Flux rss
Collection CommentCaMarche.net
Rechercher : dans
Par : Pertinence Date Nom d'utilisateur
46 réponses 123 Suivant
Statut : Non résolu

Infection par Xor-encoded.A et autres...

mimille1978, le dimanche 7 septembre 2008 à 02:24:38
Bonjour,

Mon ordi semble infecté par plusieurs "choses" dont Xor-encoded.A, voici le rapport de Activescan 2.0. Après avoir vu ça pouvez-vous me dire si vous pouvez m'aider ?

Merci beaucoup !!!!!




;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-07 02:01:34
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 9
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3903.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@fastclick[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@mediaplex[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@apmebf[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@media.adrevolver[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@overture[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\marie@adultfriendfinder[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low\marie@smartadserver[2].txt
02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\marie\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report0ad165c4\Report.cab[tuvvTNhe.dll.xor]
03281648 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\Program Files\Dress Shop Hop\Uninstall.exe
03600161 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\fkpbrmmn.dll
03600161 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\vdkxprao.dll
03600564 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\opnkKaXn.dll
03600564 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\tuvWomNh.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location �+YR@�Ms5
;===================================================================================================================================================================================
No C:\Users\marie\AppData\Local\Temp\koywaidj.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\blbbfjey.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\geBuRKcA.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\hlgrftym.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\jkkIYrOI.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\khFUKbaX.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\koywaidj.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\oPIcyaxY.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\tbsfyytq.dll �+YR@�Ms5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �+YR@�Ms5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Configuration: Windows Vista
Internet Explorer 7.0
Répondre à mimille1978  Signaler ce message aux modérateurs Aller au dernier message

1


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Destrio5, le dimanche 7 septembre 2008 à 02:37:39
Salut,

Tu es infecté par Vundo aussi.

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
   
Répondre à Destrio5

2


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
mimille1978, le dimanche 7 septembre 2008 à 02:56:38
Merci pour cette réponse rapide !

Et hop voici le scan !

;***********************************************************­************************************************************­************************************************************­
ANALYSIS: 2008-09-07 02:01:34
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 9
;***********************************************************­************************************************************­************************************************************­
PROTECTIONS
Description Version Active Updated
;===========================================================­============================================================­============================================================­
Windows Defender 1.1.3903.0 No Yes
;===========================================================­============================================================­============================================================­
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===========================================================­============================================================­============================================================­
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\mar­ie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@fastclick[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@mediaplex[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\mar­ie@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@apmebf[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@media.adrevolver[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@overture[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\mar­ie@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@bluestreak[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\mar­ie@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\mar­ie@adultfriendfinder[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\marie\AppData\Roaming\Microsoft\Windows\Cookies\Low­\marie@smartadserver[2].txt
02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
03009106 W32/Xor-encoded.A Virus No 0 No No C:\Users\marie\AppData\Local\Microsoft\Windows\WER\ReportArc­hive\Report0ad165c4\Report.cab[tuvvTNhe.dll.xor]
03281648 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\Program Files\Dress Shop Hop\Uninstall.exe
03600161 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\fkpbrmmn.dll
03600161 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\vdkxprao.dll
03600564 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\opnkKaXn.dll
03600564 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\marie\AppData\Local\Temp\tuvWomNh.dll
;===========================================================­============================================================­============================================================­
SUSPECTS
Sent Location �+YR@�Ms5
;===================================================================================================================================================================================
No C:\Users\marie\AppData\Local\Temp\koywaidj.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\blbbfjey.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\geBuRKcA.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\hlgrftym.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\jkkIYrOI.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\khFUKbaX.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\koywaidj.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\oPIcyaxY.dll �+YR@�Ms5
No C:\Users\marie\AppData\Local\Temp\tbsfyytq.dll �+YR@�Ms5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �+YR@�Ms5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
   
Répondre à mimille1978

3


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Destrio5, le dimanche 7 septembre 2008 à 02:59:46
Ce n'est pas le bon scan.
   
Répondre à Destrio5

4


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
mimille1978, le dimanche 7 septembre 2008 à 03:02:32
Ah zut ! Comment dois-je faire pour avoir le bon scan SVP ?
   
Répondre à mimille1978

5


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Destrio5, le dimanche 7 septembre 2008 à 03:03:27
---> Fais un scan rapide avec MalwareByte's Anti-Malware, supprime tout ce qu'il trouve et poste le rapport.

Pour télécharger MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
   
Répondre à Destrio5

6


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
mimille1978, le dimanche 7 septembre 2008 à 03:16:16
cETTE FOIS 9A DEVRAIT ËTRE BON;;;

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1103
Windows 6.0.6000

07/09/2008 03:14:35
mbam-log-2008-09-07 (03-14-35).txt

Type de recherche: Examen rapide
Eléments examinés: 41680
Temps écoulé: 9 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm63df8f5e (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60ecbcc2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\marie\AppData\Local\Temp\vdkxprao.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\marie\AppData\Local\Temp\koywaidj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\marie\AppData\Local\Temp\nnnkLcAp.dll (Malware.Trace) -> Quarantined and deleted successfully.
   
Répondre à mimille1978

7


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Destrio5, le dimanche 7 septembre 2008 à 03:23:26
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Désactive l'UAC le temps de la désinfection :
http://www.zebulon.fr/astuces/220-desactiver-l-uac-dans-vista.html

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
   
Répondre à Destrio5

8


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
Destrio5, le dimanche 7 septembre 2008 à 03:27:42
Par contre, je dois te laisser.
   
Répondre à Destrio5

9


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
mimille1978, le dimanche 7 septembre 2008 à 03:30:23
ça tombe bien moi aussi, je continuerai demain les yeux ouverts ! merci pour ton aide !!!
   
Répondre à mimille1978

10


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
mimille1978, le dimanche 7 septembre 2008 à 15:20:04
Bonjour !

Voilà le log avec combo :

ComboFix 08-09-05.02 - marie 2008-09-07 14:45:23.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1015 [GMT 2:00]
Endroit: C:\Users\marie\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 12:45 6,736 ----a-w C:\Windows\system32\drivers\PROCEXP90.SY­S
2008-09-07 12:40 2,846,217 ----a-w C:\ComboFix.exe
2008-09-07 00:53 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 00:41 --------- d-----w C:\Users\marie\AppData\Roaming\Malwa­rebytes
2008-09-07 00:41 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-07 00:01 --------- d-----w C:\Program Files\Dress Shop Hop
2008-09-06 16:16 --------- d-----w C:\Program Files\Panda Security
2008-09-06 15:34 --------- d-----w C:\Program Files\The Cleaner Free
2008-09-06 12:24 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-09-05 19:49 --------- d-----w C:\Program Files\Webteh
2008-09-05 16:46 --------- d-----w C:\Program Files\a-squared Free
2008-09-04 14:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-04 14:06 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-04 10:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-04 10:07 --------- d-----w C:\ProgramData\Symantec
2008-09-04 10:06 --------- d-----w C:\Program Files\Symantec
2008-09-03 22:02 --------- d-----w C:\Program Files\Alwil Software
2008-09-03 19:10 --------- d-----w C:\Program Files\Yahoo!
2008-09-03 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 17:37 --------- d-----w C:\Program Files\Decoshow
2008-09-02 15:57 --------- d-----w C:\Program Files\Artlantis Studio 2
2008-09-02 14:50 --------- d-----w C:\Users\marie\AppData\Roaming\Abven­t_Artlantis2
2008-09-02 14:26 --------- d-----w C:\Users\marie\AppData\Roaming\Abven­t
2008-09-02 14:26 --------- d-----w C:\ProgramData\Abvent
2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissar­my.sys
2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-01 17:41 --------- d-----w C:\Program Files\CCleaner
2008-08-31 16:00 --------- d-----w C:\Program Files\Téléchargeur de Architecte d intérieur 3D - Edition 2007
2008-08-31 15:55 --------- d-----w C:\ProgramData\BOONTY
2008-08-31 15:55 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
2008-08-31 14:41 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-08-31 14:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 17:02 --------- d-----w C:\Users\marie\AppData\Roaming\Junip­er Networks
2008-08-13 17:51 --------- d-----w C:\Program Files\Windows Mail
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.s­ys
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-15 18:52 --------- d-----w C:\Program Files\DivX
2008-07-12 10:15 --------- d-----w C:\ProgramData\Installations
2008-07-12 09:24 --------- d-----w C:\Program Files\Sun
2008-07-12 09:19 --------- d-----w C:\Program Files\Java
2008-07-11 08:58 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.­dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.­dll
2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-06-18 17:52 161,096 ----a-w C:\Windows\System32\DivXCodecVersionCh­ecker.exe
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-11 00:07 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-07 20:53 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService­\AppData\Local\Microsoft\Windows\History\History.IE5\index.d­at
2008-03-07 20:53 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService­\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-07 20:53 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService­\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-08 360448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 149040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-30 171448]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-14 5304320]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 36352]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"V0220Mon.exe"="C:\Windows\V0220Mon.exe" [2006-06-28 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 421888]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B2A64AE6-52E1-444D-A403-12F49423D74E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{035E7577-3A04-44F3-BA52-9A1E7216F7F0}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{F2DB3A45-B7A2-47B1-9BDC-193D1651088E}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{FD5ACF28-33B4-4F3B-9AC3-82881ACB1D51}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{EBE8A00F-3381-4728-87C2-9371E411DE45}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{8441FB0E-715A-45CD-B1FF-E4D471C7CB6A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{31CE2FF0-372F-4506-9399-CC6F12C0E861}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9C8479B8-2ACD-4E7A-B45E-E0B3F63ECB98}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{2A3CC8E3-4C51-48EA-8ACA-CAEE5656A382}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{EB1DFA88-5D5E-4042-BDA0-79CF7E4D5895}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2EC1B0E7-782C-437A-BC0A-9F8FA2BA0B49}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F7EB2EFA-AC3C-4E46-9994-319150A6084D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E9825D7F-A491-44C0-A079-F1D445B62525}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{45F20B90-3D8C-42E6-90A5-917C5F794F4D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{5C32700C-86DC-49D9-ADEC-46A7B27D5F7E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{AF0546E3-C12F-483B-9B13-4E9F497A26DF}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 11120]
S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-08-31 69120]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 V0220Dev;Live! Cam Video IM;C:\Windows\system32\DRIVERS\V0220Dev.sys [2006-06-29 146112]
S3 V0220Vfx;V0220VFX;C:\Windows\system32\DRIVERS\V0220Vfx.sys [2006-06-08 6272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1fe03ed-8f6d-11dc-9687-001d60b1e6f7}]
\shell\AutoRun\command - G:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PAVBOOT
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\marie\AppData\Roaming\Mozilla\Firefox\Profiles\yxu6bw20.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 14:49:38
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-07 14:51:48
ComboFix-quarantined-files.txt 2008-09-07 12:51:29

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 21,804,298,240 octets libres

191 --- E O F --- 2008-09-05 18:42:16
   
Répondre à mimille1978

20


  • Ce message vous semble utile, votez !
  • Signaler ce message aux modérateurs
mimille1978, le dimanche 7 septembre 2008 à 18:49:08
voilà ce qu'evrest me dit...

--------[ EVEREST Home Edition (c) 2003-2005 Lavalys, Inc. ]-----------------------------------------------------------­-

Version EVEREST v2.20.405/fr
Site web http://www.lavalys.com/
Type de rapport Rapport rapide
Ordinateur PC-DE-MARIE
Générateur marie
Système d'exploitation Microsoft Windows Vista Home Edition 6.0.6000 (WinVista Beta)
Date 2008-09-07
Heure 18:41


--------[ Résumé ]-----------------------------------------------------------­-------------------------------------------

Ordinateur:
Système d'exploitation Microsoft Windows Vista Home Edition
Service Pack du système -
DirectX 4.09.00.0904 (DirectX 9.0c)
Nom du système PC-DE-MARIE
Nom de l'utilisateur marie

Carte mère:
Type de processeur Mobile DualCore Intel Celeron M, 1866 MHz (6 x 311)
Nom de la carte mère Inconnu
Chipset de la carte mère Inconnu
Mémoire système 1920 Mo
Type de BIOS AMI (07/31/07)

Moniteur:
Carte vidéo ATI RADEON XPRESS 1100 (128 Mo)
Carte vidéo ATI RADEON XPRESS 1100 (128 Mo)
Accélérateur 3D ATI Radeon Xpress 200M (RC410M)
Moniteur Moniteur Plug-and-Play générique

Multimédia:
Carte audio Speakers (Realtek High Definiti

Stockage:
Contrôleur IDE Contrôleur IDE standard double canal PCI
Contrôleur IDE Contrôleur IDE standard double canal PCI
Contrôleur IDE Ricoh Memory Stick Controller
Contrôleur SCSI/RAID Initiateur Microsoft iSCSI
Disque dur ST9160821AS ATA Device (149 Go, IDE)
Disque dur clvrstuf USB Flash Drive USB Device (972 Mo, USB)
Lecteur optique clvrstuf USB Flash Drive USB Device
Lecteur optique HL-DT-ST DVDRAM GSA-T20N ATA Device
État des disques durs SMART OK

Partitions:
C: (NTFS) 76312 Mo (21748 Mo libre)
D: (NTFS) 69311 Mo (49866 Mo libre)
Taille totale 142.2 Go (69.9 Go libre)

Entrée:
Clavier Clavier standard PS/2
Souris Synaptics PS/2 Port TouchPad

Réseau:
Carte réseau Atheros AR5007EG Wireless Network Adapter (192.168.1.233)
Carte réseau Realtek RTL8139/810x Family Fast Ethernet NIC
Modem Motorola SM56 Data Fax Modem

Périphériques:
Imprimante EPSON Stylus DX4000 Series
Imprimante Microsoft XPS Document Writer
Périphérique USB Périphérique de stockage de masse USB
Batterie Adaptateur secteur Microsoft
Batterie Batterie à méthode de contrôle compatible ACPI Microsoft


--------[ Debug - PCI ]-----------------------------------------------------------­--------------------------------------

B00 D00 F00: Pont CPU hôte standard PCI [NoDB]

Offset 00: 02 10 31 5A 06 00 20 22 01 00 00 06 00 40 00 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 09 02 11 60 58 50 45 05 00 00 00 00 46 20 05 00
Offset 50: 43 10 27 16 50 29 00 00 00 10 11 11 00 00 33 33
Offset 60: 0C 00 00 00 0C 17 00 00 00 0A 20 00 EA 00 0B 65
Offset 70: 00 01 20 20 84 84 84 84 85 F0 00 21 85 43 32 18
Offset 80: 00 00 00 00 94 14 00 00 30 00 10 00 12 21 00 90
Offset 90: 00 00 00 78 84 08 11 02 00 00 0F 01 83 8E 12 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 2B FF 0F 00 2B FF 4F 00 5A 08 30 31 C0 02 B0 19
Offset E0: 10 00 00 00 03 30 5B 80 7F 00 00 00 00 00 00 00
Offset F0: 03 00 09 00 00 80 80 00 03 00 00 00 00 00 00 00

B00 D01 F00: ATI Radeon Xpress 200 Chipset - PCI Express Root Port

Offset 00: 02 10 3F 5A 07 01 30 02 00 00 04 06 00 40 01 00
Offset 10: 00 00 00 00 00 00 00 00 00 01 01 40 71 71 20 22
Offset 20: 80 F8 80 F8 F0 8F E0 AF 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 B0 00 00 00 00 00 00 00 00 00 0A 00
Offset 40: 00 00 00 C0 00 00 00 00 00 00 00 00 02 10 3F 5A
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 0D 00 00 00 02 10 3F 5A 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D04 F00: ATI Radeon Xpress 200 Chipset - PCI Express Root Port

Offset 00: 02 10 36 5A 06 05 10 00 00 00 04 06 10 00 01 00
Offset 10: 00 00 00 00 00 00 00 00 00 02 02 00 F1 01 00 00
Offset 20: 90 F8 90 F8 F1 FF 01 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 50 00 00 00 00 00 00 00 00 00 07 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 01 58 03 C8 00 00 00 00 10 80 41 01 20 00 00 00
Offset 60: 10 08 00 00 11 0C 00 01 00 00 11 10 00 05 08 00
Offset 70: C0 03 48 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 05 B0 01 00 0C 30 E0 FE B0 49 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 0D B8 00 00 43 10 27 16 08 00 03 A8 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: A5 00 00 00 10 0F 0B 0A 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D05 F00: ATI Radeon Xpress 200 Chipset - PCI Express Root Port

Offset 00: 02 10 37 5A 07 05 10 00 00 00 04 06 10 00 01 00
Offset 10: 00 00 00 00 00 00 00 00 00 03 05 00 81 91 00 00
Offset 20: A0 F8 90 FC F1 AF E1 CF 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 50 00 00 00 00 00 00 00 00 00 07 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 01 58 03 C8 00 00 00 00 10 80 41 01 20 00 00 00
Offset 60: 10 08 00 00 11 0C 00 F7 00 00 01 11 C0 25 08 00
Offset 70: C8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 05 B0 01 00 0C 30 E0 FE A0 49 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 0D B8 00 00 43 10 27 16 08 00 03 A8 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 02 00 00 00 00 C0 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D06 F00: ATI Radeon Xpress 200 Chipset - PCI Express Root Port

Offset 00: 02 10 38 5A 04 05 10 00 00 00 04 06 10 00 01 00
Offset 10: 00 00 00 00 00 00 00 00 00 06 06 00 F1 01 00 00
Offset 20: F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 50 00 00 00 00 00 00 00 00 00 07 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 01 58 03 C8 00 00 00 00 10 80 41 01 20 00 00 00
Offset 60: 10 08 00 00 11 0C 00 F7 10 00 01 11 00 00 00 00
Offset 70: C0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 05 B0 01 00 0C 30 E0 FE 90 49 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 0D B8 00 00 43 10 27 16 08 00 03 A8 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: A5 00 00 00 02 01 00 04 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D07 F00: Pont PCI vers PCI standard PCI [NoDB]

Offset 00: 02 10 39 5A 04 05 10 00 00 00 04 06 10 00 01 00
Offset 10: 00 00 00 00 00 00 00 00 00 07 07 00 F1 01 00 00
Offset 20: F0 FF 00 00 F1 FF 01 00 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 50 00 00 00 00 00 00 00 00 00 07 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 01 58 03 C8 00 00 00 00 10 80 41 01 20 00 00 00
Offset 60: 10 08 00 00 11 0C 00 F7 10 00 01 11 00 00 00 00
Offset 70: C0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 05 B0 01 00 0C 30 E0 FE 80 49 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 0D B8 00 00 43 10 27 16 08 00 03 A8 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: A5 00 00 00 02 01 00 04 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D12 F00: Contrôleur IDE standard double canal PCI [NoDB]

Offset 00: 02 10 80 43 07 01 30 02 00 8F 01 01 10 40 00 00
Offset 10: 01 E8 00 00 01 E4 00 00 01 E0 00 00 01 DC 00 00
Offset 20: 01 D8 00 00 00 FC BF FE 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 60 00 00 00 00 00 00 00 16 01 00 00
Offset 40: 14 00 80 02 01 00 10 00 01 00 00 00 00 00 00 00
Offset 50: 05 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 01 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 12 00 10 00 0F 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 06 00 00 2C DA 01 B4 00 DA 01 B4 00
Offset 90: DA 01 B4 00 DA 01 B4 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 B8 00 00 00 00 00 00 00 B8 00 00
Offset B0: 00 00 00 00 00 B8 00 00 00 00 00 00 00 B8 00 00
Offset C0: 00 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D13 F00: Contrôleur hôte USB OpenHCD standard [NoDB]

Offset 00: 02 10 87 43 16 01 A0 02 00 10 03 0C 10 40 80 00
Offset 10: 00 E0 BF FE 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00
Offset 40: 80 1F 00 00 0A 84 B7 18 07 35 00 00 00 00 00 00
Offset 50: 00 1C 00 00 00 00 00 00 FF FF FF FF FF 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 FF 00 00 80 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D13 F01: Contrôleur hôte USB OpenHCD standard [NoDB]

Offset 00: 02 10 88 43 16 01 A0 02 00 10 03 0C 10 40 00 00
Offset 10: 00 D0 BF FE 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 11 02 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D13 F02: Contrôleur hôte USB OpenHCD standard [NoDB]

Offset 00: 02 10 89 43 16 01 A0 02 00 10 03 0C 10 40 00 00
Offset 10: 00 C0 BF FE 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 12 03 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D13 F03: Contrôleur hôte USB OpenHCD standard [NoDB]

