010-07-30 23:21 . 2009-10-30 23:37 -------- d-----w- c:\programdata\Skype
2010-07-30 23:20 . 2009-10-30 02:35 -------- d-----w- c:\programdata\eMule
2010-07-27 00:15 . 2009-10-29 00:23 85688 ----a-w- c:\users\Kain\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-26 15:31 . 2010-05-07 17:33 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-26 00:00 . 2010-05-07 21:01 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-24 17:52 . 2009-10-30 00:30 -------- d-----w- c:\users\Kain\AppData\Roaming\EditPlus 3
2010-07-21 21:23 . 2009-10-30 01:23 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-14 00:09 . 2009-10-31 11:53 -------- d-----w- c:\programdata\Microsoft Help
2010-06-22 12:17 . 2010-06-22 12:17 -------- d-----w- c:\program files\QuickTime Alternative
2010-06-22 12:17 . 2010-06-22 12:17 -------- d-----w- c:\programdata\Apple Computer
2010-06-22 12:16 . 2009-12-18 23:01 -------- d-----w- c:\program files\QuickTime
2010-06-19 09:18 . 2009-10-30 02:57 -------- d-----w- c:\users\Kain\AppData\Roaming\.ABC
2010-06-13 08:30 . 2009-10-30 23:38 -------- d-----w- c:\users\Kain\AppData\Roaming\Skype
2010-06-13 08:24 . 2009-10-30 23:40 -------- d-----w- c:\users\Kain\AppData\Roaming\skypePM
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17764\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17764\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17764\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\17764\AcrobatUpdater.exe
2010-06-01 19:25 . 2010-05-23 15:09 190 ----a-w- c:\users\Kain\UIdata.dat
2010-06-01 17:37 . 2009-10-29 09:06 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24 . 2010-06-10 20:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 20:17 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 16:33 . 2010-05-26 16:33 48388 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-21 05:18 . 2010-06-10 20:17 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 19:29 . 2010-05-05 19:29 15448 ----a-w- c:\windows\system32\drivers\pfmodnt.sys
2010-05-05 19:29 . 2010-05-05 19:29 1178200 ----a-w- c:\windows\system32\drivers\ha20x2k.sys
2010-05-05 19:29 . 2010-05-05 19:29 95832 ----a-w- c:\windows\system32\drivers\emupia2k.sys
2010-05-05 19:29 . 2010-05-05 19:29 158808 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2010-05-05 19:28 . 2010-05-05 19:28 14424 ----a-w- c:\windows\system32\drivers\ctprxy2k.sys
2010-05-05 19:24 . 2010-05-05 19:24 130136 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2010-05-05 19:24 . 2010-05-05 19:24 347144 ----a-w- c:\windows\system32\drivers\ctdvda2k.sys
2010-05-05 19:24 . 2010-05-05 19:24 526296 ----a-w- c:\windows\system32\drivers\ctaud2k.sys
2010-05-05 19:24 . 2010-05-05 19:24 511064 ----a-w- c:\windows\system32\drivers\ctac32k.sys
2010-05-05 19:24 . 2010-05-05 19:24 1324120 ----a-w- c:\windows\system32\drivers\CTEXFIFX.sys
2010-05-05 19:23 . 2010-05-05 19:23 72792 ----a-w- c:\windows\system32\drivers\CTHWIUT.sys
2010-05-05 19:23 . 2010-05-05 19:23 171096 ----a-w- c:\windows\system32\drivers\CT20XUT.sys
2010-05-05 18:01 . 2010-05-05 18:01 86016 ----a-w- c:\windows\system32\ctcoinst.dll
2010-05-05 18:01 . 2010-05-05 18:01 181248 ----a-w- c:\windows\system32\ctdvinst.dll
2010-05-05 17:59 . 2010-05-05 17:59 60928 ----a-w- c:\windows\system32\a3d.dll
2010-05-05 17:58 . 2010-05-05 17:58 48640 ----a-w- c:\windows\system32\ac3api.dll
2010-05-05 17:56 . 2010-05-05 17:56 41472 ----a-w- c:\windows\system32\CTxfiBtn.dll
2010-05-05 17:56 . 2010-05-05 17:56 2560 ----a-w- c:\windows\system32\CtxfiRes.dll
2010-05-05 17:56 . 2010-05-05 17:56 39424 ----a-w- c:\windows\system32\CTxfiSpk.dll
2010-05-05 17:56 . 2010-05-05 17:56 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
2010-05-05 17:52 . 2010-05-05 17:52 47104 ----a-w- c:\windows\system32\CTxfiReg.exe
2010-05-05 17:51 . 2010-05-05 17:51 15360 ----a-w- c:\windows\system32\Ct20xspi.dll
2010-05-05 17:51 . 2010-05-05 17:51 1212928 ----a-w- c:\windows\system32\CTxfispi.exe
2010-05-05 17:46 . 2010-05-05 17:46 321512 ----a-w- c:\windows\system32\ctdlang.dat
2010-05-05 17:45 . 2010-05-05 17:45 114688 ----a-w- c:\windows\system32\ctemupia.dll
2010-05-05 17:42 . 2010-05-05 17:42 193024 ----a-w- c:\windows\system32\ct_oal.dll
2010-05-05 17:42 . 2010-05-05 17:42 50688 ----a-w- c:\windows\system32\ctasio.dll
2010-05-05 17:42 . 2010-05-05 17:42 53248 ----a-w- c:\windows\system32\ctdproxy.dll
2010-05-05 17:41 . 2010-05-05 17:41 74752 ----a-w- c:\windows\system32\ctosuser.dll
2010-05-05 17:41 . 2010-05-05 17:41 10240 ----a-w- c:\windows\system32\sfman32.dll
2010-05-05 17:41 . 2010-05-05 17:41 108544 ----a-w- c:\windows\system32\sfms32.dll
2010-05-05 17:41 . 2010-05-05 17:41 16384 ----a-w- c:\windows\system32\regplib.exe
2010-05-05 17:41 . 2010-05-05 17:41 68608 ----a-w- c:\windows\system32\piaproxy.dll
2010-05-05 17:38 . 2010-05-05 17:38 7680 ----a-w- c:\windows\system32\enlocstr.exe
2010-05-05 17:38 . 2010-05-05 17:38 12800 ----a-w- c:\windows\system32\killapps.exe
2010-05-05 17:37 . 2010-05-05 17:37 36864 ----a-w- c:\windows\system32\devreg.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
  1. <pre>
  2. c:\program files\FileZilla Server\FileZilla Server Interface .exe
  3. c:\program files\Logitech\GamePanel Software\LgDevAgt .exe
  4. c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore .exe
  5. c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon .exe
  6. c:\program files\Razer\Copperhead\razerhid .exe
  7. c:\windows\System32\CTXFIHLP .exe
  8. </pre>


