rootkit? Fermé

Question

Bonjour,

Un jour ne sachant plus ouvrir l'icone d' IE, je scan le pc avec Malwarebytes' Anti-Malware mais ce dernier ne trouve rien. Ensuite avec combofix. Celui-ci me dit qu'il doit redémarre car il y a un rootkit. Après redémarrage il fini le scan et jai le rapport. Mais si je relance combofix il veut chaque fois redémarrer pour supprimer un rootkit. J'ai essayé avec Gmer mais la dernière version ne marche pas chez moi, j'ai essayé une précédente version mais rien n'apparait en rouge (à supprimer).

Bizarrement je peux acceder à l'incone d'Ie et le pc ne semble pas vraiment avoir de problème. Y a t il vraiment un rootkit? Combofix déconne - t - il?

Merci de m'aider.

rapport combofix

omboFix 09-11-20.02 - Administrateur 21/11/2009 13:46.35.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1688 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wmcache.nld

Une copie infectée de c:\windows\system32\drivers\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-21 au 2009-11-21 ))))))))))))))))))))))))))))))))))))
.

2009-11-21 12:12 . 2009-11-21 12:17 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Partouche
2009-11-20 16:44 . 2002-08-30 13:00 114688 --sha-r- c:\windows\system32\msvcp6q.dll
2009-11-16 21:29 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-11-16 20:42 . 2009-11-16 20:42 54624 ----a-w- c:\windows\system32\1ac5.sys
2009-11-16 19:48 . 2009-11-16 21:25 -------- d-----w- c:\program files\Sophos
2009-11-16 19:24 . 2009-11-16 19:24 -------- d-----w- C:\rsit
2009-11-16 19:05 . 2003-10-15 08:28 10240 ----a-w- c:\windows\system32\drivers\SiWinAcc.sys
2009-11-16 18:41 . 2009-11-16 18:57 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-16 18:24 . 2009-11-16 18:58 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2009-11-16 17:47 . 2009-11-16 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Grisoft
2009-11-16 17:47 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2009-11-07 15:46 . 2009-11-07 15:46 159744 ----a-w- c:\documents and settings\Administrateur\Application Data\UltimateBet\DownLoad\liveupdate.exe
2009-11-07 15:42 . 2009-11-07 15:55 -------- d-----w- c:\program files\UltimateBet
2009-11-07 15:42 . 2009-11-07 15:45 -------- d-----w- c:\documents and settings\Administrateur\Application Data\UltimateBet
2009-11-07 15:42 . 2009-11-07 15:42 -------- d-----w- c:\program files\_uninstallation_info
2009-11-07 13:19 . 2009-11-07 13:37 -------- d-----w- c:\program files\PartyGaming
2009-11-06 21:26 . 2009-11-06 21:26 -------- d-----w- c:\program files\Ventrilo
2009-10-28 16:59 . 2009-10-28 16:59 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-10-28 16:59 . 2009-10-28 16:59 -------- d-----w- c:\program files\Real
2009-10-28 16:59 . 2009-10-28 16:59 -------- d-----w- c:\program files\Fichiers communs\Real
2009-10-27 16:51 . 2009-10-27 16:51 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 16:49 . 2009-10-27 16:51 38208 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 16:49 . 2009-10-27 16:51 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-10-27 16:47 . 2009-11-04 18:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\P5