Offset 00: 02 10 8A 43 16 01 A0 02 00 10 03 0C 10 40 00 00
Offset 10: 00 B0 BF FE 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 11 02 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D13 F04: Contrôleur hôte USB OpenHCD standard [NoDB]

Offset 00: 02 10 8B 43 16 01 A0 02 00 10 03 0C 10 40 00 00
Offset 10: 00 A0 BF FE 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 12 03 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D13 F05: Contrôleur hôte PCI vers USB standard étendu [NoDB]

Offset 00: 02 10 86 43 16 01 B0 02 00 20 03 0C 10 40 00 00
Offset 10: 00 F8 BF FE 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 C0 00 00 00 00 00 00 00 13 04 00 00
Offset 40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 50: 40 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 01 00 00 00 00 20 00 C0 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 01 E4 02 7E 00 00 40 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 0A 00 E0 20 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D14 F00: Contrôleur SMBus de processeur de communications ATI I/O [NoDB]

Offset 00: 02 10 85 43 03 04 20 02 13 00 05 0C 00 00 80 00
Offset 10: 01 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: D4 2B 00 05 00 00 00 00 0F FF 00 00 00 00 00 00
Offset 50: F0 01 01 01 F0 0F F0 0F 11 0B F0 0F 00 00 00 00
Offset 60: 01 00 03 00 9F FB DE 8F 3F 90 00 00 20 00 00 00
Offset 70: 00 00 00 00 08 00 C0 FE FF 6E 00 00 00 00 F0 0F
Offset 80: F0 0A B0 4B 00 00 00 00 00 00 00 00 8C 00 00 80
Offset 90: 01 0B 00 00 F9 EE FF 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 FF FF FF FF B0 48 00 FF 20 02 12 79 20 18
Offset B0: 05 00 02 A8 00 00 00 00 00 00 00 00 F0 0F 08 1A
Offset C0: FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: D8 0C 00 00 00 00 44 00 00 00 00 00 AA 00 10 01

B00 D14 F01: Contrôleur IDE standard double canal PCI [NoDB]

Offset 00: 02 10 8C 43 05 00 20 02 00 82 01 01 00 00 00 00
Offset 10: 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00
Offset 20: 01 FF 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00
Offset 40: 20 99 00 00 FF FF 00 00 00 01 40 00 00 00 00 00
Offset 50: 00 00 00 00 02 00 20 00 00 00 00 00 00 00 00 00
Offset 60: 00 00 00 00 10 2C 01 07 01 00 00 00 FF FF 0F 00
Offset 70: 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D14 F02: Contrôleur audio haute définition [NoDB]

Offset 00: 02 10 83 43 06 00 10 04 00 00 03 04 10 40 00 00
Offset 10: 04 40 BF FE 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 39 13
Offset 30: 00 00 00 00 50 00 00 00 00 00 00 00 10 01 00 00
Offset 40: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00
Offset 50: 01 00 42 C8 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 05 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D14 F03: Contrôleur LPC de processeur de communications ATI I/O [NoDB]

Offset 00: 02 10 8D 43 0F 00 20 02 00 00 01 06 00 00 80 00
Offset 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 27 16
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 40: 04 00 00 00 00 00 00 60 07 FF 72 00 00 00 00 00
Offset 50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 60: 0D 00 0D 00 50 02 00 00 0E 00 0F 00 F8 FF FF FF
Offset 70: 67 45 23 01 01 00 00 00 01 00 00 00 05 00 00 00
Offset 80: 08 00 03 A8 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

B00 D14 F04: ATI I/O Communications Processor PCI Bus Controller [NoDB]

Offset 00: 02 10 84 43 07 05 A0 02 00 01 04 06 00 40 81 00
Offset 10: 00 00 00 00 00 00 00 00 00 08 09 40 A0 B0 80 22
Offset 20: A0 FC A0 FE F0 CF E0 DF 00 00 00 00 00 00 00 00
Offset 30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00
Offset 40: 26 00 38 FF 00 00 00 00 0C 01 39 D1 00 00 00 00
Offset 50: 01 00 00 00 08 00 03 A8 00 00 00 00 85 00 FF FF
Offset 60: CA 0E 17 00 8A 18 00 00 00 00 00 00 00 00 00 00
Offset 70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Offset D0: 0