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-05-27 14:46 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

R1 zrmducrg;zrmducrg;c:\windows\system32\drivers\zrmducrg.sys [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-01 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 171096]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 72792]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-27 24576]
R3 ovt530;Hercules Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-23 691696]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 171096]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1324120]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 72792]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sdvbux
.
Contenu du dossier 'Tâches planifiées'

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 14:56]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 14:56]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {4285CA96-F597-463A-A73F-DB8AB7BBD798} = 212.27.40.241
FF - ProfilePath - c:\users\Kain\AppData\Roaming\Mozilla\Firefox\Profiles\umidtx1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdvbux]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2608495060-2804208628-1333975291-1000\Software\SecuROM\License information*]
"datasecu"=hex:9c,2f,25,24,60,64,ea,36,64,85,21,2a,db,92,0a,74,e1,a4,71,65,aa,
74,44,62,a0,6f,ad,d4,d1,12,39,e6,a7,61,44,91,6b,27,23,18,56,ba,27,8e,5a,1b,\
"rkeysecu"=hex:95,5a,7b,be,31,90,fe,ff,50,d4,90,74,ad,c7,d9,78

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Heure de fin: 2010-08-01 18:32:13
ComboFix-quarantined-files.txt 2010-08-01 16:32
ComboFix2.txt 2010-08-01 16:13

Avant-CF: 57 852 575 744 octets libres
Après-CF: 57 790 660 608 octets libres

- - End Of File - - 573202103EFC470AD7CFB5760DFB204A

Autres pages sur : infection bubnix

1 Août 2010 20:16:51

hello,


bien infecté ! ....


Parcontre , il faut héberger le rapport ComboFix ! ... le copier/coller direct sur le forum fausse certaines informations ...



donc fait moi parvenir ce rapport ainsi :


rends toi sur ce site : http://www.cijoint.fr/

  • Clique sur "parcourir" et va jusqu'au rapport de ComboFix .
  • Clique ensuite sur "cliquer ici pour déposer le fichier" et patiente ...
  • Une fois l'upload finit , un lien apparait > copie/colle le dans ta prochaine réponse stp ....


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS