Votre question

Rapport combofix et rootkit

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Janvier 2009 10:55:25

Bonjour je viens de réaliser une analyse avec combofix,
j'avais un rootkit,
Est ce que quelqu'un pourrait me faire une analyse pour voir si je dois encore faire quelque chose ?
un grand grand merci d'avance,
voici le rapport :
ComboFix 09-01-08.03 - Pierrick Zyla 2009-01-09 10:22:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1534.1183 [GMT 1:00]
Lancé depuis: c:\documents and settings\Pierrick Zyla\Bureau\Bibitte.exe
Commutateurs utilisés :: c:\documents and settings\Pierrick Zyla\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\100593.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\100640.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\101531.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\104625.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\123890.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\126546.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\128156.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\128984.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\152750.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\159671.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\160000.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\210312.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\216203.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\216296.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\250203.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\254328.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\254359.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\263921.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\264750.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\266031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\323953.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\324859.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\325046.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\335562.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\336218.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\336250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\350890.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\353859.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\354515.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\355453.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\356453.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\356484.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\357156.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\365937.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\369406.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\374062.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\379859.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\381062.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\381625.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\382656.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\382687.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\387828.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\389000.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\417875.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\419843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\420375.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\437015.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\437765.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\438421.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\465843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\471468.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\476578.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\477828.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\481156.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\481234.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\490546.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\500765.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\536250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\567906.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\573812.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\579734.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\583031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\586250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\594031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\599031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\599328.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\662984.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\665093.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\665281.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\677578.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\678359.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\678421.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\683421.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\684890.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\685250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\718843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\720593.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\720671.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\742171.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\743843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\744750.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\745968.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\751281.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\753734.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\755671.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\758296.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\759109.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\760265.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\765078.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\765812.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\812625.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\818546.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\819218.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\85312.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\895171.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\90390.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\931109.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\934250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\934656.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\94187.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\94250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\srosa.sys
c:\documents and settings\Pierrick Zyla\Application Data\drivers\srosa2.sys
c:\documents and settings\Pierrick Zyla\Application Data\drivers\winupgro.exe
c:\documents and settings\Pierrick Zyla\Application Data\m
c:\documents and settings\Pierrick Zyla\Application Data\m\data.oct
c:\documents and settings\Pierrick Zyla\Application Data\m\flec006.exe
c:\documents and settings\Pierrick Zyla\Application Data\m\list.oct
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\000-639 - Rational Unified Process Practice Exam Questions 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\2_Panda.Platinum.Internet.Security.2006.Keygen.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\4Neurons Magnifying Glass 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\99 Bottles of Beer Screensaver 3.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\A Christmas Tree Screensaver 4.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\AAA Photo Album 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Abhibhavak Organizer 3.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Accents 2003.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Active Paint Application 1.42.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Adobe Premiere Pro CS3.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Adsense Analyzer 0.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Advanced Batch PDF Page Extractor 1.6.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Advanced CheckSum Verifier 1.5.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Alternative RSS Icons.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Any Currency Converter 4.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ApecSoft Audio Stripper 1.20 build 108.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\AVG.+.Ad.Aware.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Avi Divx Wmv Real Mp3 Media Fixer Pro 9.09.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\AVI2VCD 1.4.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\bNetSoul 0.9.6 Beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Borderline Address Book 2.9.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ByteGuardian 1.0.0.12.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CFX Ethereal 2.7.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CL Desktop 0.40.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Clé.Key.Kaspersky.6.Testé.Ok.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Class Generator 1.00.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Clavier+ 10.6.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Clock Tower 3D Screensaver 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CollegeRecruiter Job Search 1.0.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ComBOTS 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Cool Resizer 2008.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CS Auto Backup 5.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Daily Note Book 5.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Daneismos Lite 1.2.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DBExport 4.93.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DBISAM Script Wizard 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\defontPIXEL 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Descartes 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DisKat Prototype.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Double Pendulum Rev 2.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DownWebPics 3.71.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DraftSurvey Lt 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DWG to Image Converter 2006 2.00.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Eat Me 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\EndNote X 10.0 build 2114.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ExposurePlot 1.13.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Fantasy Sounds Add-on For MorphVOX 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Fapp 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Fishy Rainbows Screensaver 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Flash Memory Toolkit 1.00.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Flash MP3 Player 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Foretype 1.5.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Framy Car 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Free Disk Space 2.01c.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\GALHider 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Geovid DVD Copy 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\GermaniXRipper 1.00.407.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Gillian Anderson Screensaver2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Glazkrak.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Home Kittys 1 Screensaver.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Horizontal Smoother 0.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\HTML2PDF Add-on 3.9.60.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\idFramer 2.1.1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Inactive Tabs Closer 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Interactive Dali Screensaver 1.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ISPs Nightmare 3.2.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Jack The Knife 12.0.0 Reloaded.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Junk Files Cleaner 5.3.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Kamchatka Button 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Korean Directory 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Magical Jelly Bean SHN Shortener 1.03.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Maxpatrol 7.01401.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MB Free Zodiac Energy Sign 1.10.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition Service Pack 3.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MooSFV 1.84.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MotionView! 7.1.12.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MPEG4 Direct Maker 6.2.0 Build 212.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\My Collectibles 3.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MyClipboard 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Neuratron AudioScore Professional 3.1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\nod32_2.12.4_ITA_no.pass.zero.giorni.trial.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\NSX News Widget 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Oracle Locator Express 1.1.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Password generator 1.0 beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\PC Invoice Service Edition 2.21.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Penis Size-O-Matic 1.1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Print Pictures Your Way 2006.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Printsheets 3.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\PrintView 1.5.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Process Blocker 0.4.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Public PC Desktop 6.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\QTranslator 2006.10.25.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\RapidShop Free Shopping Cart & ECommerce 4.3.6.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Rock.Your.Mobile.MessageTones.v1.00.S60v3.SymbianOS9.1.Unsigned.Cracked-BiNPDA.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\RSP Multi-Media Encoder 1.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\RunScanner 1.7.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ServerObserver Network Monitor 5.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SFX Tool 1.01.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Sheetmusicdirect.com 1.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Shutdown Counter 2.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SideShow 1.0.9.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Simple DirectMedia Layer 1.2.13.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SimpleEye 1.4.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SmartSync 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Sophos.Anti-virus.5.x.keygen.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SQLite Data Wizard 8.4.0.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Starfield-3D Screensaver 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Symantec_1_.Norton.Ghost.v11.0.0.1502.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Tactile12000 2.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Tenebril Uninstaller 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\The 2008 Political News & Media Ticker 2.2.12 Beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\The Ultimate Guitar Ear Trainer 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\TimeUntil Screensaver Maker Personal 2.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\TitleWriter 4.72.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\uppix right-click 0.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\utility - AVG Antivirus Pro v7.0.206+keygen.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\WallpaperMobile 3.1.1 Beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\WinAlarm 2.2.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Windows Desktop Search
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Windows Media Player with 3Dconnexion Controls 0.1 Alpha.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\WWSaver32 4.03.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ZylVSS 2.16.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\srvlist.oct
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\windows\dat.txt
c:\windows\Downloaded Program Files\setup.inf
c:\windows\emMON.exe
c:\windows\rs.txt
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\tmp75.tmp
c:\windows\system32\tmp76.tmp
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-09 au 2009-01-09 ))))))))))))))))))))))))))))))))))))
.

2009-01-08 21:50 . 2009-01-08 21:58 <REP> d-------- c:\windows\BDOSCAN8
2009-01-08 20:22 . 2009-01-09 09:05 <REP> d-------- c:\documents and settings\Pierrick Zyla\.housecall6.6
2009-01-08 17:55 . 2009-01-09 10:25 <REP> d--h----- c:\documents and settings\Pierrick Zyla\Application Data\drivers
2009-01-08 17:39 . 2009-01-08 17:39 <REP> d-------- c:\documents and settings\Pierrick Zyla\Application Data\AVS4YOU
2009-01-08 17:39 . 2009-01-08 17:39 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-08 17:38 . 2009-01-08 17:38 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
2009-01-08 17:38 . 2009-01-08 17:38 <REP> d-------- c:\program files\AVSVideoEditor4
2009-01-08 17:38 . 2009-01-08 17:38 <REP> d-------- c:\program files\AVS4YOU
2008-12-22 17:05 . 2008-12-25 12:48 <REP> d-------- c:\program files\adslTV
2008-12-21 10:00 . 2009-01-08 17:30 <REP> d-------- c:\documents and settings\Pierrick Zyla\Tracing
2008-12-21 09:59 . 2008-12-21 09:59 <REP> d-------- c:\program files\Microsoft
2008-12-21 09:58 . 2008-12-21 09:58 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-21 09:49 . 2008-12-21 09:49 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-11 19:38 . 2008-12-11 22:22 1,393 --a------ c:\windows\imsins.BAK
2008-12-09 21:07 . 2008-12-09 21:07 <REP> d-------- c:\documents and settings\Pierrick Zyla\Application Data\Todae
2008-12-09 17:43 . 2008-12-09 20:49 <REP> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-09 17:24 . 2008-12-22 19:01 <REP> d-------- c:\program files\QuickTime
2008-12-09 17:24 . 2008-12-09 17:24 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-12-09 17:24 . 2008-12-09 17:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 21:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-08 16:45 --------- d-----w c:\program files\eMule
2009-01-02 14:07 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\Skype
2009-01-02 14:03 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\skypePM
2008-12-25 11:47 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\vlc
2008-12-21 09:01 --------- d-----w c:\program files\Windows Live
2008-12-11 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 16:28 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\dvdcss
2008-12-09 16:24 --------- d-----w c:\program files\Apple Software Update
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 08:45 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-03 20:15 --------- d-----w c:\program files\Avira
2008-12-03 19:49 --------- d-----w c:\program files\Spyware Doctor
2008-12-03 17:31 --------- d-----w c:\program files\Linksys
2008-12-03 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Avira(2)
2008-12-03 13:56 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\Auslogics
2008-12-03 13:55 --------- d-----w c:\program files\Auslogics
2008-12-01 17:08 --------- d-----w c:\program files\Activision
2008-11-24 17:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 18:59 --------- d-----w c:\program files\Skype
2008-11-16 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-16 18:58 --------- d-----w c:\program files\Fichiers communs\Skype
2008-11-16 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-16 14:33 --------- d-----w c:\program files\OpenAL
2008-11-12 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-12 16:43 --------- d--h--w c:\program files\Zero G Registry
2008-11-12 16:43 --------- d-----w c:\program files\Sports Interactive
2008-11-11 18:58 21,035 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-11 12:46 94,208 ----a-w c:\windows\UITabCtrl.dll
2008-11-11 12:46 20,480 ----a-w c:\windows\RegActiveX.exe
2008-11-11 12:46 139,264 ----a-w c:\windows\UIButton.dll
2008-11-11 12:46 126,976 ----a-w c:\windows\UIListCtrl.dll
2008-11-11 12:46 1,700,352 ----a-w c:\windows\GdiPlus.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"TFncKy"="c:\program files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe" [2005-05-17 184320]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-03-08 24576]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Adobe_ID0EYTHM"="c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 970752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-09 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 c:\windows\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-01-21 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-04-16 10:24 819200 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
--a------ 2005-04-22 10:54 962560 c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2004-08-20 11:28 45056 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDvrUp_date.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"39554:TCP"= 39554:TCP:emuletcp
"11335:UDP"= 11335:UDP:emuleudp

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [2007-03-25 25344]
R3 WPC300Nv2;Linksys Wireless-N Notebook Adapter WPC300Nv2 Service;c:\windows\system32\drivers\WPC300Nv2.sys [2008-11-11 1297824]
R4 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2008-11-11 106496]
R4 WPC300NSvc;WPC300NSvc;c:\program files\Linksys\WPC300N\WLService.exe [2008-11-11 53307]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys --> c:\windows\system32\Drivers\CBPMp50.sys [?]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2008-11-11 27072]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-08-31 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f63f64-eea1-11dc-9771-0018391740ce}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f63f67-eea1-11dc-9771-0018391740ce}]
\Shell\Auto\command - F:\Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f63f68-eea1-11dc-9771-0018391740ce}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c430b9b0-7250-11dc-9685-00166f6301e8}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea8ade6c-e6c5-11dc-975d-00166f6301e8}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
.
Contenu du dossier 'Tâches planifiées'

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-08 c:\windows\Tasks\User_Feed_Synchronization-{A9968EF5-6E61-405A-A661-170359F81DDF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
Notify-avldr - avldr.dll
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
c:\windows\Downloaded Program Files\SETUP.INF

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_10.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 10:30:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Linksys\WPC300N\WPC300N.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Heure de fin: 2009-01-09 10:36:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-09 09:36:21

Avant-CF: 37,458,509,824 octets libres
AprÞs-CF: 37,510,287,360 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

487 --- E O F --- 2008-12-18 21:26:51

Autres pages sur : rapport combofix rootkit

a b 8 Sécurité
9 Janvier 2009 19:11:39

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS