Aller au contenu

evans

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    38

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par evans

  1. evans
    Bonjour à tous, Voilà plusieurs mois que je me suis débarrassé d'un virus mais depuis mon ordinateur a quelques soucis de ralentissements.Au démarrage, Windows se bloque pendant 5 minutes avant de démarrer. Me suis-je vraiment débarrassé de ce virus? Voici le rapport HiJackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:54:54, on 27/02/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Ad-Aware\aawservice.exe E:\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Audio Deck\EnMixCPL.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\RUNDLL32.EXE E:\Avast5\avastUI.exe C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe C:\Documents and Settings\Louis\Local Settings\Apps\F.lux\flux.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe F:\downloads\tools\antivir\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 190.210.56.155 tailworlds.com O1 - Hosts: 190.210.56.155 http://www.tailworlds.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\acrobat reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "E:\Quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avast5] "E:\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Louis\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [EA Core] "E:\EADM\Core.exe" -silent O4 - HKCU\..\Run: [EADM] "E:\EADM\EADMUI\EADMUI.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Louis\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - http://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Ad-Aware\aawservice.exe O23 - Service: avast! Antivirus - AVAST Software - E:\Avast5\AvastSvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 10824 bytes Merci de votre aide.
  2. evans
    Je viens de finir le scan ( 1h15 à peu près). Aucun virus détecté, dois-je considérer mon ordinateur comme débarrassé de ce virus? Windows est toujours aussi long à démarrer.
  3. evans
    Je vais devoir partir et je ne serais de retour que le 27 ou 28 Juin. Je ferais donc ce scan dans 2 semaines et je posterai le résultat. Merci beaucoup pour ton aide.
  4. evans
    Je n'ais pas tout les droits sur la machine et je ne peut pas désinstaller avast pour le remplacer par antivir Sinon, suis-je débarassé du virus?
  5. evans
    Rien n'a été détecté et je n'ais pas eu a redémarrer mon pc. Rapport mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4192 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 13/06/2010 15:20:33 mbam-log-2010-06-13 (15-20-33).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) Elément(s) analysé(s): 220471 Temps écoulé: 49 minute(s), 30 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:27:02, on 13/06/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe E:\Ad-Aware\aawservice.exe E:\Avast\aswUpdSv.exe E:\Avast\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Audio Deck\EnMixCPL.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe E:\Avast\ashDisp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\Louis\Local Settings\Apps\F.lux\flux.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe E:\Hamachi\hamachi-2.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe E:\Avast\ashMaiSv.exe E:\Avast\ashWebSv.exe C:\WINDOWS\System32\svchost.exe E:\FREEDO~1\fdm.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe F:\tools\antivir\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 190.210.56.155 tailworlds.com O1 - Hosts: 190.210.56.155 http://www.tailworlds.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\acrobat reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "E:\Quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Louis\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\acrobat reader\Reader\reader_sl.exe O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Louis\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - http://fifa-online.easports.com/fo3-theme/...3AXLauncher.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_1_0.cab O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3A7B2F48-3860-4E50-9A09-91F8C517789F}: NameServer = 212.27.54.252,212.27.53.252 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 10760 bytes
  6. evans
    Voilà le rapport : 13:32:18:203 1348 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 13:32:18:203 1348 ================================================================================ 13:32:18:203 1348 SystemInfo: 13:32:18:203 1348 OS Version: 5.1.2600 ServicePack: 2.0 13:32:18:203 1348 Product type: Workstation 13:32:18:203 1348 ComputerName: SN25P 13:32:18:203 1348 UserName: Louis 13:32:18:203 1348 Windows directory: C:\WINDOWS 13:32:18:203 1348 Processor architecture: Intel x86 13:32:18:203 1348 Number of processors: 2 13:32:18:203 1348 Page size: 0x1000 13:32:18:203 1348 Boot type: Normal boot 13:32:18:203 1348 ================================================================================ 13:32:19:468 1348 Initialize success 13:32:19:468 1348 13:32:19:468 1348 Scanning Services ... 13:32:19:906 1348 Raw services enum returned 351 services 13:32:19:906 1348 Suspicious serv ljizd (h: 0, b: 1) 13:32:19:906 1348 13:32:19:906 1348 Hidden service detected! 13:32:19:906 1348 Service name: ljizd 13:32:19:906 1348 Image path: 13:32:19:906 1348 Type "delete" (without quotes) to delete it: 13:32:33:875 1348 13:32:33:875 1348 By user detect ljizd 13:32:33:875 1348 RegNode HKLM\SYSTEM\ControlSet002\services\ljizd infected by TDSS rootkit ... 13:32:33:875 1348 will be deleted on reboot 13:32:33:890 1348 RegNode HKLM\SYSTEM\ControlSet004\services\ljizd infected by TDSS rootkit ... 13:32:33:890 1348 will be deleted on reboot 13:32:33:890 1348 File C:\WINDOWS\system32\drivers\ljizd.sys infected by TDSS rootkit ... 13:32:33:890 1348 will be deleted on reboot 13:32:33:890 1348 13:32:33:890 1348 Scanning Drivers ... 13:32:35:796 1348 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys 13:32:35:921 1348 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\WINDOWS\system32\drivers\acedrv11.sys 13:32:36:000 1348 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:32:36:046 1348 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:32:36:140 1348 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 13:32:36:343 1348 AmdK8 (31ffde1be912d7cbd3f189feb61f86b6) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 13:32:36:421 1348 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 13:32:36:515 1348 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 13:32:36:640 1348 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 13:32:36:703 1348 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys 13:32:36:765 1348 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys 13:32:36:843 1348 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys 13:32:36:875 1348 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys 13:32:36:906 1348 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:32:36:984 1348 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:32:37:078 1348 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 13:32:37:140 1348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:32:37:171 1348 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys 13:32:37:234 1348 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys 13:32:37:359 1348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:32:37:546 1348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:32:37:609 1348 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 13:32:37:656 1348 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:32:37:796 1348 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 13:32:37:859 1348 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys 13:32:37:937 1348 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys 13:32:37:984 1348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:32:38:046 1348 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 13:32:38:156 1348 Envy24HFS (542969287f982627caeb8ae71d9da3c0) C:\WINDOWS\system32\drivers\Envy24HF.sys 13:32:38:218 1348 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 13:32:38:312 1348 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 13:32:38:343 1348 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys 13:32:38:375 1348 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:32:38:500 1348 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 13:32:38:546 1348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:32:38:562 1348 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:32:38:625 1348 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:32:38:656 1348 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys 13:32:38:734 1348 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:32:38:812 1348 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 13:32:38:906 1348 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:32:38:937 1348 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:32:39:046 1348 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 13:32:39:093 1348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:32:39:156 1348 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:32:39:234 1348 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:32:39:281 1348 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:32:39:328 1348 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:32:39:406 1348 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:32:39:453 1348 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:32:39:500 1348 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:32:39:562 1348 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 13:32:39:640 1348 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 13:32:39:734 1348 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 13:32:39:796 1348 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 13:32:39:953 1348 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 13:32:40:046 1348 ljizd (b4fc6f7bc77a445ec6c44ce087105285) C:\WINDOWS\system32\drivers\ljizd.sys 13:32:40:046 1348 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\ljizd.sys. md5: b4fc6f7bc77a445ec6c44ce087105285 13:32:40:203 1348 Lvckap (bd0d8c9e3aef163dafa0a3c27106d049) C:\WINDOWS\system32\drivers\Lvckap.sys 13:32:40:406 1348 lvmvdrv (c2ad4603075b1c58d92b6bb00e08e958) C:\WINDOWS\system32\drivers\lvmvdrv.sys 13:32:40:578 1348 LVPrcMon (4fd5a6335fb4fc1f758088b2f90613fe) C:\WINDOWS\system32\drivers\LVPrcMon.sys 13:32:40:656 1348 LVUSBSta (c0883f7914afa7feaa41ada0d513ac16) C:\WINDOWS\system32\drivers\lvusbsta.sys 13:32:40:703 1348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:32:40:750 1348 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys 13:32:40:812 1348 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:32:40:875 1348 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:32:40:921 1348 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 13:32:41:015 1348 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:32:41:078 1348 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:32:41:140 1348 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 13:32:41:187 1348 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:32:41:250 1348 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:32:41:312 1348 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 13:32:41:390 1348 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:32:41:453 1348 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 13:32:41:500 1348 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 13:32:41:546 1348 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:32:41:593 1348 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 13:32:41:656 1348 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:32:41:734 1348 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:32:41:765 1348 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:32:41:796 1348 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:32:41:828 1348 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 13:32:41:859 1348 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:32:41:921 1348 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:32:41:953 1348 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 13:32:41:984 1348 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 13:32:42:046 1348 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 13:32:42:093 1348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:32:42:343 1348 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 13:32:42:640 1348 NVENETFD (ac050fdc2d24c678bc49b5d5671e13be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 13:32:42:750 1348 nvnetbus (81339157c429aada7a6aea97f3177da7) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 13:32:42:812 1348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:32:42:859 1348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:32:43:015 1348 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 13:32:43:062 1348 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys 13:32:43:109 1348 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 13:32:43:156 1348 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 13:32:43:203 1348 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys 13:32:43:296 1348 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 13:32:43:343 1348 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:32:43:515 1348 pepifilter (e111fab6c740a1a44e750c2061a23239) C:\WINDOWS\system32\DRIVERS\lv302af.sys 13:32:43:640 1348 PID_08A0 (36eddcefdd036fffa95aa84d1645dd67) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS 13:32:43:718 1348 PnkBstrK (5c20da8a3690bfeb76b5be805890069d) C:\WINDOWS\system32\drivers\PnkBstrK.sys 13:32:43:781 1348 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:32:43:812 1348 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys 13:32:43:859 1348 project (d2a3683f5eb91fb9c38ccc8a4c7bc273) C:\WINDOWS\system32\Drivers\register.sys 13:32:43:890 1348 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 13:32:43:937 1348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:32:44:015 1348 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:32:44:171 1348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:32:44:203 1348 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:32:44:234 1348 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:32:44:312 1348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:32:44:375 1348 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:32:44:406 1348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:32:44:453 1348 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:32:44:546 1348 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 13:32:44:656 1348 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:32:44:734 1348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:32:44:781 1348 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 13:32:44:828 1348 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys 13:32:44:906 1348 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys 13:32:44:953 1348 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys 13:32:44:968 1348 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 13:32:45:015 1348 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys 13:32:45:078 1348 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys 13:32:45:156 1348 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys 13:32:45:296 1348 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:32:45:437 1348 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 13:32:45:546 1348 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 13:32:45:546 1348 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 13:32:45:562 1348 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys 13:32:45:687 1348 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 13:32:45:765 1348 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:32:45:828 1348 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:32:45:890 1348 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 13:32:46:078 1348 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 13:32:46:156 1348 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:32:46:218 1348 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:32:46:312 1348 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 13:32:46:359 1348 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:32:46:437 1348 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 13:32:46:500 1348 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 13:32:46:578 1348 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 13:32:46:687 1348 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:32:46:796 1348 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:32:46:875 1348 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:32:46:921 1348 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 13:32:46:968 1348 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:32:47:046 1348 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:32:47:109 1348 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 13:32:47:203 1348 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys 13:32:47:265 1348 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:32:47:375 1348 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 13:32:47:546 1348 WINFLASH (01f2026f3c5b9c87cf77a9d233c2d39b) F:\Pilotes et Addons\Winflash\WinFlash.sys 13:32:47:609 1348 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 13:32:47:703 1348 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:32:47:781 1348 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:32:47:828 1348 Reboot required for cure complete.. 13:32:48:156 1348 Cure on reboot scheduled successfully 13:32:48:156 1348 13:32:48:156 1348 Completed 13:32:48:156 1348 13:32:48:156 1348 Results: 13:32:48:156 1348 Registry objects infected / cured / cured on reboot: 2 / 0 / 2 13:32:48:156 1348 File objects infected / cured / cured on reboot: 1 / 0 / 1 13:32:48:156 1348 13:32:48:171 1348 KLMD(ARK) unloaded successfully
  7. evans
    Voilà le résultat de l'analyse : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-12 22:15:55 Windows 5.1.2600 Service Pack 2 Running: x658v4gm.exe; Driver: C:\DOCUME~1\Louis\LOCALS~1\Temp\ugtdypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3F976B8] <-- ROOTKIT !!! SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3F97A52] <-- ROOTKIT !!! SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3F9714C] <-- ROOTKIT !!! SSDT spwg.sys ZwEnumerateKey [0xF737ACA2] <-- ROOTKIT !!! SSDT spwg.sys ZwEnumerateValueKey [0xF737B030] <-- ROOTKIT !!! SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3F9764E] <-- ROOTKIT !!! SSDT spwg.sys ZwQueryKey [0xF737B108] <-- ROOTKIT !!! SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3F9776E] <-- ROOTKIT !!! SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3F9772E] <-- ROOTKIT !!! INT 0x62 ? 871D6BF8 INT 0x63 ? 871D6BF8 INT 0x63 ? 871D6BF8 INT 0x63 ? 871D6BF8 INT 0x73 ? 871D6BF8 INT 0xA4 ? 86F41BF8 INT 0xB4 ? 