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 22:56 . 2008-05-03 10:48 32 -c--a-w- c:\windows\msocreg32.dat
2009-11-20 22:55 . 2006-09-25 13:49 -------- d-----w- c:\program files\mIRC
2009-11-20 22:28 . 2006-09-25 12:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\teamspeak2
2009-11-15 20:50 . 2008-10-19 11:05 -------- d-----w- c:\program files\Full Tilt Poker
2009-11-15 19:51 . 2009-10-17 19:25 -------- d-----w- c:\program files\PokerStars
2009-11-15 19:48 . 2008-07-08 10:43 -------- d-----w- c:\program files\Everest Poker
2009-11-15 18:47 . 2008-09-05 11:37 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Microgaming
2009-11-14 18:44 . 2006-09-22 12:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-12 21:58 . 2009-03-20 19:51 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Mumble
2009-11-08 17:00 . 2009-07-30 20:08 -------- d-----w- c:\program files\SopCast
2009-11-06 21:25 . 2009-04-19 19:49 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-05 19:58 . 2009-09-17 18:14 -------- d-----w- c:\documents and settings\Administrateur\Application Data\RayV
2009-11-05 12:05 . 2009-09-07 18:38 -------- d-----w- c:\program files\Navilog1
2009-11-03 04:08 . 2007-10-06 16:50 -------- d-----w- c:\program files\eMule
2009-10-30 20:52 . 2008-07-04 19:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-10-28 18:56 . 2006-09-25 11:50 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BSplayer
2009-10-25 10:08 . 2001-08-24 14:00 72092 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-25 10:08 . 2001-08-24 14:00 461134 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-16 12:19 . 2009-10-16 12:19 292878 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe
2009-10-16 12:19 . 2009-10-16 12:19 292878 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe
2009-10-16 12:19 . 2009-10-16 12:19 292878 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe
2009-10-16 12:19 . 2009-10-16 12:19 292878 ----a-r- c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\ARPPRODUCTICON.exe
2009-10-05 12:17 . 2009-07-25 11:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 12:17 . 2009-08-26 10:22 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-13 20:42 . 2009-09-13 20:42 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-09-10 12:54 . 2009-07-25 11:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-07-25 11:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-26 13:07 . 2009-08-26 13:07 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-08-26 13:07 . 2009-08-26 13:07 368640 ----a-w- c:\windows\system32\ReWire.dll
2002-08-30 13:00 . 2009-11-20 16:44 114688 --sha-r- c:\windows\system32\msvcp6q.dll
.

------- Sigcheck -------

[-] 2004-08-18 . 27A5959C94EE173A063CA06BD14F021A . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll
[-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-22 . 998F3F568F6074A35AB08CD3395A9DC2 . 1036288 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-11-16_19.37.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-16 22:20 . 2009-11-16 22:20 85969 c:\windows\system32\drivers\gmer.sys
+ 2006-09-21 19:17 . 2001-08-24 14:00 34816 c:\windows\system32\dllcache\admwprox.dll
+ 2009-11-16 19:48 . 2009-11-16 19:48 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2009-11-16 22:20 . 2008-04-17 20:13 811008 c:\windows\gmer.exe
+ 2009-11-16 22:20 . 2009-11-16 22:20 884736 c:\windows\gmer.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-14 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-06-20 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpdateCheck"= {55E99EC8-3D20-47F6-8C2B-3435D1B2050A} - c:\windows\system32\msvcp6q.dll [2002-08-30 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=KORGUMDD.DRV
"midi3"=KORGUMDD.DRV

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [16/11/2009 20:05 10240]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [16/11/2009 22:29 18816]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [12/09/2009 21:39 31744]
S2 Intelligent Transfer Service;Windows InstallService;c:\windows\system32\servtie.exe --> c:\windows\system32\servtie.exe [?]
S3 03622;03622;\??\c:\windows\system32\03622.sys --> c:\windows\system32\03622.sys [?]
S3 06e38;06e38;\??\c:\windows\system32\06e38.sys --> c:\windows\system32\06e38.sys [?]
S3 0ca26;0ca26;\??\c:\windows\system32\0ca26.sys --> c:\windows\system32\0ca26.sys [?]
S3 1478;1478;\??\c:\windows\system32\1478.sys --> c:\windows\system32\1478.sys [?]
S3 19418;19418;\??\c:\windows\system32\19418.sys --> c:\windows\system32\19418.sys [?]
S3 1ac5;1ac5;c:\windows\system32\1ac5.sys [16/11/2009 21:42 54624]
S3 37828;37828;\??\c:\windows\system32\37828.sys --> c:\windows\system32\37828.sys [?]
S3 3a933;3a933;\??\c:\windows\system32\3a933.sys --> c:\windows\system32\3a933.sys [?]
S3 3af7;3af7;\??\c:\windows\system32\3af7.sys --> c:\windows\system32\3af7.sys [?]
S3 3e53;3e53;\??\c:\windows\system32\3e53.sys --> c:\windows\system32\3e53.sys [?]
S3 3fc17;3fc17;\??\c:\windows\system32\3fc17.sys --> c:\windows\system32\3fc17.sys [?]
S3 4bb3C;4bb3C;\??\c:\windows\system32\4bb3C.sys --> c:\windows\system32\4bb3C.sys [?]
S3 4be24;4be24;\??\c:\windows\system32\4be24.sys --> c:\windows\system32\4be24.sys [?]
S3 4de1B;4de1B;\??\c:\windows\system32\4de1B.sys --> c:\windows\system32\4de1B.sys [?]
S3 4de1C;4de1C;\??\c:\windows\system32\4de1C.sys --> c:\windows\system32\4de1C.sys [?]
S3 5861E;5861E;\??\c:\windows\system32\5861E.sys --> c:\windows\system32\5861E.sys [?]
S3 5a32A;5a32A;\??\c:\windows\system32\5a32A.sys --> c:\windows\system32\5a32A.sys [?]
S3 634A;634A;\??\c:\windows\system32\634A.sys --> c:\windows\system32\634A.sys [?]
S3 63cE;63cE;\??\c:\windows\system32\63cE.sys --> c:\windows\system32\63cE.sys [?]
S3 72523;72523;\??\c:\windows\system32\72523.sys --> c:\windows\system32\72523.sys [?]
S3 7b927;7b927;\??\c:\windows\system32\7b927.sys --> c:\windows\system32\7b927.sys [?]
S3 7db12;7db12;\??\c:\windows\system32\7db12.sys --> c:\windows\system32\7db12.sys [?]
S3 82730;82730;\??\c:\windows\system32\82730.sys --> c:\windows\system32\82730.sys [?]
S3 82731;82731;\??\c:\windows\system32\82731.sys --> c:\windows\system32\82731.sys [?]
S3 83035;83035;\??\c:\windows\system32\83035.sys --> c:\windows\system32\83035.sys [?]
S3 8ef2;8ef2;\??\c:\windows\system32\8ef2.sys --> c:\windows\system32\8ef2.sys [?]
S3 9423E;9423E;\??\c:\windows\system32\9423E.sys --> c:\windows\system32\9423E.sys [?]
S3 a0d20;a0d20;\??\c:\windows\system32\a0d20.sys --> c:\windows\system32\a0d20.sys [?]
S3 a2a2C;a2a2C;\??\c:\windows\system32\a2a2C.sys --> c:\windows\system32\a2a2C.sys [?]
S3 a8914;a8914;\??\c:\windows\system32\a8914.sys --> c:\windows\system32\a8914.sys [?]
S3 a9834;a9834;\??\c:\windows\system32\a9834.sys --> c:\windows\system32\a9834.sys [?]
S3 abbC;abbC;\??\c:\windows\system32\abbC.sys --> c:\windows\system32\abbC.sys [?]
S3 ac310;ac310;\??\c:\windows\system32\ac310.sys --> c:\windows\system32\ac310.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [15/12/2008 22:00 33536]
S3 b1a4;b1a4;\??\c:\windows\system32\b1a4.sys --> c:\windows\system32\b1a4.sys [?]
S3 baa3D;baa3D;\??\c:\windows\system32\baa3D.sys --> c:\windows\system32\baa3D.sys [?]
S3 baa6;baa6;\??\c:\windows\system32\baa6.sys --> c:\windows\system32\baa6.sys [?]
S3 be43A;be43A;\??\c:\windows\system32\be43A.sys --> c:\windows\system32\be43A.sys [?]
S3 c692F;c692F;\??\c:\windows\system32\c692F.sys --> c:\windows\system32\c692F.sys [?]
S3 c751F;c751F;\??\c:\windows\system32\c751F.sys --> c:\windows\system32\c751F.sys [?]
S3 c922B;c922B;\??\c:\windows\system32\c922B.sys --> c:\windows\system32\c922B.sys [?]
S3 d22B;d22B;\??\c:\windows\system32\d22B.sys --> c:\windows\system32\d22B.sys [?]
S3 d2bF;d2bF;\??\c:\windows\system32\d2bF.sys --> c:\windows\system32\d2bF.sys [?]
S3 def1A;def1A;\??\c:\windows\system32\def1A.sys --> c:\windows\system32\def1A.sys [?]
S3 e0739;e0739;\??\c:\windows\system32\e0739.sys --> c:\windows\system32\e0739.sys [?]
S3 eca13;eca13;\??\c:\windows\system32\eca13.sys --> c:\windows\system32\eca13.sys [?]
S3 ee716;ee716;\??\c:\windows\system32\ee716.sys --> c:\windows\system32\ee716.sys [?]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [20/12/2005 1:07 14976]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ATAPI
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 13:50
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS >>UNKNOWN [0x8A2F7868]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f56cb8
\Driver\atapi -> atapi.sys @ 0xb9ed57b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb9d61ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d6eb21
SendHandler -> NDIS.sys @ 0xb9d4c87b
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4722EE48-40E7-10C3-749F-74DFCE71B7CA}\InProcServer32*]
"oabhajjcjkobfaikndpifbngojdbpf"=hex:6a,61,64,69,63,63,68,6b,65,61,67,62,6c,6d,
6a,62,6a,6d,62,65,00,f9
"nabhgjlkenekdmlokipjcbclobne"=hex:6a,61,64,69,63,63,68,6b,65,61,67,62,6c,6d,
6a,62,6a,6d,62,65,00,f9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F592A3F4-1E8F-F23D-181A-D5DEAD3CBB53}\InProcServer32*]
"oafebebpjjkiebppncbphmbgibcoeb"=hex:6a,61,63,6c,6d,6f,69,69,6f,65,70,6b,65,62,
67,70,6e,61,6d,6c,00,f9
"nafeldhldindccjgoakbidlmbafl"=hex:6a,61,63,6c,6d,6f,69,69,6f,65,70,6b,65,62,
67,70,6e,61,6d,6c,00,f9

