Rapport combofix et rootkit
Forum Sécurité - Virus : Rapport combofix et rootkit
Bonjour je viens de réaliser une analyse avec combofix,
j'avais un rootkit,
Est ce que quelqu'un pourrait me faire une analyse pour voir si je dois encore faire quelque chose ?
un grand grand merci d'avance,
voici le rapport :
ComboFix 09-01-08.03 - Pierrick Zyla 2009-01-09 10:22:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1534.1183 [GMT 1:00]
Lancé depuis: c:\documents and settings\Pierrick Zyla\Bureau\Bibitte.exe
Commutateurs utilisés :: c:\documents and settings\Pierrick Zyla\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\100593.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\100640.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\101531.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\104625.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\123890.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\126546.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\128156.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\128984.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\152750.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\159671.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\160000.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\210312.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\216203.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\216296.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\250203.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\254328.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\254359.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\263921.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\264750.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\266031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\323953.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\324859.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\325046.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\335562.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\336218.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\336250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\350890.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\353859.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\354515.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\355453.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\356453.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\356484.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\357156.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\365937.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\369406.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\374062.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\379859.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\381062.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\381625.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\382656.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\382687.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\387828.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\389000.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\417875.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\419843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\420375.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\437015.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\437765.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\438421.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\465843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\471468.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\476578.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\477828.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\481156.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\481234.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\490546.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\500765.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\536250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\567906.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\573812.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\579734.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\583031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\586250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\594031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\599031.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\599328.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\662984.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\665093.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\665281.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\677578.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\678359.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\678421.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\683421.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\684890.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\685250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\718843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\720593.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\720671.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\742171.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\743843.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\744750.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\745968.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\751281.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\753734.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\755671.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\758296.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\759109.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\760265.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\765078.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\765812.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\812625.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\818546.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\819218.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\85312.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\895171.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\90390.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\931109.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\934250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\934656.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\94187.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\downld\94250.exe
c:\documents and settings\Pierrick Zyla\Application Data\drivers\srosa.sys
c:\documents and settings\Pierrick Zyla\Application Data\drivers\srosa2.sys
c:\documents and settings\Pierrick Zyla\Application Data\drivers\winupgro.exe
c:\documents and settings\Pierrick Zyla\Application Data\m
c:\documents and settings\Pierrick Zyla\Application Data\m\data.oct
c:\documents and settings\Pierrick Zyla\Application Data\m\flec006.exe
c:\documents and settings\Pierrick Zyla\Application Data\m\list.oct
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\000-639 - Rational Unified Process Practice Exam Questions 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\2_Panda.Platinum.Internet.Security.2006.Keygen.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\4Neurons Magnifying Glass 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\99 Bottles of Beer Screensaver 3.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\A Christmas Tree Screensaver 4.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\AAA Photo Album 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Abhibhavak Organizer 3.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Accents 2003.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Active Paint Application 1.42.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Adobe Premiere Pro CS3.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Adsense Analyzer 0.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Advanced Batch PDF Page Extractor 1.6.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Advanced CheckSum Verifier 1.5.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Alternative RSS Icons.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Any Currency Converter 4.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ApecSoft Audio Stripper 1.20 build 108.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\AVG.+.Ad.Aware.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Avi Divx Wmv Real Mp3 Media Fixer Pro 9.09.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\AVI2VCD 1.4.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\bNetSoul 0.9.6 Beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Borderline Address Book 2.9.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ByteGuardian 1.0.0.12.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CFX Ethereal 2.7.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CL Desktop 0.40.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Clé.Key.Kaspersky.6.Testé.Ok.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Class Generator 1.00.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Clavier+ 10.6.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Clock Tower 3D Screensaver 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CollegeRecruiter Job Search 1.0.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ComBOTS 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Cool Resizer 2008.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\CS Auto Backup 5.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Daily Note Book 5.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Daneismos Lite 1.2.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DBExport 4.93.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DBISAM Script Wizard 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\defontPIXEL 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Descartes 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DisKat Prototype.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Double Pendulum Rev 2.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DownWebPics 3.71.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DraftSurvey Lt 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\DWG to Image Converter 2006 2.00.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Eat Me 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\EndNote X 10.0 build 2114.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ExposurePlot 1.13.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Fantasy Sounds Add-on For MorphVOX 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Fapp 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Fishy Rainbows Screensaver 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Flash Memory Toolkit 1.00.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Flash MP3 Player 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Foretype 1.5.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Framy Car 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Free Disk Space 2.01c.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\GALHider 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Geovid DVD Copy 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\GermaniXRipper 1.00.407.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Gillian Anderson Screensaver2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Glazkrak.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Home Kittys 1 Screensaver.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Horizontal Smoother 0.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\HTML2PDF Add-on 3.9.60.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\idFramer 2.1.1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Inactive Tabs Closer 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Interactive Dali Screensaver 1.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ISPs Nightmare 3.2.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Jack The Knife 12.0.0 Reloaded.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Junk Files Cleaner 5.3.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Kamchatka Button 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Korean Directory 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Magical Jelly Bean SHN Shortener 1.03.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Maxpatrol 7.01401.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MB Free Zodiac Energy Sign 1.10.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition Service Pack 3.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MooSFV 1.84.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MotionView! 7.1.12.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MPEG4 Direct Maker 6.2.0 Build 212.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\My Collectibles 3.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\MyClipboard 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Neuratron AudioScore Professional 3.1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\nod32_2.12.4_ITA_no.pass.zero.giorni.trial.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\NSX News Widget 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Oracle Locator Express 1.1.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Password generator 1.0 beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\PC Invoice Service Edition 2.21.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Penis Size-O-Matic 1.1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Print Pictures Your Way 2006.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Printsheets 3.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\PrintView 1.5.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Process Blocker 0.4.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Public PC Desktop 6.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\QTranslator 2006.10.25.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\RapidShop Free Shopping Cart & ECommerce 4.3.6.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Rock.Your.Mobile.MessageTones.v1.00.S60v3.SymbianOS9.1.Unsigned.Cracked-BiNPDA.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\RSP Multi-Media Encoder 1.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\RunScanner 1.7.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ServerObserver Network Monitor 5.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SFX Tool 1.01.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Sheetmusicdirect.com 1.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Shutdown Counter 2.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SideShow 1.0.9.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Simple DirectMedia Layer 1.2.13.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SimpleEye 1.4.0.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SmartSync 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Sophos.Anti-virus.5.x.keygen.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\SQLite Data Wizard 8.4.0.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Starfield-3D Screensaver 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Symantec_1_.Norton.Ghost.v11.0.0.1502.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Tactile12000 2.1.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Tenebril Uninstaller 1.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\The 2008 Political News & Media Ticker 2.2.12 Beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\The Ultimate Guitar Ear Trainer 1.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\TimeUntil Screensaver Maker Personal 2.0.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\TitleWriter 4.72.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\uppix right-click 0.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\utility - AVG Antivirus Pro v7.0.206+keygen.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\WallpaperMobile 3.1.1 Beta.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\WinAlarm 2.2.2.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Windows Desktop Search
