cashou

Membres

Afficher le profil Afficher son activité

Compteur de contenus
5
Inscription
le 29 mars 2009
Dernière visite
le 2 avril 2009

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par cashou

On a Hack mon PC ! besoin d'aide svp

cashou a répondu à un(e) sujet de cashou dans Analyses et éradication malwares

Le dossier en question était vide , bisard ^^ Sinon j'ai changer mes mots de passe , mais je restes un peu inquiet au niveaux de mes données , avec les pécaution que j'ai pris ( par feu , antivirus ... ) je peux m'attendre à de nouvelle attaques ?
- le 31 mars 2009
- 10 réponses
On a Hack mon PC ! besoin d'aide svp

cashou a répondu à un(e) sujet de cashou dans Analyses et éradication malwares

Mon pc se comporte bien , peut apres mon hack , j'ai mis en place le parfeu de xp + quelque antivirus . Ce week end je peux avoir acces à mon dd externe , sinon Massengeer live j ai aucune idée de ce que c'est d'ailleur j'ai supprimé ce repertoire . Merci encore pour votre aide j'ai aussi demander la fermeture de mon poste sur l'autre site , sous la panique j'ai poste ici et la bas en attentant bonne soirée
- le 31 mars 2009
- 10 réponses
On a Hack mon PC ! besoin d'aide svp

cashou a répondu à un(e) sujet de cashou dans Analyses et éradication malwares

Re , j'ai scan les deux fichiers sur le site en resultat je voyais juste un - C:\WINDOWS\explorer.exe Situation actuelle: terminé Résultat: 0/38 (0%) ---------- ---------- ---------- ---------- C:\WINDOWS\System32\userinit.exe Situation actuelle: terminé Résultat: 0/40 (0%) ---------- ---------- ---------- ---------- le resultat de l'analyse : GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-03-31 20:07:37 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xABE1D6B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xABE1D574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xABE1DA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xABE1D14C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xABE1D64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xABE1D08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xABE1D0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xABE1D76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xABE1D72E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xABE1D8AE] Code \??\C:\DOCUME~1\nono\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- EOF - GMER 1.0.15 ---- Merci encore du temp que vous m'accorder
- le 31 mars 2009
- 10 réponses
On a Hack mon PC ! besoin d'aide svp

cashou a répondu à un(e) sujet de cashou dans Analyses et éradication malwares

merci pour votre rapidité j'ai refais un scan que voici , j'ai mis les keys usb que je posséde dedans , il manque juste un dd externe que je n'ai pas sur moi . Voila voila merci encore de votre temp accordé . ComboFix 09-03-30.04 - nono 2009-03-31 18:13:56.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2832 [GMT 2:00] Lancé depuis: c:\documents and settings\nono\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning enabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe G:\autorun.inf G:\WinRAR.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-31 )))))))))))))))))))))))))))))))))))) . 2009-03-29 19:20 . 2009-03-29 19:20 <REP> d-------- c:\program files\Alwil Software 2009-03-29 19:17 . 2009-03-29 19:17 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-29 19:17 . 2009-03-29 19:17 <REP> d-------- c:\documents and settings\nono\Application Data\Malwarebytes 2009-03-29 19:17 . 2009-03-29 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-29 19:17 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-29 19:17 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-29 18:35 . 2009-03-29 19:58 <REP> d-------- c:\program files\Massengeer live 2009-03-29 14:17 . 2009-03-29 14:17 5,915 --a------ C:\fraglist.htm 2009-03-29 12:57 . 2009-03-29 12:57 754 --a------ c:\windows\WORDPAD.INI 2009-03-29 11:42 . 2008-04-14 14:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-03-28 21:52 . 2008-08-14 15:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-28 21:52 . 2008-08-14 15:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-28 21:52 . 2008-08-14 15:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-28 21:52 . 2008-08-14 15:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-28 21:52 . 2008-06-14 19:33 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-03-28 21:52 . 2008-06-14 19:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-28 21:51 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-28 21:32 . 2009-03-28 21:32 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-03-28 21:32 . 2009-03-28 21:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-28 21:26 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-28 21:26 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-28 21:26 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-28 19:32 . 2009-03-28 19:32 <REP> d-------- c:\program files\CDBurnerXP 2009-03-28 19:32 . 2009-03-28 19:32 <REP> d-------- c:\documents and settings\nono\Application Data\Canneverbe_Limited 2009-03-26 19:04 . 2009-03-26 19:04 <REP> d-------- c:\windows\Sun 2009-03-26 14:35 . 2009-03-26 14:36 <REP> d-------- c:\program files\Monitor Calibration Wizard 2009-03-26 14:35 . 2009-03-26 14:35 7 --a------ c:\windows\INI2=No 2009-03-26 14:35 . 2009-03-26 14:35 7 --a------ c:\windows\INI1=No 2009-03-24 19:51 . 2009-03-24 19:51 <REP> d-------- c:\documents and settings\nono\Application Data\ImgBurn 2009-03-23 19:50 . 2009-03-29 19:37 <REP> d-------- c:\program files\Java 2009-03-23 19:50 . 2009-03-23 19:50 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-23 19:50 . 2009-03-23 19:50 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-22 16:37 . 2009-03-22 16:37 <REP> d-------- c:\program files\EXPERTool ATI 2009-03-22 16:37 . 2002-07-27 19:01 5,306 --a------ c:\windows\system32\drivers\TBPanel.sys 2009-03-22 16:04 . 2009-03-22 16:04 <REP> d-------- c:\documents and settings\nono\Application Data\TeamViewer 2009-03-22 16:03 . 2009-03-22 16:03 <REP> d-------- c:\documents and settings\nono\temp 2009-03-20 15:24 . 2009-03-20 15:24 0 --a------ c:\windows\nsreg.dat 2009-03-17 21:17 . 2009-03-17 21:17 <REP> d-------- c:\program files\Fichiers communs\Adobe 2009-03-15 21:05 . 2009-03-15 21:05 <REP> d-------- c:\program files\Orange 2009-03-15 21:05 . 2009-03-31 18:04 <REP> d-------- c:\documents and settings\nono\Application Data\Media Player 2009-03-15 21:05 . 2005-01-28 09:53 5,525,504 --a------ c:\windows\system32\setb9.tmp 2009-03-15 21:04 . 2005-01-28 09:53 142,336 --a------ c:\windows\system32\setb3.tmp 2009-03-15 21:03 . 2009-03-15 21:03 <REP> d-------- c:\windows\system32\URTTEMP 2009-03-15 00:39 . 2009-03-15 00:39 4,096 --a------ c:\windows\system32\crash 2009-03-13 19:10 . 2009-03-13 19:10 76 --a------ C:\fraglist.luar 2009-03-13 18:36 . 2009-03-13 18:40 <REP> d-------- c:\windows\UltraDefrag 2009-03-13 00:59 . 2009-03-13 00:59 45 --a------ c:\windows\system32\initdebug.nfo 2009-03-13 00:55 . 2009-03-13 00:55 <REP> d-------- c:\program files\ATITool 2009-03-10 21:03 . 2008-12-21 00:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-03-10 21:03 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-03-10 21:03 . 2007-03-08 07:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-03-10 21:03 . 2008-12-21 00:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-03-10 21:03 . 2008-12-21 00:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-03-10 21:03 . 2008-12-21 00:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-03-10 21:03 . 2008-12-21 00:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-10 21:03 . 2008-12-21 00:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-03-10 21:03 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-03-08 14:21 . 2009-03-08 14:21 <REP> d-------- c:\program files\MadOnion.com 2009-03-08 03:02 . 2009-03-08 03:02 <REP> d-------- c:\program files\LG Soft India 2009-03-08 03:02 . 2009-03-08 03:02 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2009-03-08 03:02 . 2004-04-16 12:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl 2009-03-08 03:02 . 2008-03-04 18:23 25,344 -ra------ c:\windows\system32\LGDispDrv.dll 2009-03-08 03:02 . 2008-03-04 18:23 2,944 -ra------ c:\windows\system32\LgExport.dll 2009-03-07 20:32 . 2009-03-07 20:32 <REP> d-------- c:\program files\Microsoft Sync Framework 2009-03-07 20:32 . 2009-03-31 18:03 <REP> d-------- c:\documents and settings\nono\Tracing 2009-03-07 20:31 . 2009-03-07 20:31 <REP> d-------- c:\program files\Windows Live SkyDrive 2009-03-07 20:31 . 2009-03-07 20:32 <REP> d-------- c:\program files\Windows Live 2009-03-07 20:31 . 2009-03-07 20:31 <REP> d-------- c:\program files\Microsoft 2009-03-07 20:28 . 2009-03-07 20:28 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2009-03-07 19:59 . 2009-03-07 20:04 <REP> d-------- c:\documents and settings\nono\Application Data\Ventrilo 2009-03-07 18:37 . 2009-03-13 03:13 <REP> d-------- c:\documents and settings\nono\Application Data\DivX 2009-03-07 18:36 . 2009-03-07 18:36 <REP> d-------- c:\program files\DivX 2009-03-07 18:34 . 2009-03-07 18:37 <REP> d-------- c:\documents and settings\nono\Application Data\vlc 2009-03-07 18:34 . 2009-03-07 18:38 <REP> d-------- c:\documents and settings\nono\Application Data\dvdcss 2009-03-07 18:33 . 2009-03-07 18:33 <REP> d-------- c:\program files\VideoLAN . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 16:03 16,608 ----a-w c:\windows\gdrv.sys 2009-03-30 15:56 --------- d-----w c:\program files\Warhammer Online - Age of Reckoning 2009-03-08 12:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-08 12:13 --------- d-----w c:\program files\Google 2009-03-08 01:02 --------- d-----w c:\program files\Fichiers communs\InstallShield 2009-03-07 15:23 --------- d-----w c:\program files\Razer 2009-03-07 15:23 --------- d-----w c:\program files\DIFX 2009-03-07 15:21 --------- d-----w c:\documents and settings\nono\Application Data\ATI 2009-03-07 15:21 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-03-07 15:13 --------- d-----w c:\program files\ATI Technologies 2009-03-07 14:51 --------- d-----w c:\program files\Realtek 2009-03-07 14:51 --------- d-----w c:\documents and settings\nono\Application Data\InstallShield 2009-03-07 14:49 315,392 ----a-w c:\windows\HideWin.exe 2009-03-07 14:47 --------- d-----w c:\program files\Intel 2009-03-07 14:46 --------- d-----w c:\program files\GIGABYTE 2009-03-07 14:35 --------- d-----w c:\program files\microsoft frontpage 2009-03-07 14:34 --------- d-----w c:\program files\Services en ligne 2009-02-18 08:41 91,648 ----a-w c:\windows\system32\lua5.1a.dll 2009-02-18 08:41 9,728 ----a-w c:\windows\system32\lua5.1a.exe 2009-02-18 08:41 9,216 ----a-w c:\windows\system32\defrag_native.exe 2009-02-18 08:41 7,680 ----a-w c:\windows\system32\udefrag.exe 2009-02-18 08:41 6,656 ----a-w c:\windows\system32\udefrag-gui.exe 2009-02-18 08:41 6,656 ----a-w c:\windows\system32\bootexctrl.exe 2009-02-18 08:41 55,808 ----a-w c:\windows\system32\ultradefrag.exe 2009-02-18 08:41 30,720 ----a-w c:\windows\system32\drivers\ultradfg.sys 2009-02-18 08:41 18,944 ----a-w c:\windows\system32\zenwinx.dll 2009-02-18 08:41 13,824 ----a-w c:\windows\system32\lua5.1a_gui.exe 2009-02-18 08:41 10,240 ----a-w c:\windows\system32\udefrag.dll 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll 2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll 2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll 2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll 2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll 2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll 2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll 2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll 2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll . ------- Sigcheck ------- 2008-04-14 14:00 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe 2008-04-14 14:00 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\dllcache\svchost.exe 2008-04-14 14:00 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll 2008-04-14 14:00 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\dllcache\user32.dll 2008-04-14 14:00 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll 2008-04-14 14:00 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\dllcache\ws2_32.dll 2008-08-26 11:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll 2008-12-21 01:47 827904 4e192082a5fce9ef19198a24cdea3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll 2008-04-14 14:00 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll 2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll 2008-08-26 