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="C3CA43629C4D5DB8FC0D5EC5A702DB907BFC5BDFD6887BD3168EDA4EBD4E79BED37DB16569A5F032550DBDB5B24ADB538FCBFD33E66E57255B710ADB3AE03C4ACEC8CFFD09BF88C46E2A237E723918D0A2079FBDB8DEAAC58B825B04F509C0911A1EE00024C6403FF9708753EAE36F8AD2740EB54BF83B8653620F9C100D50FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808A6171C11EC38DE3D660943E3B41C49F3FEAB214F60C26A0F758BDBB86F76CD717DD117CB856141D969E90525BFC987B5468BBB42E68AFA3D9E1C1EC6AB54BED6B656DA05F3440754E6C8F366BD47E2F883255A17884FA752CF571806D6575BDF89F50ABA3C38BC8DF9FCABEE7BCCD2F91F5CF20633671211634FB64622138C74E111ABEFEDADB3AFBC51EF98094730480786A2DF995BBC10378611EC004D1ECDAE756F3F5EC7A33C528126D0BCD8BAC92E6FA60831690F372F755CEF2781C07DE46AA4D4A45D23865DC1D69B2ED292378956E174B4025446B08876DE925D09E3FA2840F39C7B323609B6B18D3C40419D126E5CB2A14CBBCD271EDE5782436FB8ED5C5BEFE6E0AFC77EFB0851865D2EDBC6DDBF5FBA2159B3010DB88EF9C9CF07BCA733336700E209F01E4F2673192AA9A741DBAF850E25B2319A4C4CBEBCEAAD6A1E29BAC782F49F941F225D2C99E68D3C2523EACC537856AE8485EDDD9966DE7F494097F1427282A275BDDC1DB6F9658D0F2D6B1F681483F27AF3E2A41248210727A26F974FCDFDD48B042076FD5E612875B3204DF69BEDFDA04CAFA78EFD4F91A79DFAAB6D5A32EFBE7BB4B0AE72069DC2160D6D5A959FD08D656CBDA8D81A31302187E713D311B562CD3D013D78AD86D558C95BA56E76F3503C46812E8B01FE9AC1F6C6ECD7E46F3BC8EFE753170378811F81341FF32570E5EF7CD223B0DD96B2BABE895BE5476B035F17A4CBD888150E3873D9BDDBAFD5C3C563543D43D817B9E6E7B4EF64297768A5903C392B12F9B410F273B13CF137D123646CE6A2732365C60E0FF29C4DEA0ED54EF85FE14950273AE5EADA0F972A6B96F9483F95FD655E81E426DF3B4D1C884FD767B633A9BF85ED496DCFB6A349E14E36D51843210641DDB0C8E6D313E9E2934758EA388576E886AB6DD9746C34F71F3BC7F7B756B71FC9CA0C6A5960339B4649E0DCEF00265B02B02175F0998D6680C31619646CABFDD5A0478227475D2334A25C22BD1305DC041004D5B6ABFA598D1A7CEB9C869AD537B3187BF82FD0E04A27E482670A4B5FD213525E35F128EF089F7811199C40944618DDD371D57BAD19C2DC7A9608384A599A102A4014C3BF52C84D60F6F7DC9A80F73CBE9549CBD85873E9B9DA000CF7271A0187108A7F"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-11-21 13:50
ComboFix-quarantined-files.txt 2009-11-21 12:50
ComboFix2.txt 2009-11-16 19:38

Avant-CF: 3.414.315.008 octets libres
Après-CF: 3.379.884.032 octets libres

- - End Of File - - C17E45F92CD980A4B013F9D26191101D

amine31500 · Answer

va sur executer tape mrt ca analyse tn pc

radzinskisss · Answer

Avec mrt il ne trouve aucun spyware

Rootkit?

2 réponses

Discussions similaires