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\Windows Media Player with 3Dconnexion Controls 0.1 Alpha.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\WWSaver32 4.03.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\shared\ZylVSS 2.16.zip
c:\documents and settings\Pierrick Zyla\Application Data\m\srvlist.oct
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\windows\dat.txt
c:\windows\Downloaded Program Files\setup.inf
c:\windows\emMON.exe
c:\windows\rs.txt
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\tmp75.tmp
c:\windows\system32\tmp76.tmp
c:\windows\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-09 au 2009-01-09 ))))))))))))))))))))))))))))))))))))
.
2009-01-08 21:50 . 2009-01-08 21:58 <REP> d-------- c:\windows\BDOSCAN8
2009-01-08 20:22 . 2009-01-09 09:05 <REP> d-------- c:\documents and settings\Pierrick Zyla\.housecall6.6
2009-01-08 17:55 . 2009-01-09 10:25 <REP> d--h----- c:\documents and settings\Pierrick Zyla\Application Data\drivers
2009-01-08 17:39 . 2009-01-08 17:39 <REP> d-------- c:\documents and settings\Pierrick Zyla\Application Data\AVS4YOU
2009-01-08 17:39 . 2009-01-08 17:39 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-08 17:38 . 2009-01-08 17:38 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
2009-01-08 17:38 . 2009-01-08 17:38 <REP> d-------- c:\program files\AVSVideoEditor4
2009-01-08 17:38 . 2009-01-08 17:38 <REP> d-------- c:\program files\AVS4YOU
2008-12-22 17:05 . 2008-12-25 12:48 <REP> d-------- c:\program files\adslTV
2008-12-21 10:00 . 2009-01-08 17:30 <REP> d-------- c:\documents and settings\Pierrick Zyla\Tracing
2008-12-21 09:59 . 2008-12-21 09:59 <REP> d-------- c:\program files\Microsoft
2008-12-21 09:58 . 2008-12-21 09:58 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-21 09:49 . 2008-12-21 09:49 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-11 19:38 . 2008-12-11 22:22 1,393 --a------ c:\windows\imsins.BAK
2008-12-09 21:07 . 2008-12-09 21:07 <REP> d-------- c:\documents and settings\Pierrick Zyla\Application Data\Todae
2008-12-09 17:43 . 2008-12-09 20:49 <REP> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-09 17:24 . 2008-12-22 19:01 <REP> d-------- c:\program files\QuickTime
2008-12-09 17:24 . 2008-12-09 17:24 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-12-09 17:24 . 2008-12-09 17:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 21:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-08 16:45 --------- d-----w c:\program files\eMule
2009-01-02 14:07 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\Skype
2009-01-02 14:03 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\skypePM
2008-12-25 11:47 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\vlc
2008-12-21 09:01 --------- d-----w c:\program files\Windows Live
2008-12-11 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 16:28 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\dvdcss
2008-12-09 16:24 --------- d-----w c:\program files\Apple Software Update
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 08:45 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-12-03 20:15 --------- d-----w c:\program files\Avira
2008-12-03 19:49 --------- d-----w c:\program files\Spyware Doctor
2008-12-03 17:31 --------- d-----w c:\program files\Linksys
2008-12-03 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Avira(2)
2008-12-03 13:56 --------- d-----w c:\documents and settings\Pierrick Zyla\Application Data\Auslogics
2008-12-03 13:55 --------- d-----w c:\program files\Auslogics
2008-12-01 17:08 --------- d-----w c:\program files\Activision
2008-11-24 17:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 18:59 --------- d-----w c:\program files\Skype
2008-11-16 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-16 18:58 --------- d-----w c:\program files\Fichiers communs\Skype
2008-11-16 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-16 14:33 --------- d-----w c:\program files\OpenAL
2008-11-12 17:31 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-12 16:43 --------- d--h--w c:\program files\Zero G Registry
2008-11-12 16:43 --------- d-----w c:\program files\Sports Interactive
2008-11-11 18:58 21,035 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-11 12:46 94,208 ----a-w c:\windows\UITabCtrl.dll
2008-11-11 12:46 20,480 ----a-w c:\windows\RegActiveX.exe
2008-11-11 12:46 139,264 ----a-w c:\windows\UIButton.dll
2008-11-11 12:46 126,976 ----a-w c:\windows\UIListCtrl.dll
2008-11-11 12:46 1,700,352 ----a-w c:\windows\GdiPlus.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-28 675840]
"TFncKy"="c:\program files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe" [2005-05-17 184320]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-03-08 24576]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"Adobe_ID0EYTHM"="c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 970752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-09 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-04-20 c:\windows\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-01-21 c:\windows\system32\TPSMain.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-04-16 10:24 819200 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
--a------ 2005-04-22 10:54 962560 c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2004-08-20 11:28 45056 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Program Files\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDvrUp_date.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"39554:TCP"= 39554:TCP:emuletcp
"11335:UDP"= 11335:UDP:emuleudp
R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [2007-03-25 25344]
R3 WPC300Nv2;Linksys Wireless-N Notebook Adapter WPC300Nv2 Service;c:\windows\system32\drivers\WPC300Nv2.sys [2008-11-11 1297824]
R4 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2008-11-11 106496]
R4 WPC300NSvc;WPC300NSvc;c:\program files\Linksys\WPC300N\WLService.exe [2008-11-11 53307]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys --> c:\windows\system32\Drivers\CBPMp50.sys [?]
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [2008-11-11 27072]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-08-31 356920]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f63f64-eea1-11dc-9771-0018391740ce}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f63f67-eea1-11dc-9771-0018391740ce}]
\Shell\Auto\command - F:\Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f63f68-eea1-11dc-9771-0018391740ce}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c430b9b0-7250-11dc-9685-00166f6301e8}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea8ade6c-e6c5-11dc-975d-00166f6301e8}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
.
Contenu du dossier 'Tâches planifiées'
2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-08 c:\windows\Tasks\User_Feed_Synchronization-{A9968EF5-6E61-405A-A661-170359F81DDF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
Notify-avldr - avldr.dll
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file:///C
WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/tvants1/win32/cab/tvants.cab
c:\windows\Downloaded Program Files\SETUP.INF
c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_10.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 10:30:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Linksys\WPC300N\WPC300N.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Heure de fin: 2009-01-09 10:36:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-09 09:36:21
Avant-CF: 37,458,509,824 octets libres
AprÞs-CF: 37,510,287,360 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
487 --- E O F --- 2008-12-18 21:26:51