86F41BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spwg.sys Le fichier spécifié est introuvable. ! ? C:\WINDOWS\system32\drivers\ljizd.sys Un périphérique attaché au système ne fonctionne pas correctement. .sfrelocÿÿÿÿsfsync04unknown last section [0xF71EA000, 0xBC6, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF71EA000, 0xBC6, 0x40000040] .text USBPORT.SYS!DllUnload F6DAE62C 5 Bytes JMP 86F411D8 .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6496360, 0x3D46A5, 0xE8000020] .reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xB7EC2300, 0x25D4C, 0xE0000060] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB7E63300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8600300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[476] ntdll.dll!NtQueryDirectoryFile + 6 7C91D774 4 Bytes [90, 61, 1E, 01] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F735D040] spwg.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F735D13C] spwg.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F735D0BE] spwg.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F735D7FC] spwg.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F735D6D2] spwg.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F736D048] spwg.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01412F60] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01412DB0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01412D70] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01412DC0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002 IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000 IAT C:\WINDOWS\system32\NOTEPAD.EXE[2168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F60] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\NOTEPAD.EXE[2168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2DB0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\NOTEPAD.EXE[2168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D70] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\NOTEPAD.EXE[2168] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2DC0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2F60] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2DB0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2D70] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\wscntfy.exe[2832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2DC0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Louis\Bureau\x658v4gm.exe[3480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Louis\Bureau\x658v4gm.exe[3480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Louis\Bureau\x658v4gm.exe[3480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Louis\Bureau\x658v4gm.exe[3480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 87066BD8 Device \FileSystem\Ntfs \Ntfs 871D51F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBPDO-0 86F401F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 871681F8 Device \Driver\dmio \Device\DmControl\DmConfig 871681F8 Device \Driver\dmio \Device\DmControl\DmPnP 871681F8 Device \Driver\dmio \Device\DmControl\DmInfo 871681F8 Device \Driver\usbehci \Device\USBPDO-1 86F451F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{046E51BB-C8B2-4629-8E9D-1BB6318E2BDD} 86DBE500 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 871D71F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 871D71F8 Device \Driver\Cdrom \Device\CdRom0 86F0C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 871D71F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 871D61F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\atapi \Device\Ide\IdePort0 871D61F8 Device \Driver\atapi \Device\Ide\IdePort0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\atapi \Device\Ide\IdePort1 871D61F8 Device \Driver\atapi \Device\Ide\IdePort1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\atapi \Device\Ide\IdePort2 871D61F8 Device \Driver\atapi \Device\Ide\IdePort2 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\atapi \Device\Ide\IdePort3 871D61F8 Device \Driver\atapi \Device\Ide\IdePort3 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\atapi \Device\Ide\IdePort4 871D61F8 Device \Driver\atapi \Device\Ide\IdePort4 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\atapi \Device\Ide\IdePort5 871D61F8 Device \Driver\atapi \Device\Ide\IdePort5 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 871D61F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\Ftdisk \Device\HarddiskVolume4 871D71F8 Device \Driver\usbstor \Device\00000080 86DEA500 Device \Driver\usbstor \Device\00000080 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\usbstor \Device\00000081 86DEA500 Device \Driver\usbstor \Device\00000081 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \Driver\NetBT \Device\NetBt_Wins_Export 86DBE500 Device \Driver\NetBT \Device\NetbiosSmb 86DBE500 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbohci \Device\USBFDO-0 86F401F8 Device \Driver\usbehci \Device\USBFDO-1 86F451F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86DE8500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86DE8500 Device \Driver\Ftdisk \Device\FtControl 871D71F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3A7B2F48-3860-4E50-9A09-91F8C517789F} 86DBE500 Device \Driver\usbstor \Device\0000007e 86DEA500 Device \Driver\usbstor \Device\0000007e sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce)) Device \FileSystem\Cdfs \Cdfs 86D9D500 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [bOOT] ljizd <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0x34 0x8B 0x24 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ljizd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ljizd@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ljizd@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ljizd@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0x34 0x8B 0x24 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0x34 0x8B 0x24 ... Reg HKLM\SYSTEM\ControlSet004\Services\ljizd@Type 1 Reg HKLM\SYSTEM\ControlSet004\Services\ljizd@Start 0 Reg HKLM\SYSTEM\ControlSet004\Services\ljizd@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\ljizd@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0x34 0x8B 0x24 ... ---- EOF - GMER 1.0.15 ---- J'ai l'impression que l'état de mon sytème empire car j'ai du faire un BootFix avec le cd de windows XP pour le démarrer ce matin!
