oldwolf1984

Membres

Afficher le profil Afficher son activité

Compteur de contenus
90
Inscription
le 19 février 2010
Dernière visite
le 10 juin 2010

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par oldwolf1984

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

ok voici le rapport hijack et merci encore pour tout. :P Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:49:01, on 22/02/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Steam\steam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maconfi...fig_4_0_2_0.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe -- End of file - 4349 bytes
- le 22 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

t'inkiet pour l'heure, je suis un oiseau de nuit :P voici le rapport de mbam, il n'a rien trouvé...ça commence à sentir bon non ? par contre je viens de m'apercevoir qu'il y a des fichiers (appelés Trojan.Dropper) dans la quarantaine de mbam....bizarre non ? Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3772 Windows 5.1.2600 Service Pack 1 Internet Explorer 6.0.2800.1106 22/02/2010 02:37:13 mbam-log-2010-02-22 (02-37-13).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Eléments examinés: 167564 Temps écoulé: 42 minute(s), 7 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
- le 22 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

je crois avoir fais ce que tu m'as dis. mais le log ne me dis pas que je ne suis plus infecté. Enfin je crois (mon anglais est pas top), pourtant mbr est bien sur le bureau et j'ai suivi tes conseils. Je te poste le dernier log de mbr mais je suis pas sur que la derniere manip que tu m'as demandé de faire ai changé qque chose... Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x012A18AC1 malicious code @ sector 0x012A18AC4 ! PE file found in sector at 0x012A18ADA !
- le 21 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

ok c'est fait. ça aduré une demi seconde j'ai presque pas eu le temps de voir le fenetre d'invite de commande. Voici le rapport : Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x012A18AC1 malicious code @ sector 0x012A18AC4 ! PE file found in sector at 0x012A18ADA !
- le 21 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

Voila, désolé pour le temps de réaction, ci-dessous le rapport de Gmer rootkit : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-20 21:35:32 Windows 5.1.2600 Service Pack 1 Running: godu9luj.exe; Driver: C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\agtiypod.sys ---- System - GMER 1.0.15 ---- SSDT F8C5BF26 ZwCreateKey SSDT F8C5BF1C ZwCreateThread SSDT F8C5BF2B ZwDeleteKey SSDT F8C5BF35 ZwDeleteValueKey SSDT F8C5BF3A ZwLoadKey SSDT F8C5BF08 ZwOpenProcess SSDT F8C5BF0D ZwOpenThread SSDT F8C5BF44 ZwReplaceKey SSDT F8C5BF3F ZwRestoreKey SSDT F8C5BF30 ZwSetValueKey SSDT F8C5BF17 ZwTerminateProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH) AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH) ---- EOF - GMER 1.0.15 ----
- le 20 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

ahlalala qu'est ce que je ferais sans toi :P ??? j'attends tes précieux conseils avec impatience. et ma machine pareil
- le 20 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

ok j'ai fais ce que tu m'as dis, antiboot et eula s'etant directement decompressé sur le bureau je suis allé dans executer et j'y ai inscrit le texte de ta 2eme citation. L'ecran noir est apparu pendant 10 sec, avant qu'il ne me dise que le disque n'etait pas infecté puis m'a dis d'appuyer sur une touche pour continuer. est-ce normal que l'examen n'est duré que 10 sec maximum ? je poste le log (qui fait 3 lignes donc je pense vraiment ne pas l'avoir fait correctement :P : Log started.... Unpacking driver Starting up driver No Infected Disks found
- le 20 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

ok c'est fait je l'ai enregistré sur le bureau. maintenant comment dois je faire précisément pour décompresser le dossier .zip ? J'extrais simplement les 3 fichiers qui sont dedans ?
- le 20 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

bonjour falkra, j'espere que je vais pas te saouler toute la matinée comme hier. Bref, pour etre sur de pas faire de betises j'ai besoin d'une pettie précision concernant ce que tu m'as demandé de faire : Comment dois je faire pour n'enregistrer antibootzip que sur le bureau ? Lorsque je le telecharge j'ai 2 choix : l'ouvrir ou l'enregistrer mais sans choix de lieu d'enregistrement...
- le 20 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

et voici le log tant attendu : (et merci encore pour ton aide :P ) ComboFix 10-02-18.07 - victor giret 19/02/2010 12:05:32.3.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.1.1252.33.1036.18.511.296 [GMT 1:00] Lancé depuis: c:\documents and settings\victor giret\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\victor giret\Bureau\CFscript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: "C:\kat9s1.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\kat9s1.dll . original MBR restored successfully ! . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-19 au 2010-02-19 )))))))))))))))))))))))))))))))))))) . 2010-02-19 09:01 . 2008-04-13 17:34 13824 ----a-w- c:\windows\system32\wscntfy.exe 2010-02-19 09:01 . 2008-04-13 17:33 129024 ----a-w- c:\windows\system32\xmlprov.dll 2010-02-19 07:27 . 2007-09-14 13:57 307200 ----a-r- c:\windows\system32\atiiiexx.dll 2010-02-19 07:27 . 2007-09-14 13:34 972072 ----a-r- c:\windows\system32\ativva6x.dat 2010-02-19 07:27 . 2007-09-14 13:34 3107788 ----a-r- c:\windows\system32\ativva5x.dat 2010-02-19 07:27 . 2007-09-14 13:34 3107788 ----a-r- c:\windows\system32\ativvaxx.dat 2010-02-19 07:27 . 2007-08-14 09:11 156671 ----a-r- c:\windows\system32\atiicdxx.dat 2010-02-19 07:26 . 2010-02-19 07:32 -------- d-----w- c:\windows\LastGood 2010-02-19 06:49 . 2010-02-19 06:49 0 ----a-w- c:\windows\nsreg.dat 2010-02-19 06:49 . 2010-02-19 06:49 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\Mozilla 2010-02-18 07:32 . 2010-02-18 07:32 -------- d-----w- c:\windows\Sun 2010-02-18 06:54 . 2010-02-18 06:54 -------- d-----w- C:\Mes Pilotes 2010-02-18 06:50 . 2010-02-18 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\inf 2010-02-18 06:50 . 2010-02-18 06:50 -------- d-----w- c:\program files\My Drivers 2010-02-18 06:38 . 2010-02-19 07:54 -------- d-----w- c:\program files\ATI 2010-02-18 06:37 . 2010-02-18 06:37 -------- d-----w- C:\ATI 2010-02-18 06:24 . 2010-02-18 06:24 -------- d-----w- c:\program files\ma-config.com 2010-02-18 06:24 . 2010-02-18 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-02-18 03:43 . 2010-02-18 03:43 -------- d--h--w- c:\documents and settings\victor giret\InstallAnywhere 2010-02-18 03:39 . 2010-02-18 03:42 -------- d-----w- c:\documents and settings\victor giret\Application Data\Sports Interactive 2010-02-18 02:23 . 2010-02-18 02:23 -------- d-----w- C:\rsit 2010-02-18 02:06 . 2010-02-18 02:06 -------- d-----w- c:\program files\Trend Micro 2010-02-18 01:53 . 2010-02-18 01:53 -------- d-----w- c:\documents and settings\victor giret\Application Data\IObit 2010-02-18 00:55 . 2010-02-18 00:55 9158 ----a-r- c:\documents and settings\victor giret\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2010-02-18 00:54 . 2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe 2010-02-18 00:54 . 2002-08-29 02:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll 2010-02-18 00:54 . 2004-07-09 03:27 381952 -c--a-w- c:\windows\system32\dllcache\dsound.dll 2010-02-18 00:54 . 2004-07-09 03:27 292864 -c--a-w- c:\windows\system32\dllcache\ddraw.dll 2010-02-18 00:54 . 2004-07-09 03:27 230400 -c--a-w- c:\windows\system32\dllcache\dplayx.dll 2010-02-18 00:51 . 2007-09-14 14:06 356352 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-02-18 00:44 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-18 00:44 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-02-18 00:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\program files\Avira 2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-02-18 00:41 . 2010-02-18 00:41 12328 ----a-w- c:\documents and settings\victor giret\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\Conduit 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\IObitCom 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\ATI 2010-02-18 00:40 . 2009-12-27 23:26 -------- d--h--w- c:\documents and settings\victor giret\Modèles 2010-02-18 00:40 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\victor giret\Voisinage réseau 2010-02-18 00:40 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\victor giret\Voisinage d'impression 2010-02-18 00:40 . 2009-12-27 22:29 -------- d-----r- c:\documents and settings\victor giret\Menu Démarrer 2010-02-18 00:32 . 2010-02-18 00:55 -------- d-----w- c:\windows\LastGood.Tmp 2010-02-18 00:23 . 2002-08-30 12:00 5120 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll 2010-02-18 00:22 . 2002-08-30 12:00 99328 -c--a-w- c:\windows\system32\dllcache\imekrcic.dll 2010-02-18 00:20 . 2002-08-30 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wabimp.dll 2010-02-18 00:19 . 2002-08-30 12:00 9728 -c--a-w- c:\windows\system32\dllcache\xolehlp.dll 2010-02-18 00:12 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys 2010-02-18 00:10 . 2002-08-30 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-02-18 00:10 . 2002-08-30 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-02-18 00:10 . 2002-08-30 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-02-18 00:10 . 2002-08-30 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-02-16 23:50 . 2010-02-16 23:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-16 16:47 . 2010-02-16 16:47 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe 2010-02-16 16:47 . 2010-02-16 16:47 119808 ----a-w- c:\windows\system32\winmine.exe 2010-02-05 17:25 . 2010-02-05 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-01-23 04:27 . 2009-10-06 17:32 327168 ----a-w- c:\windows\system32\cutil32.dll 2010-01-23 04:27 . 2009-08-03 19:25 285696 ----a-w- c:\windows\system32\cudart.dll 2010-01-23 04:27 . 2010-01-23 04:27 -------- d-----w- c:\program files\CPUID 2010-01-23 04:23 . 2010-01-23 04:23 -------- d-----w- c:\program files\ESET 2010-01-23 04:10 . 2010-02-13 13:28 -------- d-----w- c:\documents and settings\vic\Local Settings\Application Data\IObitCom 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\program files\Conduit 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\documents and settings\vic\Local Settings\Application Data\Conduit 2010-01-23 04:10 . 2010-02-13 12:53 -------- d-----w- c:\program files\IObitCom 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\documents and settings\vic\Application Data\IObit 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\program files\IObit 2010-01-23 04:10 . 2009-11-04 15:49 635664 ----a-w- c:\documents and settings\vic\Application Data\IObit\Common\TB_Helper.exe 2010-01-23 03:14 . 2010-01-23 03:14 -------- d-----w- c:\windows\system32\bits 2010-01-23 03:11 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe 2010-01-23 03:11 . 2010-01-23 03:26 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-23 02:58 . 2010-01-23 02:58 -------- d-----w- c:\program files\Windows Live Safety Center 2010-01-23 02:24 . 2010-01-23 02:30 -------- d-----w- c:\program files\inKline Global 2010-01-21 22:36 . 2006-08-01 14:02 49152 ----a-w- c:\windows\system32\ChCfg.exe 2010-01-21 22:36 . 2008-09-24 09:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys 2010-01-21 22:36 . 2010-01-21 22:36 -------- d-----w- c:\program files\Realtek AC97 2010-01-21 22:36 . 2006-12-08 14:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe 2010-01-21 22:36 . 2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe 2010-01-21 22:36 . 2006-10-18 01:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll 2010-01-21 22:36 . 2006-07-31 10:27 217088 ----a-w- c:\windows\Alcrmv.exe 2010-01-21 22:36 . 2006-07-31 10:19 315392 ----a-w- c:\windows\alcupd.exe 2010-01-21 22:20 . 2004-07-01 22:08 7680 ----a-w- c:\windows\system32\bitsprx2.dll 2010-01-21 22:20 . 2004-07-01 22:08 7168 ----a-w- c:\windows\system32\bitsprx3.dll 2010-01-21 22:16 . 2009-08-06 18:24 327896 ----a-w- c:\windows\system32\wucltui.dll 2010-01-21 22:16 . 2009-08-06 18:24 209632 ----a-w- c:\windows\system32\wuweb.dll 2010-01-21 22:16 . 2009-08-06 18:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-01-21 22:16 . 2009-08-06 18:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-01-21 22:16 . 2004-08-03 13:00 187160 ----a-w- c:\windows\system32\wuaueng1.dll 2010-01-21 22:16 . 2004-08-03 12:59 170776 ----a-w- c:\windows\system32\wuauclt1.exe 2010-01-21 21:57 . 2010-01-21 21:57 -------- d-----w- c:\documents and settings\vic\Application Data\Uniblue 2010-01-21 15:55 . 2010-01-21 15:55 -------- d-----w- c:\program files\Lavalys 2010-01-21 15:01 . 2010-01-21 15:01 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-21 15:01 . 2010-01-21 15:01 -------- d-----w- c:\program files\Java 2010-01-21 15:01 . 2010-01-21 15:01 152576 ----a-w- c:\documents and settings\vic\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2010-01-21 15:00 . 2010-01-21 15:01 -------- d-----w- c:\program files\LimeWire 2010-01-21 03:03 . 2010-02-19 09:58 -------- d-----w- c:\program files\Webtarot . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-19 08:00 . 2009-12-28 18:23 -------- d-----w- c:\program files\Steam 2010-02-19 06:44 . 2002-08-30 12:00 71248 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-19 06:44 . 2002-08-30 12:00 458230 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Application Data\ATI 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\RPJJJDB1.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\3LJFHVZZ.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\OGGIBJ13.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\MR5RPRBR.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\8ZLF9JTJ.DAT 2010-02-18 00:20 . 2009-12-27 23:26 23660 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-18 00:01 . 2010-01-21 15:02 -------- d-----w- c:\documents and settings\vic\Application Data\LimeWire 2010-02-16 23:15 . 2009-12-28 00:18 -------- d-----w- c:\program files\Alwil Software 2010-02-16 16:40 . 2009-12-30 01:43 -------- d-----w- c:\program files\a-squared Free 2010-01-23 02:52 . 2009-12-28 03:17 -------- d-----w- c:\documents and settings\vic\Application Data\vlc 2010-01-23 02:40 . 2009-12-27 23:26 -------- d-----w- c:\program files\Services en ligne 2010-01-23 02:32 . 2009-12-30 01:32 -------- d-----w- c:\program files\Glary Utilities 2010-01-23 02:30 . 2009-12-28 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-21 22:42 . 2009-12-30 01:33 -------- d-----w- c:\documents and settings\vic\Application Data\GlarySoft 2009-12-28 19:52 . 2009-12-28 19:49 -------- d-----w- c:\program files\Microsoft DirectX SDK (November 2008) 2009-12-28 19:48 . 2009-12-28 19:48 119120 ----a-w- c:\windows\dxsdkuninst.exe 2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\vic\Application Data\Sports Interactive 2009-12-28 18:38 . 2009-12-28 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive 2009-12-28 18:23 . 2009-12-28 18:22 -------- d--h--w- c:\program files\Zero G Registry 2009-12-28 18:22 . 2009-12-28 18:22 -------- d-----w- c:\program files\Sports Interactive 2009-12-28 18:19 . 2009-12-28 18:19 12328 ----a-w- c:\documents and settings\vic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-28 18:18 . 2009-12-28 18:18 -------- d-----w- c:\documents and settings\vic\Application Data\ATI 2009-12-28 18:18 . 2009-12-28 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-12-28 18:18 . 2009-12-28 18:18 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-28 18:15 . 2009-12-28 18:07 -------- d-----w- c:\program files\ATI Technologies 2009-12-28 18:13 . 2009-12-28 18:06 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-12-28 18:12 . 2009-12-28 18:12 9158 ----a-r- c:\documents and settings\vic\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2009-12-28 18:12 . 2009-12-28 18:12 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies 2009-12-28 03:31 . 2009-12-28 03:30 -------- d-----w- c:\documents and settings\vic\Application Data\dvdcss 2009-12-28 03:16 . 2009-12-28 03:16 -------- d-----w- c:\program files\VideoLAN 2009-12-27 23:29 . 2009-12-27 23:29 -------- d-----w- c:\program files\microsoft frontpage 2009-12-27 23:29 . 2009-12-27 23:29 558142 ----a-w- c:\windows\java\Packages\NJJFDFZF.ZIP 2009-12-27 23:29 . 2009-12-27 23:29 155995 ----a-w- c:\windows\java\Packages\Y0O1Z9VR.ZIP 2009-12-27 23:28 . 2009-12-27 23:28 70691 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat . ------- Sigcheck ------- [-] 2008-04-13 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\qmgr.dll [-] 2004-07-01 . C3F35AA3E4E791EA8425B5DBAE01E283 . 360960 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll [7] 2002-08-30 . E1BDBEC55DF596AC4DC9FDCF6CB12832 . 223232 . . [6.2.2600.1106] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-04-13 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wscntfy.exe [-] 2008-04-13 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\xmlprov.dll . ((((((((((((((((((((((((((((( SnapShot_2010-02-19_09.06.51 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-19 11:10 . 2010-02-19 11:10 16384 c:\windows\Temp\Perflib_Perfdata_768.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] 2010-02-13 12:53 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-13 2349080] [HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-13 2349080] [HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-21 149280] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-30 13312] c:\documents and settings\vic\Menu D‚marrer\Programmes\D‚marrage\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "5288:TCP"= 5288:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "3522:TCP"= 3522:TCP:Services "7599:TCP"= 7599:TCP:Services "6833:TCP"= 6833:TCP:Services R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [18/02/2010 01:44 22360] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [18/02/2010 01:44 45416] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [30/12/2009 02:43 1858144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/02/2010 01:44 108289] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056] . Contenu du dossier 'Tâches planifiées' 2010-02-18 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-12-30 22:01] . . ------- Examen supplémentaire ------- . IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\victor giret\Application Data\Mozilla\Firefox\Profiles\95s69elm.default\ FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-19 12:10 Windows 5.1.2600 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\System32\ODBC32.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(744) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(4008) c:\windows\System32\msi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\windows\SOUNDMAN.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Heure de fin: 2010-02-19 12:13:47 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-19 11:13 ComboFix2.txt 2010-02-19 09:10 ComboFix3.txt 2010-02-19 06:44 Avant-CF: 69 864 574 976 octets libres Après-CF: 69 841 985 536 octets libres - - End Of File - - 8D80BF3D1E23213E58A5301193E440D9
- le 19 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

j'ai fais tout ce que tu m'as dis, sans incidents notables. Voici le rapport : Fichier kat9s1.dll reçu le 2010.02.19 10:25:04 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.02.19 Trojan-Downloader.Win32.Mebroot!IK AhnLab-V3 5.0.0.2 2010.02.19 - AntiVir 8.2.1.170 2010.02.19 - Antiy-AVL 2.0.3.7 2010.02.19 - Authentium 5.2.0.5 2010.02.19 - Avast 4.8.1351.0 2010.02.19 - AVG 9.0.0.730 2010.02.19 - BitDefender 7.2 2010.02.19 - CAT-QuickHeal 10.00 2010.02.19 - ClamAV 0.96.0.0-git 2010.02.19 - Comodo 3990 2010.02.19 Heur.Packed.Unknown DrWeb 5.0.1.12222 2010.02.19 - eSafe 7.0.17.0 2010.02.18 - eTrust-Vet 35.2.7313 2010.02.19 - F-Prot 4.5.1.85 2010.02.18 - F-Secure 9.0.15370.0 2010.02.19 - Fortinet 4.0.14.0 2010.02.18 - GData 19 2010.02.19 - Ikarus T3.1.1.80.0 2010.02.19 Trojan-Downloader.Win32.Mebroot Jiangmin 13.0.900 2010.02.19 - K7AntiVirus 7.10.977 2010.02.18 - Kaspersky 7.0.0.125 2010.02.17 - McAfee 5896 2010.02.18 - McAfee+Artemis 5896 2010.02.18 - McAfee-GW-Edition 6.8.5 2010.02.19 - Microsoft 1.5406 2010.02.18 - NOD32 4879 2010.02.19 a variant of Win32/TrojanDownloader.Mebload.W Norman 6.04.08 2010.02.18 - nProtect 2009.1.8.0 2010.02.19 - Panda 10.0.2.2 2010.02.19 - PCTools 7.0.3.5 2010.02.19 - Prevx 3.0 2010.02.19 Medium Risk Malware Rising 22.34.01.03 2010.02.11 - Sophos 4.50.0 2010.02.19 - Sunbelt 5686 2010.02.19 - Symantec 20091.2.0.41 2010.02.19 Suspicious.Insight TheHacker 6.5.1.5.201 2010.02.19 - TrendMicro 9.120.0.1004 2010.02.19 - VBA32 3.12.12.2 2010.02.18 Malware-Cryptor.Win32.Kefir ViRobot 2010.2.19.2193 2010.02.19 - VirusBuster 5.0.27.0 2010.02.18 - Information additionnelle File size: 45568 bytes MD5...: 9a0fec655533213b6464224a7bc4fc67 SHA1..: e5c8bbbe49803b6dd39597fbf4974d225148a89f SHA256: 316beb6f994849b7b53212b7eb3656c30c45a0f3c37a39b067cef49fe8e69732 ssdeep: 768:N7uDtDaaFq9Q8r2GsIC9YKc7cImFrN+W/L3xYarIt++68DGs4tW75qzc:NaD tDNkfYII02F3D3xe68CD65z PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2d53 timedatestamp.....: 0x47041b7c (Wed Oct 03 22:45:16 2007) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x55ae 0x5600 6.50 c3140c15834d4bf9aeace52f6320c8bf .rdata 0x7000 0x6ae 0x800 4.18 6259caecc0c00bf954c23f8ed5a96499 .data 0x8000 0x463c 0x4600 7.06 6d9749d7b41c7f6fff77f26cdbd8a03f idata 0xd000 0x1 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0xe000 0x300 0x400 2.52 24c6b77c249bae16fc959ad567e47862 .reloc 0xf000 0x2a0 0x400 3.67 7b0e95f1137cd521f8b11727ec82e2b3 ( 8 imports ) > SHLWAPI.dll: SHDeleteKeyW, SHEnumKeyExW, SHCopyKeyW, SHDeleteEmptyKeyW, HashData > KERNEL32.dll: SetCurrentDirectoryA, lstrcmpW, Beep, CompareStringA, OpenEventA, CreateNamedPipeA, DeleteAtom, DeleteFileA, DisconnectNamedPipe, DuplicateHandle, GetConsoleCP, GetExitCodeProcess, GetExitCodeThread, GetMailslotInfo, GetModuleHandleA, GetProcessHeap, GetCurrentProcessId, GlobalAlloc, IsValidCodePage, IsValidLocale, ResetEvent, SetFilePointer, GetStartupInfoA, GetComputerNameA, GetFileType, CancelIo, CallNamedPipeA, GetFileAttributesA, lstrcmpA, lstrlenA, GetDriveTypeW, GetDriveTypeA, GetWindowsDirectoryW, GetSystemDirectoryW, GetComputerNameW, GetCurrentDirectoryW, BackupSeek > ole32.dll: OleRun > USER32.dll: ReleaseDC > ADVAPI32.dll: GetUserNameA, RegLoadKeyA > msvcrt.dll: malloc, free, toupper > VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA > WINMM.dll: DrvGetModuleHandle, timeGetDevCaps, CloseDriver, OpenDriver ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - sigcheck: publisher....: n/a copyright....: Copyright © 2008 product......: version Application description..: version Application original name: ver.exe internal name: version file version.: 1, 0, 0, 1 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned trid..: Win32 Executable Generic (58.4%) Clipper DOS Executable (13.8%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.7%) VXD Driver (0.2%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2C49EF0400C83E58B2D500D7B5099700CCA34CFC''>http://info.prevx.com/aboutprogramtext.asp?PX5=2C49EF0400C83E58B2D500D7B5099700CCA34CFC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2C49EF0400C83E58B2D500D7B5099700CCA34CFC</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=2C49EF0400C83E58B2D500D7B5099700CCA34CFC</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.02.19 Trojan-Downloader.Win32.Mebroot!IK AhnLab-V3 5.0.0.2 2010.02.19 - AntiVir 8.2.1.170 2010.02.19 - Antiy-AVL 2.0.3.7 2010.02.19 - Authentium 5.2.0.5 2010.02.19 - Avast 4.8.1351.0 2010.02.19 - AVG 9.0.0.730 2010.02.19 - BitDefender 7.2 2010.02.19 - CAT-QuickHeal 10.00 2010.02.19 - ClamAV 0.96.0.0-git 2010.02.19 - Comodo 3990 2010.02.19 Heur.Packed.Unknown DrWeb 5.0.1.12222 2010.02.19 - eSafe 7.0.17.0 2010.02.18 - eTrust-Vet 35.2.7313 2010.02.19 - F-Prot 4.5.1.85 2010.02.18 - F-Secure 9.0.15370.0 2010.02.19 - Fortinet 4.0.14.0 2010.02.18 - GData 19 2010.02.19 - Ikarus T3.1.1.80.0 2010.02.19 Trojan-Downloader.Win32.Mebroot Jiangmin 13.0.900 2010.02.19 - K7AntiVirus 7.10.977 2010.02.18 - Kaspersky 7.0.0.125 2010.02.17 - McAfee 5896 2010.02.18 - McAfee+Artemis 5896 2010.02.18 - McAfee-GW-Edition 6.8.5 2010.02.19 - Microsoft 1.5406 2010.02.18 - NOD32 4879 2010.02.19 a variant of Win32/TrojanDownloader.Mebload.W Norman 6.04.08 2010.02.18 - nProtect 2009.1.8.0 2010.02.19 - Panda 10.0.2.2 2010.02.19 - PCTools 7.0.3.5 2010.02.19 - Prevx 3.0 2010.02.19 Medium Risk Malware Rising 22.34.01.03 2010.02.11 - Sophos 4.50.0 2010.02.19 - Sunbelt 5686 2010.02.19 - Symantec 20091.2.0.41 2010.02.19 Suspicious.Insight TheHacker 6.5.1.5.201 2010.02.19 - TrendMicro 9.120.0.1004 2010.02.19 - VBA32 3.12.12.2 2010.02.18 Malware-Cryptor.Win32.Kefir ViRobot 2010.2.19.2193 2010.02.19 - VirusBuster 5.0.27.0 2010.02.18 - Information additionnelle File size: 45568 bytes MD5...: 9a0fec655533213b6464224a7bc4fc67 SHA1..: e5c8bbbe49803b6dd39597fbf4974d225148a89f SHA256: 316beb6f994849b7b53212b7eb3656c30c45a0f3c37a39b067cef49fe8e69732 ssdeep: 768:N7uDtDaaFq9Q8r2GsIC9YKc7cImFrN+W/L3xYarIt++68DGs4tW75qzc:NaD tDNkfYII02F3D3xe68CD65z PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2d53 timedatestamp.....: 0x47041b7c (Wed Oct 03 22:45:16 2007) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x55ae 0x5600 6.50 c3140c15834d4bf9aeace52f6320c8bf .rdata 0x7000 0x6ae 0x800 4.18 6259caecc0c00bf954c23f8ed5a96499 .data 0x8000 0x463c 0x4600 7.06 6d9749d7b41c7f6fff77f26cdbd8a03f idata 0xd000 0x1 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0xe000 0x300 0x400 2.52 24c6b77c249bae16fc959ad567e47862 .reloc 0xf000 0x2a0 0x400 3.67 7b0e95f1137cd521f8b11727ec82e2b3 ( 8 imports ) > SHLWAPI.dll: SHDeleteKeyW, SHEnumKeyExW, SHCopyKeyW, SHDeleteEmptyKeyW, HashData > KERNEL32.dll: SetCurrentDirectoryA, lstrcmpW, Beep, CompareStringA, OpenEventA, CreateNamedPipeA, DeleteAtom, DeleteFileA, DisconnectNamedPipe, DuplicateHandle, GetConsoleCP, GetExitCodeProcess, GetExitCodeThread, GetMailslotInfo, GetModuleHandleA, GetProcessHeap, GetCurrentProcessId, GlobalAlloc, IsValidCodePage, IsValidLocale, ResetEvent, SetFilePointer, GetStartupInfoA, GetComputerNameA, GetFileType, CancelIo, CallNamedPipeA, GetFileAttributesA, lstrcmpA, lstrlenA, GetDriveTypeW, GetDriveTypeA, GetWindowsDirectoryW, GetSystemDirectoryW, GetComputerNameW, GetCurrentDirectoryW, BackupSeek > ole32.dll: OleRun > USER32.dll: ReleaseDC > ADVAPI32.dll: GetUserNameA, RegLoadKeyA > msvcrt.dll: malloc, free, toupper > VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA > WINMM.dll: DrvGetModuleHandle, timeGetDevCaps, CloseDriver, OpenDriver ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - sigcheck: publisher....: n/a copyright....: Copyright © 2008 product......: version Application description..: version Application original name: ver.exe internal name: version file version.: 1, 0, 0, 1 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned trid..: Win32 Executable Generic (58.4%) Clipper DOS Executable (13.8%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.7%) VXD Driver (0.2%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2C49EF0400C83E58B2D500D7B5099700CCA34CFC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2C49EF0400C83E58B2D500D7B5099700CCA34CFC</a>
- le 19 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

voila, j'ai fais comme tu m'a dis, extrait les trois fichiers vers C:/ ensuite j'ai suivi le reste de ton protocole, ci-dessous le nouveau log de combofix, à noter que pendant son scan, la boite de dialogue de windows dont je te parlais tout à l'heure est réapparut (des nvx fichiers ont ete installés, pour la stabilité du systeme vous devez inserer le cd windows xp blablabla) comme ça n'a pas eu l'air de perturber combofix, je n'ai rien touché et la boite de dialogue a disparut lorsque combofix a fait redémarrer l'ordi. le log de combofix : ComboFix 10-02-18.07 - victor giret 19/02/2010 10:01:27.2.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.1.1252.33.1036.18.511.297 [GMT 1:00] Lancé depuis: c:\documents and settings\victor giret\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\victor giret\Bureau\CFscript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . original MBR restored successfully ! . --------------- FMove --------------- c:\wscntfy.exe --> c:\windows\system32\wscntfy.exe c:\xmlprov.dll --> c:\windows\system32\xmlprov.dll c:\qmgr.dll --> c:\windows\system32\qmgr.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-19 au 2010-02-19 )))))))))))))))))))))))))))))))))))) . 2010-02-19 09:01 . 2008-04-13 17:34 13824 ----a-w- c:\windows\system32\wscntfy.exe 2010-02-19 09:01 . 2008-04-13 17:33 129024 ----a-w- c:\windows\system32\xmlprov.dll 2010-02-19 07:27 . 2007-09-14 13:57 307200 ----a-r- c:\windows\system32\atiiiexx.dll 2010-02-19 07:27 . 2007-09-14 13:34 972072 ----a-r- c:\windows\system32\ativva6x.dat 2010-02-19 07:27 . 2007-09-14 13:34 3107788 ----a-r- c:\windows\system32\ativva5x.dat 2010-02-19 07:27 . 2007-09-14 13:34 3107788 ----a-r- c:\windows\system32\ativvaxx.dat 2010-02-19 07:27 . 2007-08-14 09:11 156671 ----a-r- c:\windows\system32\atiicdxx.dat 2010-02-19 07:26 . 2010-02-19 07:32 -------- d-----w- c:\windows\LastGood 2010-02-19 06:49 . 2010-02-19 06:49 0 ----a-w- c:\windows\nsreg.dat 2010-02-19 06:49 . 2010-02-19 06:49 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\Mozilla 2010-02-18 07:32 . 2010-02-18 07:32 -------- d-----w- c:\windows\Sun 2010-02-18 07:32 . 2010-02-18 07:32 45568 ----a-w- C:\kat9s1.dll 2010-02-18 06:54 . 2010-02-18 06:54 -------- d-----w- C:\Mes Pilotes 2010-02-18 06:50 . 2010-02-18 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\inf 2010-02-18 06:50 . 2010-02-18 06:50 -------- d-----w- c:\program files\My Drivers 2010-02-18 06:38 . 2010-02-19 07:54 -------- d-----w- c:\program files\ATI 2010-02-18 06:37 . 2010-02-18 06:37 -------- d-----w- C:\ATI 2010-02-18 06:24 . 2010-02-18 06:24 -------- d-----w- c:\program files\ma-config.com 2010-02-18 06:24 . 2010-02-18 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-02-18 03:43 . 2010-02-18 03:43 -------- d--h--w- c:\documents and settings\victor giret\InstallAnywhere 2010-02-18 03:39 . 2010-02-18 03:42 -------- d-----w- c:\documents and settings\victor giret\Application Data\Sports Interactive 2010-02-18 02:23 . 2010-02-18 02:23 -------- d-----w- C:\rsit 2010-02-18 02:06 . 2010-02-18 02:06 -------- d-----w- c:\program files\Trend Micro 2010-02-18 01:53 . 2010-02-18 01:53 -------- d-----w- c:\documents and settings\victor giret\Application Data\IObit 2010-02-18 00:55 . 2010-02-18 00:55 9158 ----a-r- c:\documents and settings\victor giret\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2010-02-18 00:54 . 2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe 2010-02-18 00:54 . 2002-08-29 02:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll 2010-02-18 00:54 . 2004-07-09 03:27 381952 -c--a-w- c:\windows\system32\dllcache\dsound.dll 2010-02-18 00:54 . 2004-07-09 03:27 292864 -c--a-w- c:\windows\system32\dllcache\ddraw.dll 2010-02-18 00:54 . 2004-07-09 03:27 230400 -c--a-w- c:\windows\system32\dllcache\dplayx.dll 2010-02-18 00:51 . 2007-09-14 14:06 356352 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-02-18 00:44 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-18 00:44 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-02-18 00:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\program files\Avira 2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-02-18 00:41 . 2010-02-18 00:41 12328 ----a-w- c:\documents and settings\victor giret\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\Conduit 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\IObitCom 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\ATI 2010-02-18 00:40 . 2009-12-27 23:26 -------- d--h--w- c:\documents and settings\victor giret\Modèles 2010-02-18 00:40 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\victor giret\Voisinage réseau 2010-02-18 00:40 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\victor giret\Voisinage d'impression 2010-02-18 00:40 . 2009-12-27 22:29 -------- d-----r- c:\documents and settings\victor giret\Menu Démarrer 2010-02-18 00:32 . 2010-02-18 00:55 -------- d-----w- c:\windows\LastGood.Tmp 2010-02-18 00:23 . 2002-08-30 12:00 5120 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll 2010-02-18 00:22 . 2002-08-30 12:00 99328 -c--a-w- c:\windows\system32\dllcache\imekrcic.dll 2010-02-18 00:20 . 2002-08-30 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wabimp.dll 2010-02-18 00:19 . 2002-08-30 12:00 9728 -c--a-w- c:\windows\system32\dllcache\xolehlp.dll 2010-02-18 00:12 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys 2010-02-18 00:10 . 2002-08-30 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-02-18 00:10 . 2002-08-30 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-02-18 00:10 . 2002-08-30 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-02-18 00:10 . 2002-08-30 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-02-16 23:50 . 2010-02-16 23:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-16 16:47 . 2010-02-16 16:47 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe 2010-02-16 16:47 . 2010-02-16 16:47 119808 ----a-w- c:\windows\system32\winmine.exe 2010-02-05 17:25 . 2010-02-05 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-01-23 04:27 . 2009-10-06 17:32 327168 ----a-w- c:\windows\system32\cutil32.dll 2010-01-23 04:27 . 2009-08-03 19:25 285696 ----a-w- c:\windows\system32\cudart.dll 2010-01-23 04:27 . 2010-01-23 04:27 -------- d-----w- c:\program files\CPUID 2010-01-23 04:23 . 2010-01-23 04:23 -------- d-----w- c:\program files\ESET 2010-01-23 04:10 . 2010-02-13 13:28 -------- d-----w- c:\documents and settings\vic\Local Settings\Application Data\IObitCom 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\program files\Conduit 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\documents and settings\vic\Local Settings\Application Data\Conduit 2010-01-23 04:10 . 2010-02-13 12:53 -------- d-----w- c:\program files\IObitCom 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\documents and settings\vic\Application Data\IObit 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\program files\IObit 2010-01-23 04:10 . 2009-11-04 15:49 635664 ----a-w- c:\documents and settings\vic\Application Data\IObit\Common\TB_Helper.exe 2010-01-23 03:14 . 2010-01-23 03:14 -------- d-----w- c:\windows\system32\bits 2010-01-23 03:11 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe 2010-01-23 03:11 . 2010-01-23 03:26 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-23 02:58 . 2010-01-23 02:58 -------- d-----w- c:\program files\Windows Live Safety Center 2010-01-23 02:24 . 2010-01-23 02:30 -------- d-----w- c:\program files\inKline Global 2010-01-21 22:36 . 2006-08-01 14:02 49152 ----a-w- c:\windows\system32\ChCfg.exe 2010-01-21 22:36 . 2008-09-24 09:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys 2010-01-21 22:36 . 2010-01-21 22:36 -------- d-----w- c:\program files\Realtek AC97 2010-01-21 22:36 . 2006-12-08 14:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe 2010-01-21 22:36 . 2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe 2010-01-21 22:36 . 2006-10-18 01:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll 2010-01-21 22:36 . 2006-07-31 10:27 217088 ----a-w- c:\windows\Alcrmv.exe 2010-01-21 22:36 . 2006-07-31 10:19 315392 ----a-w- c:\windows\alcupd.exe 2010-01-21 22:20 . 2004-07-01 22:08 7680 ----a-w- c:\windows\system32\bitsprx2.dll 2010-01-21 22:20 . 2004-07-01 22:08 7168 ----a-w- c:\windows\system32\bitsprx3.dll 2010-01-21 22:16 . 2009-08-06 18:24 327896 ----a-w- c:\windows\system32\wucltui.dll 2010-01-21 22:16 . 2009-08-06 18:24 209632 ----a-w- c:\windows\system32\wuweb.dll 2010-01-21 22:16 . 2009-08-06 18:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-01-21 22:16 . 2009-08-06 18:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-01-21 22:16 . 2004-08-03 13:00 187160 ----a-w- c:\windows\system32\wuaueng1.dll 2010-01-21 22:16 . 2004-08-03 12:59 170776 ----a-w- c:\windows\system32\wuauclt1.exe 2010-01-21 21:57 . 2010-01-21 21:57 -------- d-----w- c:\documents and settings\vic\Application Data\Uniblue 2010-01-21 15:55 . 2010-01-21 15:55 -------- d-----w- c:\program files\Lavalys 2010-01-21 15:01 . 2010-01-21 15:01 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-21 15:01 . 2010-01-21 15:01 -------- d-----w- c:\program files\Java 2010-01-21 15:01 . 2010-01-21 15:01 152576 ----a-w- c:\documents and settings\vic\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2010-01-21 15:00 . 2010-01-21 15:01 -------- d-----w- c:\program files\LimeWire 2010-01-21 03:03 . 2010-02-19 08:45 -------- d-----w- c:\program files\Webtarot . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-19 08:00 . 2009-12-28 18:23 -------- d-----w- c:\program files\Steam 2010-02-19 06:44 . 2002-08-30 12:00 71248 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-19 06:44 . 2002-08-30 12:00 458230 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Application Data\ATI 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\RPJJJDB1.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\3LJFHVZZ.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\OGGIBJ13.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\MR5RPRBR.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\8ZLF9JTJ.DAT 2010-02-18 00:20 . 2009-12-27 23:26 23660 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-18 00:01 . 2010-01-21 15:02 -------- d-----w- c:\documents and settings\vic\Application Data\LimeWire 2010-02-16 23:15 . 2009-12-28 00:18 -------- d-----w- c:\program files\Alwil Software 2010-02-16 16:40 . 2009-12-30 01:43 -------- d-----w- c:\program files\a-squared Free 2010-01-23 02:52 . 2009-12-28 03:17 -------- d-----w- c:\documents and settings\vic\Application Data\vlc 2010-01-23 02:40 . 2009-12-27 23:26 -------- d-----w- c:\program files\Services en ligne 2010-01-23 02:32 . 2009-12-30 01:32 -------- d-----w- c:\program files\Glary Utilities 2010-01-23 02:30 . 2009-12-28 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-21 22:42 . 2009-12-30 01:33 -------- d-----w- c:\documents and settings\vic\Application Data\GlarySoft 2009-12-28 19:52 . 2009-12-28 19:49 -------- d-----w- c:\program files\Microsoft DirectX SDK (November 2008) 2009-12-28 19:48 . 2009-12-28 19:48 119120 ----a-w- c:\windows\dxsdkuninst.exe 2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\vic\Application Data\Sports Interactive 2009-12-28 18:38 . 2009-12-28 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive 2009-12-28 18:23 . 2009-12-28 18:22 -------- d--h--w- c:\program files\Zero G Registry 2009-12-28 18:22 . 2009-12-28 18:22 -------- d-----w- c:\program files\Sports Interactive 2009-12-28 18:19 . 2009-12-28 18:19 12328 ----a-w- c:\documents and settings\vic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-28 18:18 . 2009-12-28 18:18 -------- d-----w- c:\documents and settings\vic\Application Data\ATI 2009-12-28 18:18 . 2009-12-28 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-12-28 18:18 . 2009-12-28 18:18 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-28 18:15 . 2009-12-28 18:07 -------- d-----w- c:\program files\ATI Technologies 2009-12-28 18:13 . 2009-12-28 18:06 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-12-28 18:12 . 2009-12-28 18:12 9158 ----a-r- c:\documents and settings\vic\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2009-12-28 18:12 . 2009-12-28 18:12 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies 2009-12-28 03:31 . 2009-12-28 03:30 -------- d-----w- c:\documents and settings\vic\Application Data\dvdcss 2009-12-28 03:16 . 2009-12-28 03:16 -------- d-----w- c:\program files\VideoLAN 2009-12-27 23:29 . 2009-12-27 23:29 -------- d-----w- c:\program files\microsoft frontpage 2009-12-27 23:29 . 2009-12-27 23:29 558142 ----a-w- c:\windows\java\Packages\NJJFDFZF.ZIP 2009-12-27 23:29 . 2009-12-27 23:29 155995 ----a-w- c:\windows\java\Packages\Y0O1Z9VR.ZIP 2009-12-27 23:28 . 2009-12-27 23:28 70691 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat . ------- Sigcheck ------- [-] 2008-04-13 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\qmgr.dll [-] 2004-07-01 . C3F35AA3E4E791EA8425B5DBAE01E283 . 360960 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll [7] 2002-08-30 . E1BDBEC55DF596AC4DC9FDCF6CB12832 . 223232 . . [6.2.2600.1106] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-04-13 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wscntfy.exe [-] 2008-04-13 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\xmlprov.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-19_06.40.32 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-19 09:06 . 2010-02-19 09:06 16384 c:\windows\Temp\Perflib_Perfdata_944.dat + 2010-02-19 09:06 . 2010-02-19 09:06 16384 c:\windows\Temp\Perflib_Perfdata_320.dat + 2002-08-30 12:00 . 2010-02-19 06:44 58596 c:\windows\system32\perfc009.dat - 2002-08-30 12:00 . 2010-02-19 06:41 58596 c:\windows\system32\perfc009.dat + 2010-02-19 07:31 . 2004-07-09 03:26 47104 c:\windows\LastGood\System32\wstdecod.dll + 2010-02-19 07:31 . 2002-08-29 02:41 31744 c:\windows\LastGood\System32\pid.dll + 2010-02-19 07:31 . 2004-07-09 03:26 16896 c:\windows\LastGood\System32\msyuv.dll + 2010-02-19 07:31 . 2002-12-11 23:14 13312 c:\windows\LastGood\System32\msdmo.dll + 2010-02-19 07:31 . 2002-12-11 23:14 34304 c:\windows\LastGood\System32\mciqtz32.dll + 2010-02-19 07:31 . 2002-12-11 23:14 18944 c:\windows\LastGood\System32\encapi.dll + 2010-02-19 07:31 . 2002-12-11 23:14 46592 c:\windows\LastGood\System32\dxdllreg.exe + 2010-02-19 07:31 . 2002-12-11 23:14 18432 c:\windows\LastGood\System32\dswave.dll + 2010-02-19 07:31 . 2004-07-09 03:26 18688 c:\windows\LastGood\System32\DRIVERS\wstcodec.sys + 2010-02-19 07:31 . 2004-07-09 03:26 14976 c:\windows\LastGood\System32\DRIVERS\streamip.sys + 2010-02-19 07:31 . 2004-07-09 03:27 48512 c:\windows\LastGood\System32\DRIVERS\stream.sys + 2010-02-19 07:31 . 2004-07-09 03:26 10880 c:\windows\LastGood\System32\DRIVERS\slip.sys + 2010-02-19 07:31 . 2004-07-09 03:26 10112 c:\windows\LastGood\System32\DRIVERS\ndisip.sys + 2010-02-19 07:31 . 2004-07-09 03:26 83968 c:\windows\LastGood\System32\DRIVERS\nabtsfec.sys + 2010-02-19 07:31 . 2004-07-09 03:26 52096 c:\windows\LastGood\System32\DRIVERS\msdv.sys + 2010-02-19 07:31 . 2004-07-09 03:26 15104 c:\windows\LastGood\System32\DRIVERS\mpe.sys + 2010-02-19 07:31 . 2001-08-23 04:00 10496 c:\windows\LastGood\System32\DRIVERS\dxapi.sys + 2010-02-19 07:31 . 2004-07-09 03:26 16384 c:\windows\LastGood\System32\DRIVERS\ccdecode.sys + 2010-02-19 07:31 . 2004-07-09 03:26 11392 c:\windows\LastGood\System32\DRIVERS\bdasup.sys + 2010-02-19 07:27 . 2007-09-14 13:17 49152 c:\windows\LastGood\System32\DRIVERS\ati2erec.dll + 2010-02-19 07:31 . 2004-07-09 03:27 79360 c:\windows\LastGood\System32\dpwsockx.dll + 2010-02-19 07:31 . 2002-12-11 23:14 80896 c:\windows\LastGood\System32\dpvsetup.exe + 2010-02-19 07:31 . 2002-12-11 23:14 19968 c:\windows\LastGood\System32\dpvacm.dll + 2010-02-19 07:31 . 2002-12-11 23:14 16896 c:\windows\LastGood\System32\dpnsvr.exe + 2010-02-19 07:31 . 2003-03-24 08:00 68096 c:\windows\LastGood\System32\dpnhupnp.dll + 2010-02-19 07:31 . 2003-03-24 08:00 32768 c:\windows\LastGood\System32\dpnhpast.dll + 2010-02-19 07:31 . 2002-12-11 23:14 77824 c:\windows\LastGood\System32\dpmodemx.dll + 2010-02-19 07:31 . 2002-12-11 23:14 28160 c:\windows\LastGood\System32\dplaysvr.exe + 2010-02-19 07:31 . 2002-12-11 23:14 98816 c:\windows\LastGood\System32\dmstyle.dll + 2010-02-19 07:31 . 2002-12-11 23:14 76800 c:\windows\LastGood\System32\dmscript.dll + 2010-02-19 07:31 . 2002-12-11 23:14 33280 c:\windows\LastGood\System32\dmloader.dll + 2010-02-19 07:31 . 2002-12-11 23:14 58368 c:\windows\LastGood\System32\dmcompos.dll + 2010-02-19 07:31 . 2002-12-11 23:14 27136 c:\windows\LastGood\System32\dmband.dll + 2010-02-19 07:31 . 2004-07-09 03:26 47104 c:\windows\LastGood\System32\DLLCache\wstdecod.dll + 2010-02-19 07:31 . 2002-08-29 02:41 31744 c:\windows\LastGood\System32\DLLCache\pid.dll + 2010-02-19 07:31 . 2002-12-11 23:14 13312 c:\windows\LastGood\System32\DLLCache\msdmo.dll + 2010-02-19 07:31 . 2002-12-11 23:14 34304 c:\windows\LastGood\System32\DLLCache\mciqtz32.dll + 2010-02-19 07:31 . 2001-08-23 04:00 10496 c:\windows\LastGood\System32\DLLCache\dxapi.sys + 2010-02-19 07:31 . 2002-12-11 23:14 18432 c:\windows\LastGood\System32\DLLCache\dswave.dll + 2010-02-19 07:31 . 2004-07-09 03:27 79360 c:\windows\LastGood\System32\DLLCache\dpwsockx.dll + 2010-02-19 07:31 . 2002-12-11 23:14 80896 c:\windows\LastGood\System32\DLLCache\dpvsetup.exe + 2010-02-19 07:31 . 2002-12-11 23:14 19968 c:\windows\LastGood\System32\DLLCache\dpvacm.dll + 2010-02-19 07:31 . 2002-12-11 23:14 16896 c:\windows\LastGood\System32\DLLCache\dpnsvr.exe + 2010-02-19 07:31 . 2003-03-24 08:00 68096 c:\windows\LastGood\System32\DLLCache\dpnhupnp.dll + 2010-02-19 07:31 . 2003-03-24 08:00 32768 c:\windows\LastGood\System32\DLLCache\dpnhpast.dll + 2010-02-19 07:31 . 2002-12-11 23:14 77824 c:\windows\LastGood\System32\DLLCache\dpmodemx.dll + 2010-02-19 07:31 . 2002-12-11 23:14 28160 c:\windows\LastGood\System32\DLLCache\dplaysvr.exe + 2010-02-19 07:31 . 2002-12-11 23:14 98816 c:\windows\LastGood\System32\DLLCache\dmstyle.dll + 2010-02-19 07:31 . 2002-12-11 23:14 76800 c:\windows\LastGood\System32\DLLCache\dmscript.dll + 2010-02-19 07:31 . 2002-12-11 23:14 33280 c:\windows\LastGood\System32\DLLCache\dmloader.dll + 2010-02-19 07:31 . 2002-12-11 23:14 58368 c:\windows\LastGood\System32\DLLCache\dmcompos.dll + 2010-02-19 07:31 . 2002-12-11 23:14 27136 c:\windows\LastGood\System32\DLLCache\dmband.dll + 2010-02-19 07:31 . 2001-08-23 04:00 44032 c:\windows\LastGood\System32\DLLCache\dimap.dll + 2010-02-19 07:31 . 2002-12-11 23:14 24064 c:\windows\LastGood\System32\DLLCache\ddrawex.dll + 2010-02-19 07:31 . 2001-08-23 04:00 47616 c:\windows\LastGood\System32\DLLCache\d3dxof.dll + 2010-02-19 07:31 . 2001-08-23 04:00 34816 c:\windows\LastGood\System32\DLLCache\d3dpmesh.dll + 2010-02-19 07:31 . 2002-12-11 23:14 64512 c:\windows\LastGood\System32\DLLCache\amstream.dll + 2010-02-19 07:31 . 2001-08-23 04:00 44032 c:\windows\LastGood\System32\dimap.dll + 2010-02-19 07:31 . 2002-12-11 23:14 24064 c:\windows\LastGood\System32\ddrawex.dll + 2010-02-19 07:31 . 2001-08-23 04:00 47616 c:\windows\LastGood\System32\d3dxof.dll + 2010-02-19 07:31 . 2001-08-23 04:00 34816 c:\windows\LastGood\System32\d3dpmesh.dll + 2010-02-19 07:27 . 2001-11-09 03:01 24064 c:\windows\LastGood\System32\ativcoxx.dll + 2010-02-19 07:27 . 2007-09-14 13:18 17408 c:\windows\LastGood\System32\atitvo32.dll + 2010-02-19 07:27 . 2007-07-19 14:19 81920 c:\windows\LastGood\System32\ATIODE.exe + 2010-02-19 07:27 . 2007-07-19 14:19 40960 c:\windows\LastGood\System32\ATIODCLI.exe + 2010-02-19 07:27 . 2007-09-14 13:54 53248 c:\windows\LastGood\System32\ATIDDC.DLL + 2010-02-19 07:27 . 2007-09-14 13:56 26112 c:\windows\LastGood\System32\Ati2mdxx.exe + 2010-02-19 07:27 . 2007-09-14 13:56 43520 c:\windows\LastGood\System32\ati2edxx.dll + 2010-02-19 07:31 . 2002-12-11 23:14 64512 c:\windows\LastGood\System32\amstream.dll + 2010-02-19 07:31 . 2004-07-09 03:26 47104 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstdecod.dll + 2010-02-19 07:31 . 2004-07-09 03:26 18688 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstcodec.sys + 2010-02-19 07:31 . 2004-07-09 03:26 14976 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\streamip.sys + 2010-02-19 07:31 . 2004-07-09 03:26 10880 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\slip.sys + 2010-02-19 07:31 . 2004-07-09 03:26 10112 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ndisip.sys + 2010-02-19 07:31 . 2004-07-09 03:26 83968 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\nabtsfec.sys + 2010-02-19 07:31 . 2004-07-09 03:26 16896 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msyuv.dll + 2010-02-19 07:31 . 2004-07-09 03:26 15104 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\mpe.sys + 2010-02-19 07:31 . 2004-07-09 03:26 16384 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ccdecode.sys + 2010-02-19 07:31 . 2004-07-09 03:26 11392 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\bdasup.sys + 2010-02-19 07:32 . 2004-07-09 03:27 48512 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys + 2010-02-19 07:32 . 2002-12-11 23:14 13312 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\msdmo.dll + 2010-02-19 07:32 . 2002-12-11 23:14 34304 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mciqtz32.dll + 2010-02-19 07:32 . 2002-12-11 23:14 18944 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\encapi.dll + 2010-02-19 07:32 . 2002-12-11 23:14 46592 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe + 2010-02-19 07:32 . 2002-12-11 23:14 18432 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dswave.dll + 2010-02-19 07:32 . 2004-07-09 03:27 79360 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpwsockx.dll + 2010-02-19 07:32 . 2002-12-11 23:14 80896 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvsetup.exe + 2010-02-19 07:32 . 2002-12-11 23:14 19968 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvacm.dll + 2010-02-19 07:32 . 2002-12-11 23:14 16896 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnsvr.exe + 2010-02-19 07:32 . 2003-03-24 08:00 68096 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhupnp.dll + 2010-02-19 07:32 . 2003-03-24 08:00 32768 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhpast.dll + 2010-02-19 07:32 . 2002-12-11 23:14 77824 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpmodemx.dll + 2010-02-19 07:32 . 2002-12-11 23:14 28160 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe + 2010-02-19 07:32 . 2002-12-11 23:14 98816 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmstyle.dll + 2010-02-19 07:32 . 2002-12-11 23:14 76800 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmscript.dll + 2010-02-19 07:32 . 2002-12-11 23:14 33280 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll + 2010-02-19 07:32 . 2002-12-11 23:14 58368 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmcompos.dll + 2010-02-19 07:32 . 2002-12-11 23:14 27136 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmband.dll + 2010-02-19 07:31 . 2002-12-11 23:14 24064 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddrawex.dll + 2010-02-19 07:32 . 2002-12-11 23:14 64512 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\amstream.dll + 2010-02-19 07:31 . 2004-07-09 03:26 18688 c:\windows\LastGood\Driver Cache\i386\wstcodec.sys + 2010-02-19 07:31 . 2004-07-09 03:26 14976 c:\windows\LastGood\Driver Cache\i386\streamip.sys + 2010-02-19 07:31 . 2004-07-09 03:27 48512 c:\windows\LastGood\Driver Cache\i386\stream.sys + 2010-02-19 07:31 . 2004-07-09 03:26 10880 c:\windows\LastGood\Driver Cache\i386\slip.sys + 2010-02-19 07:31 . 2002-08-29 02:41 31744 c:\windows\LastGood\Driver Cache\i386\pid.dll + 2010-02-19 07:31 . 2004-07-09 03:26 10112 c:\windows\LastGood\Driver Cache\i386\ndisip.sys + 2010-02-19 07:31 . 2004-07-09 03:26 83968 c:\windows\LastGood\Driver Cache\i386\nabtsfec.sys + 2010-02-19 07:31 . 2004-07-09 03:26 16896 c:\windows\LastGood\Driver Cache\i386\msyuv.dll + 2010-02-19 07:31 . 2004-07-09 03:26 52096 c:\windows\LastGood\Driver Cache\i386\msdv.sys + 2010-02-19 07:31 . 2004-07-09 03:26 15104 c:\windows\LastGood\Driver Cache\i386\mpe.sys + 2010-02-19 07:31 . 2004-07-09 03:26 16384 c:\windows\LastGood\Driver Cache\i386\ccdecode.sys + 2010-02-19 07:31 . 2004-07-09 03:26 11392 c:\windows\LastGood\Driver Cache\i386\bdasup.sys - 2010-02-18 06:38 . 2010-02-18 06:38 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-02-18 06:38 . 2010-02-19 07:54 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe - 2010-02-18 06:38 . 2010-02-18 06:38 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-02-18 06:38 . 2010-02-19 07:54 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-02-18 06:38 . 2010-02-19 07:54 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe - 2010-02-18 06:38 . 2010-02-18 06:38 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe - 2010-02-18 06:38 . 2010-02-18 06:38 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-02-18 06:38 . 2010-02-19 07:54 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe + 2010-02-18 06:38 . 2010-02-19 07:54 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\ARPPRODUCTICON.exe - 2010-02-18 06:38 . 2010-02-18 06:38 77542 c:\windows\Installer\{9BB86C70-E1EF-7457-46DC-0093B5269458}\ARPPRODUCTICON.exe + 2010-02-19 07:54 . 2010-02-19 07:54 10134 c:\windows\Installer\{72736F5F-520D-472A-88CC-7B02872FD34E}\ARPPRODUCTICON.exe - 2010-02-18 06:38 . 2010-02-18 06:38 10134 c:\windows\Installer\{72736F5F-520D-472A-88CC-7B02872FD34E}\ARPPRODUCTICON.exe + 2010-02-19 07:31 . 2002-12-11 23:14 4096 c:\windows\LastGood\System32\ksuser.dll + 2010-02-19 07:31 . 2002-12-11 23:14 4096 c:\windows\LastGood\System32\DRIVERS\swenum.sys + 2010-02-19 07:31 . 2002-12-11 23:14 5504 c:\windows\LastGood\System32\DRIVERS\mstee.sys + 2010-02-19 07:31 . 2001-08-23 04:00 4608 c:\windows\LastGood\System32\DRIVERS\mspqm.sys + 2010-02-19 07:31 . 2002-12-11 23:14 5248 c:\windows\LastGood\System32\DRIVERS\mspclock.sys + 2010-02-19 07:31 . 2002-12-11 23:14 7424 c:\windows\LastGood\System32\DRIVERS\mskssrv.sys + 2010-02-19 07:31 . 2002-12-11 23:14 3072 c:\windows\LastGood\System32\dpnlobby.dll + 2010-02-19 07:31 . 2002-12-11 23:14 3072 c:\windows\LastGood\System32\dpnaddr.dll + 2010-02-19 07:31 . 2002-12-11 23:14 3072 c:\windows\LastGood\System32\DLLCache\dpnlobby.dll + 2010-02-19 07:31 . 2002-12-11 23:14 3072 c:\windows\LastGood\System32\DLLCache\dpnaddr.dll + 2010-02-19 07:31 . 2002-12-11 23:14 8192 c:\windows\LastGood\System32\DLLCache\d3d8thk.dll + 2010-02-19 07:31 . 2002-12-11 23:14 8192 c:\windows\LastGood\System32\d3d8thk.dll + 2010-02-19 07:32 . 2002-12-11 23:14 4096 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\swenum.sys + 2010-02-19 07:32 . 2002-12-11 23:14 5504 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mstee.sys + 2010-02-19 07:32 . 2001-08-23 04:00 4608 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspqm.sys + 2010-02-19 07:32 . 2002-12-11 23:14 5248 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspclock.sys + 2010-02-19 07:32 . 2002-12-11 23:14 7424 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mskssrv.sys + 2010-02-19 07:32 . 2002-12-11 23:14 4096 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll + 2010-02-19 07:32 . 2002-12-11 23:14 3072 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnlobby.dll + 2010-02-19 07:32 . 2002-12-11 23:14 3072 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnaddr.dll + 2010-02-19 07:32 . 2002-12-11 23:14 8192 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8thk.dll + 2010-02-19 07:31 . 2002-12-11 23:14 4096 c:\windows\LastGood\Driver Cache\i386\swenum.sys + 2010-02-19 07:31 . 2002-12-11 23:14 5504 c:\windows\LastGood\Driver Cache\i386\mstee.sys + 2010-02-19 07:31 . 2001-08-23 04:00 4608 c:\windows\LastGood\Driver Cache\i386\mspqm.sys + 2010-02-19 07:31 . 2002-12-11 23:14 5248 c:\windows\LastGood\Driver Cache\i386\mspclock.sys + 2010-02-19 07:31 . 2002-12-11 23:14 7424 c:\windows\LastGood\Driver Cache\i386\mskssrv.sys + 2010-02-19 07:31 . 2002-12-11 23:14 4096 c:\windows\LastGood\Driver Cache\i386\ksuser.dll + 2002-08-30 12:00 . 2010-02-19 06:44 392296 c:\windows\system32\perfh009.dat - 2002-08-30 12:00 . 2010-02-19 06:41 392296 c:\windows\system32\perfh009.dat + 2010-02-19 07:31 . 2002-12-11 23:14 733184 c:\windows\LastGood\System32\qedwipes.dll + 2010-02-19 07:31 . 2004-07-09 03:27 470528 c:\windows\LastGood\System32\qdvd.dll + 2010-02-19 07:31 . 2004-07-09 03:27 316928 c:\windows\LastGood\System32\qdv.dll + 2010-02-19 07:31 . 2002-12-11 23:14 257024 c:\windows\LastGood\System32\qcap.dll + 2010-02-19 07:31 . 2002-12-11 23:14 173056 c:\windows\LastGood\System32\qasf.dll + 2010-02-19 07:31 . 2004-07-09 03:26 354816 c:\windows\LastGood\System32\psisdecd.dll + 2010-02-19 07:27 . 2007-09-14 13:56 122880 c:\windows\LastGood\System32\Oemdspif.dll + 2010-02-19 07:31 . 2002-12-11 23:14 324096 c:\windows\LastGood\System32\mswebdvd.dll + 2010-02-19 07:31 . 2001-08-23 04:00 223232 c:\windows\LastGood\System32\gcdef.dll + 2010-02-19 07:31 . 2004-07-09 03:27 974848 c:\windows\LastGood\System32\dxdiag.exe + 2010-02-19 07:31 . 2002-12-11 23:14 602624 c:\windows\LastGood\System32\dx7vb.dll + 2010-02-19 07:31 . 2004-07-09 03:27 381952 c:\windows\LastGood\System32\dsound.dll + 2010-02-19 07:31 . 2002-12-11 23:14 491520 c:\windows\LastGood\System32\dsdmoprp.dll + 2010-02-19 07:31 . 2002-12-11 23:14 186880 c:\windows\LastGood\System32\dsdmo.dll + 2010-02-19 07:31 . 2002-12-11 23:14 130304 c:\windows\LastGood\System32\DRIVERS\ks.sys + 2010-02-19 07:31 . 2002-12-11 23:14 112128 c:\windows\LastGood\System32\dpvvox.dll + 2010-02-19 07:31 . 2002-12-11 23:14 381952 c:\windows\LastGood\System32\dpvoice.dll + 2010-02-19 07:31 . 2002-12-11 23:14 723968 c:\windows\LastGood\System32\dpnet.dll + 2010-02-19 07:31 . 2004-07-09 03:27 230400 c:\windows\LastGood\System32\dplayx.dll + 2010-02-19 07:31 . 2004-07-09 03:27 122880 c:\windows\LastGood\System32\dmusic.dll + 2010-02-19 07:31 . 2002-12-11 23:14 100864 c:\windows\LastGood\System32\dmsynth.dll + 2010-02-19 07:31 . 2004-07-09 03:27 181248 c:\windows\LastGood\System32\dmime.dll + 2010-02-19 07:31 . 2002-12-11 23:14 733184 c:\windows\LastGood\System32\DLLCache\qedwipes.dll + 2010-02-19 07:31 . 2004-07-09 03:27 470528 c:\windows\LastGood\System32\DLLCache\qdvd.dll + 2010-02-19 07:31 . 2004-07-09 03:27 316928 c:\windows\LastGood\System32\DLLCache\qdv.dll + 2010-02-19 07:31 . 2002-12-11 23:14 257024 c:\windows\LastGood\System32\DLLCache\qcap.dll + 2010-02-19 07:31 . 2002-12-11 23:14 173056 c:\windows\LastGood\System32\DLLCache\qasf.dll + 2010-02-19 07:31 . 2002-12-11 23:14 324096 c:\windows\LastGood\System32\DLLCache\mswebdvd.dll + 2010-02-19 07:31 . 2001-08-23 04:00 223232 c:\windows\LastGood\System32\DLLCache\gcdef.dll + 2010-02-19 07:31 . 2004-07-09 03:27 974848 c:\windows\LastGood\System32\DLLCache\dxdiag.exe + 2010-02-19 07:31 . 2002-12-11 23:14 602624 c:\windows\LastGood\System32\DLLCache\dx7vb.dll + 2010-02-19 07:31 . 2004-07-09 03:27 381952 c:\windows\LastGood\System32\DLLCache\dsound.dll + 2010-02-19 07:31 . 2002-12-11 23:14 491520 c:\windows\LastGood\System32\DLLCache\dsdmoprp.dll + 2010-02-19 07:31 . 2002-12-11 23:14 186880 c:\windows\LastGood\System32\DLLCache\dsdmo.dll + 2010-02-19 07:31 . 2002-12-11 23:14 112128 c:\windows\LastGood\System32\DLLCache\dpvvox.dll + 2010-02-19 07:31 . 2002-12-11 23:14 381952 c:\windows\LastGood\System32\DLLCache\dpvoice.dll + 2010-02-19 07:31 . 2002-12-11 23:14 723968 c:\windows\LastGood\System32\DLLCache\dpnet.dll + 2010-02-19 07:31 . 2004-07-09 03:27 230400 c:\windows\LastGood\System32\DLLCache\dplayx.dll + 2010-02-19 07:31 . 2004-07-09 03:27 122880 c:\windows\LastGood\System32\DLLCache\dmusic.dll + 2010-02-19 07:31 . 2002-12-11 23:14 100864 c:\windows\LastGood\System32\DLLCache\dmsynth.dll + 2010-02-19 07:31 . 2004-07-09 03:27 181248 c:\windows\LastGood\System32\DLLCache\dmime.dll + 2010-02-19 07:31 . 2002-08-29 02:40 667648 c:\windows\LastGood\System32\DLLCache\dinput8.dll + 2010-02-19 07:31 . 2002-08-29 02:40 648704 c:\windows\LastGood\System32\DLLCache\dinput.dll + 2010-02-19 07:31 . 2001-08-23 04:00 467968 c:\windows\LastGood\System32\DLLCache\diactfrm.dll + 2010-02-19 07:31 . 2003-05-30 08:00 132608 c:\windows\LastGood\System32\DLLCache\devenum.dll + 2010-02-19 07:31 . 2004-07-09 03:27 292864 c:\windows\LastGood\System32\DLLCache\ddraw.dll + 2010-02-19 07:31 . 2002-08-30 12:00 350208 c:\windows\LastGood\System32\DLLCache\d3drm.dll + 2010-02-19 07:31 . 2001-08-23 04:00 590336 c:\windows\LastGood\System32\DLLCache\d3dramp.dll + 2010-02-19 07:31 . 2003-05-30 08:00 797184 c:\windows\LastGood\System32\DLLCache\d3dim700.dll + 2010-02-19 07:31 . 2001-08-23 04:00 436224 c:\windows\LastGood\System32\DLLCache\d3dim.dll + 2010-02-19 07:31 . 2002-08-29 02:40 667648 c:\windows\LastGood\System32\dinput8.dll + 2010-02-19 07:31 . 2002-08-29 02:40 648704 c:\windows\LastGood\System32\dinput.dll + 2010-02-19 07:31 . 2001-08-23 04:00 467968 c:\windows\LastGood\System32\diactfrm.dll + 2010-02-19 07:31 . 2003-05-30 08:00 132608 c:\windows\LastGood\System32\devenum.dll + 2010-02-19 07:31 . 2004-07-09 03:27 292864 c:\windows\LastGood\System32\ddraw.dll + 2010-02-19 07:31 . 2001-08-23 04:00 350208 c:\windows\LastGood\System32\d3drm.dll + 2010-02-19 07:31 . 2001-08-23 04:00 590336 c:\windows\LastGood\System32\d3dramp.dll + 2010-02-19 07:31 . 2003-05-30 08:00 797184 c:\windows\LastGood\System32\d3dim700.dll + 2010-02-19 07:31 . 2001-08-23 04:00 436224 c:\windows\LastGood\System32\d3dim.dll + 2010-02-19 07:27 . 2007-09-14 13:34 972072 c:\windows\LastGood\System32\ativva6x.dat + 2010-02-19 07:27 . 2007-09-14 13:57 143360 c:\windows\LastGood\System32\atipdlxx.dll + 2010-02-19 07:27 . 2007-09-14 13:15 172032 c:\windows\LastGood\System32\atiok3x2.dll + 2010-02-19 07:27 . 2007-09-14 13:20 376832 c:\windows\LastGood\System32\atikvmag.dll + 2010-02-19 07:27 . 2007-09-14 13:57 307200 c:\windows\LastGood\System32\atiiiexx.dll + 2010-02-19 07:27 . 2007-08-14 09:11 156671 c:\windows\LastGood\System32\atiicdxx.dat + 2010-02-19 07:27 . 2007-09-14 14:06 356352 c:\windows\LastGood\System32\ATIDEMGX.dll + 2010-02-19 07:27 . 2007-09-14 13:55 483328 c:\windows\LastGood\System32\ati2evxx.exe + 2010-02-19 07:27 . 2007-09-14 13:56 122880 c:\windows\LastGood\System32\ati2evxx.dll + 2010-02-19 07:27 . 2007-09-14 14:05 268800 c:\windows\LastGood\System32\ati2dvag.dll + 2010-02-19 07:27 . 2007-09-14 13:12 499712 c:\windows\LastGood\System32\ati2cqag.dll + 2010-02-19 07:31 . 2004-07-09 03:26 354816 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\psisdecd.dll + 2010-02-19 07:32 . 2002-12-11 23:14 733184 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedwipes.dll + 2010-02-19 07:32 . 2004-07-09 03:27 470528 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdvd.dll + 2010-02-19 07:32 . 2004-07-09 03:27 316928 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdv.dll + 2010-02-19 07:32 . 2002-12-11 23:14 257024 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qcap.dll + 2010-02-19 07:32 . 2002-12-11 23:14 173056 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qasf.dll + 2010-02-19 07:32 . 2002-12-11 23:14 324096 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mswebdvd.dll + 2010-02-19 07:32 . 2002-12-11 23:14 130304 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ks.sys + 2010-02-19 07:32 . 2004-07-09 03:27 974848 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe + 2010-02-19 07:32 . 2002-12-11 23:14 602624 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx7vb.dll + 2010-02-19 07:32 . 2004-07-09 03:27 381952 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll + 2010-02-19 07:32 . 2002-12-11 23:14 491520 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmoprp.dll + 2010-02-19 07:32 . 2002-12-11 23:14 186880 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmo.dll + 2010-02-19 07:32 . 2002-12-11 23:14 112128 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvvox.dll + 2010-02-19 07:32 . 2002-12-11 23:14 381952 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvoice.dll + 2010-02-19 07:32 . 2002-12-11 23:14 723968 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnet.dll + 2010-02-19 07:32 . 2004-07-09 03:27 230400 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplayx.dll + 2010-02-19 07:32 . 2004-07-09 03:27 122880 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmusic.dll + 2010-02-19 07:32 . 2002-12-11 23:14 100864 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmsynth.dll + 2010-02-19 07:32 . 2004-07-09 03:27 181248 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmime.dll + 2010-02-19 07:32 . 2003-05-30 08:00 132608 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\devenum.dll + 2010-02-19 07:31 . 2004-07-09 03:27 292864 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll + 2010-02-19 07:31 . 2003-05-30 08:00 797184 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3dim700.dll + 2010-02-19 07:31 . 2004-07-09 03:26 354816 c:\windows\LastGood\Driver Cache\i386\psisdecd.dll + 2010-02-19 07:31 . 2002-12-11 23:14 130304 c:\windows\LastGood\Driver Cache\i386\ks.sys + 2010-02-19 07:54 . 2010-02-19 07:54 718336 c:\windows\Installer\edb84.msi + 2010-02-19 07:54 . 2010-02-19 07:54 313856 c:\windows\Installer\edb7d.msi + 2010-02-19 07:54 . 2010-02-19 07:54 238223 c:\windows\Installer\{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}\ARPPRODUCTICON.exe - 2010-02-18 06:38 . 2010-02-18 06:38 238223 c:\windows\Installer\{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}\ARPPRODUCTICON.exe + 2010-02-19 07:31 . 2003-05-30 08:00 1962496 c:\windows\LastGood\System32\quartz.dll + 2010-02-19 07:31 . 2002-12-11 23:14 1798144 c:\windows\LastGood\System32\qedit.dll + 2010-02-19 07:31 . 2004-07-09 03:26 1230336 c:\windows\LastGood\System32\msvidctl.dll + 2010-02-19 07:31 . 2004-07-09 03:27 1769472 c:\windows\LastGood\System32\dxdiagn.dll + 2010-02-19 07:31 . 2003-05-30 08:00 1189888 c:\windows\LastGood\System32\dx8vb.dll + 2010-02-19 07:31 . 2002-12-11 23:14 1294336 c:\windows\LastGood\System32\dsound3d.dll + 2010-02-19 07:26 . 2007-09-14 14:04 2455040 c:\windows\LastGood\System32\DRIVERS\ati2mtag.sys + 2010-02-19 07:31 . 2003-05-30 08:00 1962496 c:\windows\LastGood\System32\DLLCache\quartz.dll + 2010-02-19 07:31 . 2002-12-11 23:14 1798144 c:\windows\LastGood\System32\DLLCache\qedit.dll + 2010-02-19 07:31 . 2004-07-09 03:26 1230336 c:\windows\LastGood\System32\DLLCache\msvidctl.dll + 2010-02-19 07:31 . 2003-05-30 08:00 1189888 c:\windows\LastGood\System32\DLLCache\dx8vb.dll + 2010-02-19 07:31 . 2002-12-11 23:14 1294336 c:\windows\LastGood\System32\DLLCache\dsound3d.dll + 2010-02-19 07:31 . 2004-07-09 03:27 1201152 c:\windows\LastGood\System32\DLLCache\d3d8.dll + 2010-02-19 07:31 . 2004-07-09 03:27 1703936 c:\windows\LastGood\System32\d3d9.dll + 2010-02-19 07:31 . 2004-07-09 03:27 1201152 c:\windows\LastGood\System32\d3d8.dll + 2010-02-19 07:27 . 2007-09-14 13:35 1592832 c:\windows\LastGood\System32\ativvaxx.dll + 2010-02-19 07:27 . 2007-09-14 13:34 3107788 c:\windows\LastGood\System32\ativvaxx.dat + 2010-02-19 07:27 . 2007-09-14 13:34 3107788 c:\windows\LastGood\System32\ativva5x.dat + 2010-02-19 07:27 . 2007-09-14 13:50 9854976 c:\windows\LastGood\System32\atioglx2.dll + 2010-02-19 07:27 . 2007-09-14 13:46 3130176 c:\windows\LastGood\System32\ati3duag.dll + 2010-02-19 07:31 . 2004-07-09 03:26 1230336 c:\windows\LastGood\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msvidctl.dll + 2010-02-19 07:32 . 2003-05-30 08:00 1962496 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\quartz.dll + 2010-02-19 07:32 . 2002-12-11 23:14 1798144 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedit.dll + 2010-02-19 07:32 . 2003-05-30 08:00 1189888 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx8vb.dll + 2010-02-19 07:32 . 2002-12-11 23:14 1294336 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound3d.dll + 2010-02-19 07:32 . 2004-07-09 03:27 1201152 c:\windows\LastGood\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll + 2010-02-19 07:54 . 2010-02-19 07:54 1597440 c:\windows\Installer\edb72.msi . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] 2010-02-13 12:53 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-13 2349080] [HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-13 2349080] [HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-21 149280] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-30 13312] c:\documents and settings\vic\Menu D‚marrer\Programmes\D‚marrage\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "5288:TCP"= 5288:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "3522:TCP"= 3522:TCP:Services "7599:TCP"= 7599:TCP:Services "6833:TCP"= 6833:TCP:Services R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [18/02/2010 01:44 22360] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [18/02/2010 01:44 45416] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [30/12/2009 02:43 1858144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/02/2010 01:44 108289] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056] . Contenu du dossier 'Tâches planifiées' 2010-02-18 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-12-30 22:01] . . ------- Examen supplémentaire ------- . IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\victor giret\Application Data\Mozilla\Firefox\Profiles\95s69elm.default\ FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-19 10:07 Windows 5.1.2600 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81D30050]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf85aaaac \Driver\ACPI -> ACPI.sys @ 0xf84ef740 \Driver\atapi -> 0x81d30050 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x80559f4b ParseProcedure -> ntoskrnl.exe @ 0x805829d5 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x80559f4b ParseProcedure -> ntoskrnl.exe @ 0x805829d5 NDIS: Carte Fast Ethernet compatible VIA -> SendCompleteHandler -> 0x816ce330 PacketIndicateHandler -> NDIS.sys @ 0xf83fb480 SendHandler -> NDIS.sys @ 0xf83dc933 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 0x012A18AC1 malicious code @ sector 0x012A18AC4 ! PE file found in sector at 0x012A18ADA ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(692) c:\windows\System32\ODBC32.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(764) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(976) c:\windows\System32\msi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\SOUNDMAN.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\imapi.exe . ************************************************************************** . Heure de fin: 2010-02-19 10:10:41 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-19 09:10 ComboFix2.txt 2010-02-19 06:44 Avant-CF: 69 913 812 992 octets libres Après-CF: 69 885 480 960 octets libres - - End Of File - - 6460BEB6697A5399764475CB5507F311
- le 19 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

je suis vraiment desolé d'être un boulet mais je ne sais pas comment faire quand tu me dis "Copie les 3 fichiers à la racine de ton disque dur (dans c:\ )." merci encore pour ta patience
- le 19 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a répondu à un(e) sujet de oldwolf1984 dans Analyses et éradication malwares

tout d'abord merci de prendre du temps pour mon cas. Lorsque j'essaye d'écraser les anciens fichiers pour les remplacer par ceux du zip, windows m'ouvre une boite de dialogue appelé "protection de fichiers windows" ou il me dit que pour maintenir la stabilité du système, il doit restaurer la version originale des fichiers et me demande donc d'inserer mon cd windows XP. Est ce que je dois le faire ?
- le 19 février 2010
- 143 réponses
TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

oldwolf1984 a posté un sujet dans Analyses et éradication malwares

Bonjour à tous et par avance merci de votre patience Voila, je vous expose mon problème : lors du dernier scan que j'ai effectué sur mon pc, mon anti-virus (avira) a detecté un virus dont j'ai mis le nom dans le titre de mon post. Etant completement novice en matière informatique, j'ai fais la grosse erreur d'essayer de le tuer tout seul. J'ai donc telecharger combofix, je m'en suis servi (sans problèmes apparents) et c'est en essayant d'analyser les résultats de son "log" que je suis tombé sur une page internet qui conseillait fortement de n'utiliser combofix qu'avec l'aide d'un expert. Donc en esperant que je n'ai pas fais trop de betises, je requiert l'aide d'un expert afin d'analyser le rapport. Merci encore, ci-joint le log de combofix : ComboFix 10-02-18.07 - victor giret 19/02/2010 7:34.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.1.1252.33.1036.18.511.311 [GMT 1:00] Lancé depuis: c:\documents and settings\victor giret\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\vic\Local Settings\Temporary Internet Files\3xAbb.jpg c:\documents and settings\vic\Local Settings\Temporary Internet Files\5NAk0nm6.jpg c:\documents and settings\vic\Local Settings\Temporary Internet Files\bMmb343y.jpg c:\documents and settings\vic\Local Settings\Temporary Internet Files\nyNmPA.jpg c:\windows\system32\qmgr.dll . . . est infecté!! . original MBR restored successfully ! . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-19 au 2010-02-19 )))))))))))))))))))))))))))))))))))) . 2010-02-18 09:21 . 2010-02-19 06:24 -------- d-----w- c:\documents and settings\HelpAssistant 2010-02-18 09:21 . 2010-02-18 09:21 -------- d-----w- c:\documents and settings\HelpAssistant\Favoris 2010-02-18 09:21 . 2010-02-18 09:21 -------- d-----w- c:\documents and settings\HelpAssistant\Bureau 2010-02-18 09:21 . 2009-12-27 23:26 -------- d--h--w- c:\documents and settings\HelpAssistant\Modèles 2010-02-18 09:21 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage réseau 2010-02-18 09:21 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\HelpAssistant\Voisinage d'impression 2010-02-18 09:21 . 2009-12-27 22:29 -------- d-----w- c:\documents and settings\HelpAssistant\Mes documents 2010-02-18 09:21 . 2009-12-27 22:29 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Démarrer 2010-02-18 07:32 . 2010-02-18 07:32 -------- d-----w- c:\windows\Sun 2010-02-18 07:32 . 2010-02-18 07:32 45568 ----a-w- C:\kat9s1.dll 2010-02-18 06:54 . 2010-02-18 06:54 -------- d-----w- C:\Mes Pilotes 2010-02-18 06:50 . 2010-02-18 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\inf 2010-02-18 06:50 . 2010-02-18 06:50 -------- d-----w- c:\program files\My Drivers 2010-02-18 06:38 . 2010-02-18 06:38 -------- d-----w- c:\program files\ATI 2010-02-18 06:37 . 2010-02-18 06:37 -------- d-----w- C:\ATI 2010-02-18 06:24 . 2010-02-18 06:24 -------- d-----w- c:\program files\ma-config.com 2010-02-18 06:24 . 2010-02-18 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2010-02-18 03:43 . 2010-02-18 03:43 -------- d--h--w- c:\documents and settings\victor giret\InstallAnywhere 2010-02-18 03:39 . 2010-02-18 03:42 -------- d-----w- c:\documents and settings\victor giret\Application Data\Sports Interactive 2010-02-18 02:23 . 2010-02-18 02:23 -------- d-----w- C:\rsit 2010-02-18 02:06 . 2010-02-18 02:06 -------- d-----w- c:\program files\Trend Micro 2010-02-18 01:53 . 2010-02-18 01:53 -------- d-----w- c:\documents and settings\victor giret\Application Data\IObit 2010-02-18 00:55 . 2010-02-18 00:55 9158 ----a-r- c:\documents and settings\victor giret\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2010-02-18 00:54 . 2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe 2010-02-18 00:54 . 2002-08-29 02:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll 2010-02-18 00:54 . 2004-07-09 03:27 381952 -c--a-w- c:\windows\system32\dllcache\dsound.dll 2010-02-18 00:54 . 2004-07-09 03:27 292864 -c--a-w- c:\windows\system32\dllcache\ddraw.dll 2010-02-18 00:54 . 2004-07-09 03:27 230400 -c--a-w- c:\windows\system32\dllcache\dplayx.dll 2010-02-18 00:51 . 2007-09-14 13:57 307200 ----a-r- c:\windows\system32\atiiiexx.dll 2010-02-18 00:51 . 2007-09-14 14:06 356352 ----a-r- c:\windows\system32\ATIDEMGX.dll 2010-02-18 00:51 . 2007-09-14 13:34 972072 ----a-r- c:\windows\system32\ativva6x.dat 2010-02-18 00:51 . 2007-09-14 13:34 3107788 ----a-r- c:\windows\system32\ativva5x.dat 2010-02-18 00:51 . 2007-09-14 13:34 3107788 ----a-r- c:\windows\system32\ativvaxx.dat 2010-02-18 00:51 . 2007-08-14 09:11 156671 ----a-r- c:\windows\system32\atiicdxx.dat 2010-02-18 00:44 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-18 00:44 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-02-18 00:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\program files\Avira 2010-02-18 00:44 . 2010-02-18 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-02-18 00:41 . 2010-02-18 00:41 12328 ----a-w- c:\documents and settings\victor giret\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\Conduit 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Local Settings\Application Data\IObitCom 2010-02-18 00:40 . 2009-12-27 23:26 -------- d--h--w- c:\documents and settings\victor giret\Modèles 2010-02-18 00:40 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\victor giret\Voisinage réseau 2010-02-18 00:40 . 2009-12-27 22:29 -------- d--h--w- c:\documents and settings\victor giret\Voisinage d'impression 2010-02-18 00:40 . 2009-12-27 22:29 -------- d-----r- c:\documents and settings\victor giret\Menu Démarrer 2010-02-18 00:32 . 2010-02-18 00:55 -------- d-----w- c:\windows\LastGood.Tmp 2010-02-18 00:23 . 2002-08-30 12:00 5120 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll 2010-02-18 00:22 . 2002-08-30 12:00 99328 -c--a-w- c:\windows\system32\dllcache\imekrcic.dll 2010-02-18 00:20 . 2002-08-30 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wabimp.dll 2010-02-18 00:19 . 2002-08-30 12:00 9728 -c--a-w- c:\windows\system32\dllcache\xolehlp.dll 2010-02-18 00:12 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys 2010-02-18 00:10 . 2002-08-30 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-02-18 00:10 . 2002-08-30 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-02-18 00:10 . 2002-08-30 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-02-18 00:10 . 2002-08-30 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-02-16 23:50 . 2010-02-16 23:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-16 16:47 . 2010-02-16 16:47 119808 -c--a-w- c:\windows\system32\dllcache\winmine.exe 2010-02-16 16:47 . 2010-02-16 16:47 119808 ----a-w- c:\windows\system32\winmine.exe 2010-02-05 17:25 . 2010-02-05 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-01-23 04:27 . 2009-10-06 17:32 327168 ----a-w- c:\windows\system32\cutil32.dll 2010-01-23 04:27 . 2009-08-03 19:25 285696 ----a-w- c:\windows\system32\cudart.dll 2010-01-23 04:27 . 2010-01-23 04:27 -------- d-----w- c:\program files\CPUID 2010-01-23 04:23 . 2010-01-23 04:23 -------- d-----w- c:\program files\ESET 2010-01-23 04:10 . 2010-02-13 13:28 -------- d-----w- c:\documents and settings\vic\Local Settings\Application Data\IObitCom 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\program files\Conduit 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\documents and settings\vic\Local Settings\Application Data\Conduit 2010-01-23 04:10 . 2010-02-13 12:53 -------- d-----w- c:\program files\IObitCom 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\documents and settings\vic\Application Data\IObit 2010-01-23 04:10 . 2010-01-23 04:10 -------- d-----w- c:\program files\IObit 2010-01-23 04:10 . 2009-11-04 15:49 635664 ----a-w- c:\documents and settings\vic\Application Data\IObit\Common\TB_Helper.exe 2010-01-23 03:14 . 2010-01-23 03:14 -------- d-----w- c:\windows\system32\bits 2010-01-23 03:11 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe 2010-01-23 03:11 . 2010-01-23 03:26 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-23 02:58 . 2010-01-23 02:58 -------- d-----w- c:\program files\Windows Live Safety Center 2010-01-23 02:24 . 2010-01-23 02:30 -------- d-----w- c:\program files\inKline Global 2010-01-21 22:36 . 2006-08-01 14:02 49152 ----a-w- c:\windows\system32\ChCfg.exe 2010-01-21 22:36 . 2008-09-24 09:40 4122368 ----a-r- c:\windows\system32\drivers\alcxwdm.sys 2010-01-21 22:36 . 2010-01-21 22:36 -------- d-----w- c:\program files\Realtek AC97 2010-01-21 22:36 . 2006-12-08 14:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe 2010-01-21 22:36 . 2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe 2010-01-21 22:36 . 2006-10-18 01:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll 2010-01-21 22:36 . 2006-07-31 10:27 217088 ----a-w- c:\windows\Alcrmv.exe 2010-01-21 22:36 . 2006-07-31 10:19 315392 ----a-w- c:\windows\alcupd.exe 2010-01-21 22:20 . 2004-07-01 22:08 7680 ----a-w- c:\windows\system32\bitsprx2.dll 2010-01-21 22:20 . 2004-07-01 22:08 7168 ----a-w- c:\windows\system32\bitsprx3.dll 2010-01-21 22:16 . 2009-08-06 18:24 327896 ----a-w- c:\windows\system32\wucltui.dll 2010-01-21 22:16 . 2009-08-06 18:24 209632 ----a-w- c:\windows\system32\wuweb.dll 2010-01-21 22:16 . 2009-08-06 18:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-01-21 22:16 . 2009-08-06 18:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-01-21 22:16 . 2004-08-03 13:00 187160 ----a-w- c:\windows\system32\wuaueng1.dll 2010-01-21 22:16 . 2004-08-03 12:59 170776 ----a-w- c:\windows\system32\wuauclt1.exe 2010-01-21 21:57 . 2010-01-21 21:57 -------- d-----w- c:\documents and settings\vic\Application Data\Uniblue 2010-01-21 15:55 . 2010-01-21 15:55 -------- d-----w- c:\program files\Lavalys 2010-01-21 15:01 . 2010-01-21 15:01 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-21 15:01 . 2010-01-21 15:01 -------- d-----w- c:\program files\Java 2010-01-21 15:01 . 2010-01-21 15:01 152576 ----a-w- c:\documents and settings\vic\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2010-01-21 15:00 . 2010-01-21 15:01 -------- d-----w- c:\program files\LimeWire 2010-01-21 03:03 . 2010-02-18 08:03 -------- d-----w- c:\program files\Webtarot . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-19 06:41 . 2002-08-30 12:00 458230 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-19 06:41 . 2002-08-30 12:00 71248 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-18 06:48 . 2009-12-28 18:23 -------- d-----w- c:\program files\Steam 2010-02-18 00:41 . 2010-02-18 00:41 -------- d-----w- c:\documents and settings\victor giret\Application Data\ATI 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\RPJJJDB1.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\3LJFHVZZ.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\OGGIBJ13.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\MR5RPRBR.DAT 2010-02-18 00:21 . 2010-02-18 00:21 2678 ----a-w- c:\windows\java\Packages\Data\8ZLF9JTJ.DAT 2010-02-18 00:20 . 2009-12-27 23:26 23660 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-18 00:01 . 2010-01-21 15:02 -------- d-----w- c:\documents and settings\vic\Application Data\LimeWire 2010-02-16 23:15 . 2009-12-28 00:18 -------- d-----w- c:\program files\Alwil Software 2010-02-16 16:40 . 2009-12-30 01:43 -------- d-----w- c:\program files\a-squared Free 2010-01-23 02:52 . 2009-12-28 03:17 -------- d-----w- c:\documents and settings\vic\Application Data\vlc 2010-01-23 02:40 . 2009-12-27 23:26 -------- d-----w- c:\program files\Services en ligne 2010-01-23 02:32 . 2009-12-30 01:32 -------- d-----w- c:\program files\Glary Utilities 2010-01-23 02:30 . 2009-12-28 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-21 22:42 . 2009-12-30 01:33 -------- d-----w- c:\documents and settings\vic\Application Data\GlarySoft 2009-12-28 19:52 . 2009-12-28 19:49 -------- d-----w- c:\program files\Microsoft DirectX SDK (November 2008) 2009-12-28 19:48 . 2009-12-28 19:48 119120 ----a-w- c:\windows\dxsdkuninst.exe 2009-12-28 18:39 . 2009-12-28 18:39 -------- d-----w- c:\documents and settings\vic\Application Data\Sports Interactive 2009-12-28 18:38 . 2009-12-28 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive 2009-12-28 18:23 . 2009-12-28 18:22 -------- d--h--w- c:\program files\Zero G Registry 2009-12-28 18:22 . 2009-12-28 18:22 -------- d-----w- c:\program files\Sports Interactive 2009-12-28 18:19 . 2009-12-28 18:19 12328 ----a-w- c:\documents and settings\vic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-28 18:18 . 2009-12-28 18:18 -------- d-----w- c:\documents and settings\vic\Application Data\ATI 2009-12-28 18:18 . 2009-12-28 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-12-28 18:18 . 2009-12-28 18:18 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-28 18:15 . 2009-12-28 18:07 -------- d-----w- c:\program files\ATI Technologies 2009-12-28 18:13 . 2009-12-28 18:06 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-12-28 18:12 . 2009-12-28 18:12 9158 ----a-r- c:\documents and settings\vic\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2009-12-28 18:12 . 2009-12-28 18:12 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies 2009-12-28 03:31 . 2009-12-28 03:30 -------- d-----w- c:\documents and settings\vic\Application Data\dvdcss 2009-12-28 03:16 . 2009-12-28 03:16 -------- d-----w- c:\program files\VideoLAN 2009-12-27 23:29 . 2009-12-27 23:29 -------- d-----w- c:\program files\microsoft frontpage 2009-12-27 23:29 . 2009-12-27 23:29 558142 ----a-w- c:\windows\java\Packages\NJJFDFZF.ZIP 2009-12-27 23:29 . 2009-12-27 23:29 155995 ----a-w- c:\windows\java\Packages\Y0O1Z9VR.ZIP 2009-12-27 23:28 . 2009-12-27 23:28 70691 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat . ------- Sigcheck ------- [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wscntfy.exe [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\xmlprov.dll c:\windows\System32\wscntfy.exe ... manque !! c:\windows\System32\xmlprov.dll ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] 2010-02-13 12:53 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-13 2349080] [HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-13 2349080] [HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-21 149280] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-30 13312] c:\documents and settings\vic\Menu D‚marrer\Programmes\D‚marrage\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "5288:TCP"= 5288:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "3522:TCP"= 3522:TCP:Services R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [18/02/2010 01:44 22360] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [18/02/2010 01:44 45416] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [30/12/2009 02:43 1858144] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [18/02/2010 01:44 108289] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056] . Contenu du dossier 'Tâches planifiées' 2010-02-18 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-12-30 22:01] . . ------- Examen supplémentaire ------- . IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-19 07:41 Windows 5.1.2600 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81EB2478]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf85aaaac \Driver\ACPI -> ACPI.sys @ 0xf84ef740 \Driver\atapi -> 0x81eb2478 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x80559f4b ParseProcedure -> ntoskrnl.exe @ 0x805829d5 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x80559f4b ParseProcedure -> ntoskrnl.exe @ 0x805829d5 NDIS: Carte Fast Ethernet compatible VIA -> SendCompleteHandler -> 0x816b8330 PacketIndicateHandler -> NDIS.sys @ 0xf83fb480 SendHandler -> NDIS.sys @ 0xf83dc933 Warning: possible MBR rootkit infection ! copy of MBR has been found in sector 0x012A18AC1 malicious code @ sector 0x012A18AC4 ! PE file found in sector at 0x012A18ADA ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(688) c:\windows\System32\ODBC32.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(756) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(3964) c:\windows\System32\msi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\windows\SOUNDMAN.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Heure de fin: 2010-02-19 07:44:52 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-19 06:44 Avant-CF: 70 142 668 800 octets libres Après-CF: 70 545 948 672 octets libres - - End Of File - - C5872C5DCFAE614668AA4E09481AB341
- le 19 février 2010
- 143 réponses

Connexion

oldwolf1984

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par oldwolf1984

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

TR/Rootkit.Gen detecté sur mon ordi [RESOLU]

Zebulon

Outils en ligne

Naviguer