10:11 826368 e30cacd98479b36a3dbfa3267bf62dd0 c:\windows\ie7updates\KB961260-IE7\wininet.dll 2008-12-21 00:47 826368 0551c946e305cee0a79ba744dc141bfc c:\windows\system32\wininet.dll 2008-12-21 00:47 826368 0551c946e305cee0a79ba744dc141bfc c:\windows\system32\dllcache\wininet.dll 2008-04-14 14:00 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe 2008-04-14 14:00 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\dllcache\winlogon.exe 2008-04-14 14:00 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys 2008-04-14 14:00 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2008-04-14 14:00 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys 2008-04-14 14:00 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys 2008-04-14 14:00 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe 2008-04-14 14:00 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\system32\dllcache\explorer.exe 2008-04-14 14:00 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe 2008-04-14 14:00 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\dllcache\services.exe 2008-04-14 14:00 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe 2008-04-14 14:00 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\dllcache\lsass.exe 2008-04-14 14:00 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe 2008-04-14 14:00 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 14:00 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe 2008-04-14 14:00 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\dllcache\spoolsv.exe 2008-04-14 14:00 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe 2008-04-14 14:00 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\dllcache\userinit.exe 2008-04-14 14:00 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll 2008-04-14 14:00 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\dllcache\termsrv.dll 2008-04-14 14:00 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll 2008-04-14 14:00 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\dllcache\kernel32.dll 2008-04-14 14:00 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll 2008-04-14 14:00 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\dllcache\powrprof.dll 2008-04-14 14:00 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll 2008-04-14 14:00 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\dllcache\imm32.dll . ((((((((((((((((((((((((((((( SnapShot@2009-03-29_18.32.08,00 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-29 09:43:42 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-03-30 15:18:40 1,265,664 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2009-03-29 09:43:43 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-03-30 15:18:40 1,232,896 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-03-30 15:18:45 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_0c00a4df\CustomMarshalers.dll + 2009-03-30 15:18:53 3,391,488 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8195f430\mscorlib.dll + 2009-03-30 15:18:51 1,470,464 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_618e8f74\System.Design.dll + 2009-03-30 15:18:46 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8853e4cb\System.Drawing.Design.dll + 2009-03-30 15:18:52 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1ce69cd4\System.Drawing.dll + 2009-03-30 15:18:48 3,018,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_dd21714a\System.Windows.Forms.dll + 2009-03-30 15:18:50 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_8ccc7ee1\System.Xml.dll + 2009-03-30 15:18:44 1,966,080 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8885cc21\System.dll + 2009-03-29 09:43:47 1,953,792 ------w c:\windows\assembly\temp\2LC3DULTBS\System.dll + 2009-03-29 09:43:50 3,014,656 ------w c:\windows\assembly\temp\7A12JKK22C\System.Windows.Forms.dll + 2009-03-29 09:43:57 3,379,200 ------w c:\windows\assembly\temp\9W6ZJJABLL\mscorlib.dll + 2009-03-29 09:43:42 1,257,472 ------w c:\windows\assembly\temp\A819RRI00A\System.Web.dll + 2009-03-29 09:43:56 835,584 ------w c:\windows\assembly\temp\E0AUUVMMNE\System.Drawing.dll + 2009-03-29 09:43:53 2,088,960 ------w c:\windows\assembly\temp\UOW445MNEV\System.Xml.dll + 2009-03-29 09:43:43 1,224,704 ------w c:\windows\assembly\temp\XZ7QPNVHHP\System.dll - 2004-07-14 23:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2007-04-13 19:30:52 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2004-07-14 23:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2007-04-13 19:30:52 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2004-07-14 22:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2007-04-13 18:57:52 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2003-02-20 18:09:14 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2007-04-13 18:57:58 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2004-07-14 22:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2007-04-13 18:56:30 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - 2004-07-14 22:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2007-04-13 18:58:00 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2004-07-15 12:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2007-04-13 18:50:46 2,142,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - 2003-02-20 18:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2007-04-13 18:58:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2004-07-14 22:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2007-04-13 18:57:00 2,523,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2004-07-14 22:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2007-04-13 18:57:28 2,514,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2004-08-10 14:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe + 2007-01-15 14:11:26 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe + 2004-07-14 23:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_aspnet_isapi.dll + 2004-07-14 22:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_CORPerfMonExt.dll + 2004-07-14 22:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_fusion.dll + 2004-07-14 22:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_mscorjit.dll + 2004-07-15 12:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_mscorlib.dll + 2003-02-20 18:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_mscorsn.dll + 2004-07-14 22:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_mscorsvr.dll + 2004-07-14 22:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_mscorwks.dll + 2003-02-21 03:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_msvcr71.dll + 2004-07-14 22:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2896\_PerfCounter.dll - 2004-07-15 12:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2007-04-13 19:35:38 1,232,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2004-07-15 12:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2007-04-13 19:35:46 1,265,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2009-02-05 20:11:35 1,256,296 ----a-w c:\windows\system32\aswBoot.exe + 2009-02-05 20:04:45 97,480 ----a-w c:\windows\system32\AvastSS.scr + 2009-02-05 20:05:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2009-02-05 20:07:12 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys + 2009-02-05 20:08:19 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys + 2009-02-05 20:08:10 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2009-02-05 20:06:10 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2009-02-05 20:07:23 114,768 ----a-w c:\windows\system32\drivers\aswSP.sys + 2009-02-05 20:06:20 51,376 ----a-w c:\windows\system32\drivers\aswTdi.sys + 2003-03-18 19:20:00 1,060,864 ----a-w c:\windows\system32\MFC71.dll - 2005-09-23 06:28:52 270,848 ----a-w c:\windows\system32\mscoree.dll + 2006-12-22 10:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll + 2003-03-18 18:14:52 499,712 ----a-w c:\windows\system32\MSVCP71.dll + 2003-02-21 02:42:22 348,160 ----a-w c:\windows\system32\MSVCR71.dll - 2005-09-23 06:29:00 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll + 2006-12-22 11:02:36 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll + 2006-01-09 07:36:06 40,960 ----a-w c:\windows\system32\swsc.exe + 2009-03-31 16:03:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_268.dat + 2009-03-31 16:03:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_28c.dat + 2009-03-31 16:03:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b0.dat . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-12-02 319488] "Gainward"="c:\program files\EXPERTool ATI\TBPanel.exe" [2008-07-31 2296360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="=" [X] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 148888] "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-12-02 319488] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-03-08 1134592] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-29 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-29 20560] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-03-07 80392] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-03-07 22784] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-03-08 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-03-08 17408] S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-02-18 30720] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83c73d3-0b2b-11de-b8cf-001fd0245681}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe cradle_of_filth.vbe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A07AC76-FBDB-38F8-EE61-C147DBE0AAE9}] c:\program files\Bifrost\updat.exe s . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ FF - ProfilePath - c:\documents and settings\nono\Application Data\Mozilla\Firefox\Profiles\7ktf5l7r.default\ . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 18:15:02 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-03-31 18:15:38 ComboFix-quarantined-files.txt 2009-03-31 16:15:36 ComboFix2.txt 2009-03-29 16:32:33 Avant-CF: 210,424,176,640 octets libres Après-CF: 210,700,709,888 octets libres 360 --- E O F --- 2009-03-30 15:18:42
- le 31 mars 2009
- 10 réponses
On a Hack mon PC ! besoin d'aide svp

cashou a posté un sujet dans Analyses et éradication malwares

Bonsoir , hier j'étais partis mangé , j'ai laissé mon pc allumé quand je suis revenu la souris bougeait toute seul et le bloc note c'est ouvert et le hacker a écrit hacked by ... sous la peur j'ai éteint mon pc . J'ai maintenant peur pour mes informations confidentiels .. j'ai fais un combo.exe si quelqu'un pourrait me dire si il y a des choses louches dedans ca serait gentil merci (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\nono\Application Data\addon.dat c:\documents and settings\nono\Application Data\addons.dat c:\program files\Bifrost c:\program files\Bifrost\updat.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 )))))))))))))))))))))))))))))))))))) . 2009-03-29 14:17 . 2009-03-29 14:17 5,915 --a------ C:\fraglist.htm 2009-03-29 12:57 . 2009-03-29 12:57 754 --a------ c:\windows\WORDPAD.INI 2009-03-29 11:42 . 2008-04-14 14:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-03-28 21:52 . 2008-08-14 15:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-28 21:52 . 2008-08-14 15:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-28 21:52 . 2008-08-14 15:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-28 21:52 . 2008-08-14 15:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-28 21:52 . 2008-06-14 19:33 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-03-28 21:52 . 2008-06-14 19:33 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-28 21:51 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-28 21:32 . 2009-03-28 21:32 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-03-28 21:32 . 2009-03-28 21:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-28 21:26 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-28 21:26 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-28 21:26 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-28 19:32 . 2009-03-28 19:32 <REP> d-------- c:\program files\CDBurnerXP 2009-03-28 19:32 . 2009-03-28 19:32 <REP> d-------- c:\documents and settings\nono\Application Data\Canneverbe_Limited 2009-03-26 19:04 . 2009-03-26 19:04 <REP> d-------- c:\windows\Sun 2009-03-26 14:35 . 2009-03-26 14:36 <REP> d-------- c:\program files\Monitor Calibration Wizard 2009-03-26 14:35 . 2009-03-26 14:35 7 --a------ c:\windows\INI2=No 2009-03-26 14:35 . 2009-03-26 14:35 7 --a------ c:\windows\INI1=No 2009-03-24 19:51 . 2009-03-24 19:51 <REP> d-------- c:\documents and settings\nono\Application Data\ImgBurn 2009-03-23 19:50 . 2009-03-25 17:19 <REP> d-------- c:\program files\Java 2009-03-23 19:50 . 2009-03-23 19:50 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-23 19:50 . 2009-03-23 19:50 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-22 16:37 . 2009-03-22 16:37 <REP> d-------- c:\program files\EXPERTool ATI 2009-03-22 16:37 . 2002-07-27 19:01 5,306 --a------ c:\windows\system32\drivers\TBPanel.sys 2009-03-22 16:04 . 2009-03-22 16:04 <REP> d-------- c:\documents and settings\nono\Application Data\TeamViewer 2009-03-22 16:03 . 2009-03-22 16:03 <REP> d-------- c:\documents and settings\nono\temp 2009-03-20 15:24 . 2009-03-20 15:24 0 --a------ c:\windows\nsreg.dat 2009-03-17 21:17 . 2009-03-17 21:17 <REP> d-------- c:\program files\Fichiers communs\Adobe 2009-03-15 21:05 . 2009-03-15 21:05 <REP> d-------- c:\program files\Orange 2009-03-15 21:05 . 2009-03-29 11:41 <REP> d-------- c:\documents and settings\nono\Application Data\Media Player 2009-03-15 21:05 . 2005-01-28 09:53 5,525,504 --a------ c:\windows\system32\setb9.tmp 2009-03-15 21:04 . 2005-01-28 09:53 142,336 --a------ c:\windows\system32\setb3.tmp 2009-03-15 21:03 . 2009-03-15 21:03 <REP> d-------- c:\windows\system32\URTTEMP 2009-03-15 00:39 . 2009-03-15 00:39 4,096 --a------ c:\windows\system32\crash 2009-03-13 19:10 . 2009-03-13 19:10 76 --a------ C:\fraglist.luar 2009-03-13 18:36 . 2009-03-13 18:40 <REP> d-------- c:\windows\UltraDefrag 2009-03-13 00:59 . 2009-03-13 00:59 45 --a------ c:\windows\system32\initdebug.nfo 2009-03-13 00:55 . 2009-03-13 00:55 <REP> d-------- c:\program files\ATITool 2009-03-10 21:03 . 2008-12-21 00:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-03-10 21:03 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-03-10 21:03 . 2007-03-08 07:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-03-10 21:03 . 2008-12-21 00:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-03-10 21:03 . 2008-12-21 00:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-03-10 21:03 . 2008-12-21 00:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-03-10 21:03 . 2008-12-21 00:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-10 21:03 . 2008-12-21 00:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-03-10 21:03 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-03-08 14:21 . 2009-03-08 14:21 <REP> d-------- c:\program files\MadOnion.com 2009-03-08 03:02 . 2009-03-08 03:02 <REP> d-------- c:\program files\LG Soft India 2009-03-08 03:02 . 2009-03-08 03:02 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2009-03-08 03:02 . 2004-04-16 12:24 61,440 --a------ c:\windows\system32\ISUSPM.cpl 2009-03-08 03:02 . 2008-03-04 18:23 25,344 -ra------ c:\windows\system32\LGDispDrv.dll 2009-03-08 03:02 . 2008-03-04 18:23 2,944 -ra------ c:\windows\system32\LgExport.dll 2009-03-07 20:32 . 2009-03-07 20:32 <REP> d-------- c:\program files\Microsoft Sync Framework 2009-03-07 20:32 . 2009-03-29 13:15 <REP> d-------- c:\documents and settings\nono\Tracing 2009-03-07 20:31 . 2009-03-07 20:31 <REP> d-------- c:\program files\Windows Live SkyDrive 2009-03-07 20:31 . 2009-03-07 20:32 <REP> d-------- c:\program files\Windows Live 2009-03-07 20:31 . 2009-03-07 20:31 <REP> d-------- c:\program files\Microsoft 2009-03-07 20:28 . 2009-03-07 20:28 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2009-03-07 19:59 . 2009-03-07 20:04 <REP> d-------- c:\documents and settings\nono\Application Data\Ventrilo 2009-03-07 18:37 . 2009-03-13 03:13 <REP> d-------- c:\documents and settings\nono\Application Data\DivX 2009-03-07 18:36 . 2009-03-07 18:36 <REP> d-------- c:\program files\DivX 2009-03-07 18:34 . 2009-03-07 18:37 <REP> d-------- c:\documents and settings\nono\Application Data\vlc 2009-03-07 18:34 . 2009-03-07 18:38 <REP> d-------- c:\documents and settings\nono\Application Data\dvdcss 2009-03-07 18:33 . 2009-03-07 18:33 <REP> d-------- c:\program files\VideoLAN . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 11:14 16,608 ----a-w c:\windows\gdrv.sys 2009-03-28 10:38 --------- d-----w c:\program files\Warhammer Online - Age of Reckoning 2009-03-08 12:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-08 12:13 --------- d-----w c:\program files\Google 2009-03-08 01:02 --------- d-----w c:\program files\Fichiers communs\InstallShield 2009-03-07 15:23 --------- d-----w c:\program files\Razer 2009-03-07 15:23 --------- d-----w c:\program files\DIFX 2009-03-07 15:21 --------- d-----w c:\documents and settings\nono\Application Data\ATI 2009-03-07 15:21 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-03-07 15:13 --------- d-----w c:\program files\ATI Technologies 2009-03-07 14:51 --------- d-----w c:\program files\Realtek 2009-03-07 14:51 --------- d-----w c:\documents and settings\nono\Application Data\InstallShield 2009-03-07 14:49 315,392 ----a-w c:\windows\HideWin.exe 2009-03-07 14:47 --------- d-----w c:\program files\Intel 2009-03-07 14:46 --------- d-----w c:\program files\GIGABYTE 2009-03-07 14:35 --------- d-----w c:\program files\microsoft frontpage 2009-03-07 14:34 --------- d-----w c:\program files\Services en ligne 2009-02-18 08:41 91,648 ----a-w c:\windows\system32\lua5.1a.dll 2009-02-18 08:41 9,728 ----a-w c:\windows\system32\lua5.1a.exe 2009-02-18 08:41 9,216 ----a-w c:\windows\system32\defrag_native.exe 2009-02-18 08:41 7,680 ----a-w c:\windows\system32\udefrag.exe 2009-02-18 08:41 6,656 ----a-w c:\windows\system32\udefrag-gui.exe 2009-02-18 08:41 6,656 ----a-w c:\windows\system32\bootexctrl.exe 2009-02-18 08:41 55,808 ----a-w c:\windows\system32\ultradefrag.exe 2009-02-18 08:41 30,720 ----a-w c:\windows\system32\drivers\ultradfg.sys 2009-02-18 08:41 18,944 ----a-w c:\windows\system32\zenwinx.dll 2009-02-18 08:41 13,824 ----a-w c:\windows\system32\lua5.1a_gui.exe 2009-02-18 08:41 10,240 ----a-w c:\windows\system32\udefrag.dll 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll 2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll 2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll 2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll 2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll 2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll 2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll 2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe . ------- Sigcheck ------- 2008-04-14 14:00 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe 2008-04-14 14:00 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\dllcache\svchost.exe 2008-04-14 14:00 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll 2008-04-14 14:00 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\dllcache\user32.dll 2008-04-14 14:00 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll 2008-04-14 14:00 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\dllcache\ws2_32.dll 2008-08-26 11:10 827904 4b0e70d44297877a313045bd059770e1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll 2008-12-21 01:47 827904 4e192082a5fce9ef19198a24cdea3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll 2008-04-14 14:00 670208 4a6e04ea20f48d750d9bfed8600d516b c:\windows\ie7\wininet.dll 2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll 2008-08-26 10:11 826368 e30cacd98479b36a3dbfa3267bf62dd0 c:\windows\ie7updates\KB961260-IE7\wininet.dll 2008-12-21 00:47 826368 0551c946e305cee0a79ba744dc141bfc c:\windows\system32\wininet.dll 2008-12-21 00:47 826368 0551c946e305cee0a79ba744dc141bfc c:\windows\system32\dllcache\wininet.dll 2008-04-14 14:00 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe 2008-04-14 14:00 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\dllcache\winlogon.exe 2008-04-14 14:00 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys 2008-04-14 14:00 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys 2008-04-14 14:00 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\dllcache\ip6fw.sys 2008-04-14 14:00 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys 2008-04-14 14:00 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe 2008-04-14 14:00 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\system32\dllcache\explorer.exe 2008-04-14 14:00 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe 2008-04-14 14:00 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\dllcache\services.exe 2008-04-14 14:00 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe 2008-04-14 14:00 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\dllcache\lsass.exe 2008-04-14 14:00 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe 2008-04-14 14:00 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 14:00 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe 2008-04-14 14:00 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\dllcache\spoolsv.exe 2008-04-14 14:00 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\userinit.exe 2008-04-14 14:00 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\system32\dllcache\userinit.exe 2008-04-14 14:00 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll 2008-04-14 14:00 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\dllcache\termsrv.dll 2008-04-14 14:00 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll 2008-04-14 14:00 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\dllcache\kernel32.dll 2008-04-14 14:00 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll 2008-04-14 14:00 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\dllcache\powrprof.dll 2008-04-14 14:00 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll 2008-04-14 14:00 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\dllcache\imm32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-12-02 319488] "Gainward"="c:\program files\EXPERTool ATI\TBPanel.exe" [2008-07-31 2296360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="=" [X] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 148888] "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-12-02 319488] c:\documents and settings\All Users\Menu Dmarrer\Programmes\Dmarrage\ forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-03-08 1134592] àá¶¡ Ô¡.exe [2009-03-27 44957] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-03-07 80392] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-03-07 22784] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-03-08 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-03-08 17408] S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-02-18 30720] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A07AC76-FBDB-38F8-EE61-C147DBE0AAE9}] c:\program files\Bifrost\updat.exe s . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ FF - ProfilePath - c:\documents and settings\nono\Application Data\Mozilla\Firefox\Profiles\7ktf5l7r.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-29 18:31:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... c:\program files\Internet Explorer\iexplore.exe [1516] 0x89F7CBE0 ? [6544] ? [14324] ? [12832] ? [13024] ? [8424] Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2009-03-29 18:32:32 ComboFix-quarantined-files.txt 2009-03-29 16:32:31 Avant-CF: 208 673 742 848 octets libres Après-CF: 210,963,869,696 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 263 --- E O F --- 2009-03-29 09:45:08
- le 29 mars 2009
- 10 réponses

Connexion

cashou

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par cashou

On a Hack mon PC ! besoin d'aide svp

On a Hack mon PC ! besoin d'aide svp

On a Hack mon PC ! besoin d'aide svp

On a Hack mon PC ! besoin d'aide svp

On a Hack mon PC ! besoin d'aide svp

Zebulon

Outils en ligne

Naviguer