  8. evans
    Je suis de retour chez moi jusqu'à demain,donc si quelqu'un passe par là Voilà le résultat de l'analyse : Fichier fdm.exe reçu le 2010.06.12 15:40:13 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 5.0.0.26 2010.06.12 - AhnLab-V3 2010.06.13.00 2010.06.12 - AntiVir 8.2.2.6 2010.06.11 - Antiy-AVL 2.0.3.7 2010.06.11 - Authentium 5.2.0.5 2010.06.12 - Avast 4.8.1351.0 2010.06.12 - Avast5 5.0.332.0 2010.06.12 - AVG 9.0.0.787 2010.06.11 - BitDefender 7.2 2010.06.12 - CAT-QuickHeal 10.00 2010.06.12 - ClamAV 0.96.0.3-git 2010.06.12 - Comodo 5074 2010.06.12 - DrWeb 5.0.2.03300 2010.06.12 - eSafe 7.0.17.0 2010.06.10 - eTrust-Vet 36.1.7629 2010.06.11 - F-Prot 4.6.0.103 2010.06.12 - F-Secure 9.0.15370.0 2010.06.12 - Fortinet 4.1.133.0 2010.06.12 - GData 21 2010.06.12 - Ikarus T3.1.1.84.0 2010.06.12 - Jiangmin 13.0.900 2010.06.12 - Kaspersky 7.0.0.125 2010.06.12 - McAfee 5.400.0.1158 2010.06.12 - McAfee-GW-Edition 2010.1 2010.06.11 - Microsoft 1.5802 2010.06.12 - NOD32 5192 2010.06.12 - Norman 6.04.12 2010.06.12 - nProtect 2010-06-12.01 2010.06.12 - Panda 10.0.2.7 2010.06.12 - PCTools 7.0.3.5 2010.06.12 - Rising 22.51.05.02 2010.06.12 - Sophos 4.54.0 2010.06.12 - Sunbelt 6440 2010.06.12 - Symantec 20101.1.0.89 2010.06.12 - TheHacker 6.5.2.0.298 2010.06.12 - TrendMicro 9.120.0.1004 2010.06.12 - TrendMicro-HouseCall 9.120.0.1004 2010.06.12 - VBA32 3.12.12.5 2010.06.11 - ViRobot 2010.6.12.3882 2010.06.12 - VirusBuster 5.0.27.0 2010.06.11 - Information additionnelle File size: 3399727 bytes MD5...: a30adae01bf287974ec1c5b55349eaec SHA1..: 0e8ac4b14f5b48a2eaeb130fd25d0c9c613ecf2c SHA256: 32193070540a23e1c79fb4d7a87475f2d1001470782d63d12eb6838f81933797 ssdeep: 98304:9QdBuenaCvs6a329wpVNBDZSa333333313333333q3333333K4:qdkebva<BR>G9wpVNLt333333313333333qf<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1c3862<BR>timedatestamp.....: 0x495e12d0 (Fri Jan 02 13:12:48 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1ec8aa 0x1ed000 6.52 e9cfb5b44370efc22b040e4647eae84c<BR>.rdata 0x1ee000 0x642a2 0x65000 5.05 cb414e2da1bfae3c511028db77e56ff9<BR>.data 0x253000 0x33f10 0x1d000 5.56 f73d936e71ae1edbd167a72e581dfb7a<BR>.rsrc 0x287000 0xcd660 0xce000 5.97 3ad9090e3835b61e9c1301ad8779ecfc<BR><BR>( 16 imports ) <BR>> WININET.dll: InternetFindNextFileA, InternetAutodial, FtpSetCurrentDirectoryA, InternetConnectA, FtpCommandA, FtpFindFirstFileA, InternetGetLastResponseInfoA, HttpEndRequestA, HttpSendRequestExA, InternetWriteFile, InternetQueryOptionA, InternetSetOptionA, InternetGetConnectedState, InternetCrackUrlA, InternetCanonicalizeUrlA, InternetCreateUrlA, InternetGetCookieA, InternetOpenA, InternetCloseHandle, InternetReadFile, HttpQueryInfoA, HttpSendRequestA, HttpOpenRequestA<BR>> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> WINMM.dll: PlaySoundA<BR>> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA<BR>> iphlpapi.dll: GetAdaptersInfo<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: time, _iob, fwrite, calloc, fopen, fread, fclose, mbtowc, strcmp, memcpy, strncat, strcat, strlen, strcpy, memset, _atoi64, strpbrk, atof, wcsncmp, isalpha, _itoa, memmove, _except_handler3, wcslen, wcschr, wcsncpy, wcscmp, isdigit, sscanf, _strnicmp, _CIpow, strtoul, realloc, strncmp, _i64toa, strncpy, sprintf, atoi, _memicmp, _mbsicoll, _purecall, _mbsicmp, strrchr, strcspn, strstr, malloc, free, _ftol, _mbscmp, _CxxThrowException, __0exception@@QAE@ABQBD@Z, __1exception@@UAE@XZ, __0exception@@QAE@ABV0@@Z, __CxxFrameHandler, _stat, _fileno, _read, _close, _open, _setmbcp, _getch, _strdup, _strlwr, _strcmpi, _stricmp, toupper, tolower, _pctype, __mb_cur_max, _isctype, fseek, memchr, fgets, fputs, fflush, strtol, fputc, _errno, _beginthreadex, _lseeki64, gmtime, _fstati64, getenv, strerror, _sys_nerr, _stati64, rand, srand, qsort, abort, wcsstr, _vsnprintf, vfprintf, _setmode, ftell, fprintf, signal, __dllonexit, _onexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, strchr, _controlfp<BR>> KERNEL32.dll: GetTempFileNameA, GetStartupInfoA, FlushConsoleInputBuffer, QueryPerformanceCounter, GlobalMemoryStatus, ExpandEnvironmentStringsA, GetFileType, CreateDirectoryA, CopyFileA, CreateFileA, WriteFile, MulDiv, lstrcmpA, lstrcmpiA, GetTempPathA, CreateThread, CloseHandle, Sleep, lstrlenA, lstrcpyA, lstrcatA, GetLocalTime, SystemTimeToFileTime, LoadLibraryA, GetProcAddress, FreeLibrary, GetFileAttributesA, DeleteFileA, InterlockedIncrement, InterlockedDecrement, GetFileTime, GetFileSize, FileTimeToSystemTime, MultiByteToWideChar, SetEndOfFile, ReadFile, SetFilePointer, GetLastError, GetVersion, SetLastError, WaitForSingleObject, SetFileAttributesA, WideCharToMultiByte, CompareFileTime, CreateEventA, SetEvent, ResetEvent, WaitForMultipleObjects, SetThreadPriority, GetCurrentThread, SetThreadExecutionState, LocalFree, FormatMessageA, CreateMutexA, GetVersionExA, MoveFileA, GetModuleFileNameA, SetCurrentDirectoryA, SetUnhandledExceptionFilter, HeapDestroy, DeleteCriticalSection, GetCurrentThreadId, InitializeCriticalSection, GetCommandLineA, GetCurrentProcess, GetCurrentProcessId, lstrlenW, GetShortPathNameA, GetModuleHandleA, TerminateProcess, OpenProcess, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, lstrcpynA, IsDBCSLeadByte, LeaveCriticalSection, EnterCriticalSection, GlobalFree, GlobalUnlock, GlobalLock, GetExitCodeThread, DuplicateHandle, GlobalAlloc, SetFileTime, FlushFileBuffers, CreateProcessA, TerminateThread, FindClose, FindNextFileA, FindFirstFileA, LockResource, ReleaseMutex, GetTickCount, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetExitCodeProcess, GetWindowsDirectoryA, GetDateFormatA, CreateDirectoryW, CompareStringA, ExitProcess, WritePrivateProfileSectionA, MoveFileExA, GetStdHandle, AreFileApisANSI, CreateFileW, RemoveDirectoryA, DosDateTimeToFileTime, GetTimeZoneInformation, MoveFileW, GetFileAttributesW, DeleteFileW, RemoveDirectoryW, FindNextFileW, FindFirstFileW, SetFileAttributesW, GetLogicalDrives, GetPrivateProfileIntA, GetPrivateProfileStringA, GetCurrentDirectoryA, CreateSemaphoreA, ReleaseSemaphore, GetSystemInfo, VirtualAlloc, VirtualFree, SleepEx, PeekNamedPipe, GetTimeFormatA<BR>> USER32.dll: CreatePopupMenu, DrawTextA, GetMenu, DefWindowProcA, DrawMenuBar, SetMenu, CharLowerA, MoveWindow, AttachThreadInput, GetWindowThreadProcessId, GetForegroundWindow, GetClassNameA, SetClassLongA, CreateWindowExA, RegisterClassA, EndPaint, BeginPaint, SetCapture, ReleaseCapture, DrawIconEx, SetWindowRgn, GetIconInfo, SetCursor, GetUserObjectInformationW, GetProcessWindowStation, GetMenuItemID, GetMenuStringA, GetMenuItemCount, GetMenuState, GetMenuDefaultItem, ExitWindowsEx, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, SetClipboardViewer, ChangeClipboardChain, GetWindowDC, DrawIcon, wsprintfA, FindWindowA, IsIconic, GetWindowPlacement, SetFocus, RegisterWindowMessageA, CharNextA, SetForegroundWindow, LoadImageA, PeekMessageA, DispatchMessageA, BringWindowToTop, UpdateWindow, TranslateAcceleratorA, SetMenuDefaultItem, ShowWindow, GetKeyState, EnableMenuItem, ModifyMenuA, LoadMenuA, GetSubMenu, GetCursorPos, SystemParametersInfoA, SetWindowLongA, SetWindowTextA, MessageBoxA, KillTimer, SetTimer, GetDesktopWindow, SetWindowPos, IsWindowVisible, ClientToScreen, ScreenToClient, GetWindowLongA, DestroyMenu, CreateMenu, AppendMenuA, RemoveMenu, InsertMenuA, DrawStateA, DestroyIcon, TranslateMessage, GetMenuItemInfoA, GetScrollPos, RedrawWindow, CopyRect, IsRectEmpty, DrawEdge, DrawFocusRect, InflateRect, GetSysColor, SetRect, FillRect, GetDC, ReleaseDC, IsWindow, GetParent, InvalidateRect, LoadCursorA, PostMessageA, GetClientRect, GetSystemMetrics, EnableWindow, GetWindowRect, PtInRect, LoadIconA, SendMessageA, CheckMenuItem<BR>> GDI32.dll: BitBlt, GetDeviceCaps, CreateRoundRectRgn, CreatePolygonRgn, CreateRectRgn, CombineRgn, FillRgn, FrameRgn, SetROP2, DeleteDC, CreateDCA, MoveToEx, LineTo, DeleteObject, GetBitmapBits, SetDIBits, CreatePen, SetPixel, Rectangle, CreateFontA, GetObjectA, CreateFontIndirectA, SelectObject, CreateSolidBrush, GetStockObject, GetTextExtentPoint32A, CreateCompatibleDC, CreateCompatibleBitmap<BR>> ADVAPI32.dll: LookupPrivilegeValueA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA, RegDeleteKeyA, RegEnumKeyExA, RegDeleteValueA, RegisterEventSourceA, ReportEventA, DeregisterEventSource, RegCreateKeyA, OpenProcessToken, RegCloseKey, AdjustTokenPrivileges, RegEnumKeyA, RegOpenKeyA, RegEnumValueA, RegQueryInfoKeyA<BR>> SHELL32.dll: SHBrowseForFolderA, Shell_NotifyIconA, DragQueryFileA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, ShellExecuteA, SHGetDesktopFolder<BR>> COMCTL32.dll: ImageList_GetIcon, ImageList_ReplaceIcon, ImageList_Draw, ImageList_GetImageInfo, ImageList_GetImageCount, ImageList_AddMasked<BR>> ole32.dll: OleRun, CoCreateInstance, CoRegisterClassObject, OleInitialize, CoInitialize, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, PropVariantClear, CoFreeUnusedLibraries, CoRevokeClassObject, CoUninitialize, CLSIDFromString<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCP60.dll: __C@_1___Nullstr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@CAPBGXZ@4GB, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IG@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@2IB, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, __Xran@std@@YAXXZ, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __Xlen@std@@YAXXZ, __Tidy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEX_N@Z, __Copy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __Freeze@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXXZ, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, ___7logic_error@std@@6B@, ___7out_of_range@std@@6B@, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __1logic_error@std@@UAE@XZ, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV01@@Z, __0logic_error@std@@QAE@ABV01@@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, __Eos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __Grow@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAE_NI_N@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _erase@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@II@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _max_size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: FreeDownloadManager.ORG<BR>copyright....: Copyright © 2003-2009<BR>product......: Free Download Manager<BR>description..: Free Download Manager<BR>original name: <BR>internal name: <BR>file version.: 3, 0, 844, 0<BR>comments.....: <BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> Antivirus Version Dernière mise à jour Résultat a-squared 5.0.0.26 2010.06.12 - AhnLab-V3 2010.06.13.00 2010.06.12 - AntiVir 8.2.2.6 2010.06.11 - Antiy-AVL 2.0.3.7 2010.06.11 - Authentium 5.2.0.5 2010.06.12 - Avast 4.8.1351.0 2010.06.12 - Avast5 5.0.332.0 2010.06.12 - AVG 9.0.0.787 2010.06.11 - BitDefender 7.2 2010.06.12 - CAT-QuickHeal 10.00 2010.06.12 - ClamAV 0.96.0.3-git 2010.06.12 - Comodo 5074 2010.06.12 - DrWeb 5.0.2.03300 2010.06.12 - eSafe 7.0.17.0 2010.06.10 - eTrust-Vet 36.1.7629 2010.06.11 - F-Prot 4.6.0.103 2010.06.12 - F-Secure 9.0.15370.0 2010.06.12 - Fortinet 4.1.133.0 2010.06.12 - GData 21 2010.06.12 - Ikarus T3.1.1.84.0 2010.06.12 - Jiangmin 13.0.900 2010.06.12 - Kaspersky 7.0.0.125 2010.06.12 - McAfee 5.400.0.1158 2010.06.12 - McAfee-GW-Edition 2010.1 2010.06.11 - Microsoft 1.5802 2010.06.12 - NOD32 5192 2010.06.12 - Norman 6.04.12 2010.06.12 - nProtect 2010-06-12.01 2010.06.12 - Panda 10.0.2.7 2010.06.12 - PCTools 7.0.3.5 2010.06.12 - Rising 22.51.05.02 2010.06.12 - Sophos 4.54.0 2010.06.12 - Sunbelt 6440 2010.06.12 - Symantec 20101.1.0.89 2010.06.12 - TheHacker 6.5.2.0.298 2010.06.12 - TrendMicro 9.120.0.1004 2010.06.12 - TrendMicro-HouseCall 9.120.0.1004 2010.06.12 - VBA32 3.12.12.5 2010.06.11 - ViRobot 2010.6.12.3882 2010.06.12 - VirusBuster 5.0.27.0 2010.06.11 - Information additionnelle File size: 3399727 bytes MD5...: a30adae01bf287974ec1c5b55349eaec SHA1..: 0e8ac4b14f5b48a2eaeb130fd25d0c9c613ecf2c SHA256: 32193070540a23e1c79fb4d7a87475f2d1001470782d63d12eb6838f81933797 ssdeep: 98304:9QdBuenaCvs6a329wpVNBDZSa333333313333333q3333333K4:qdkebva<BR>G9wpVNLt333333313333333qf<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1c3862<BR>timedatestamp.....: 0x495e12d0 (Fri Jan 02 13:12:48 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1ec8aa 0x1ed000 6.52 e9cfb5b44370efc22b040e4647eae84c<BR>.rdata 0x1ee000 0x642a2 0x65000 5.05 cb414e2da1bfae3c511028db77e56ff9<BR>.data 0x253000 0x33f10 0x1d000 5.56 f73d936e71ae1edbd167a72e581dfb7a<BR>.rsrc 0x287000 0xcd660 0xce000 5.97 3ad9090e3835b61e9c1301ad8779ecfc<BR><BR>( 16 imports ) <BR>> WININET.dll: InternetFindNextFileA, InternetAutodial, FtpSetCurrentDirectoryA, InternetConnectA, FtpCommandA, FtpFindFirstFileA, InternetGetLastResponseInfoA, HttpEndRequestA, HttpSendRequestExA, InternetWriteFile, InternetQueryOptionA, InternetSetOptionA, InternetGetConnectedState, InternetCrackUrlA, InternetCanonicalizeUrlA, InternetCreateUrlA, InternetGetCookieA, InternetOpenA, InternetCloseHandle, InternetReadFile, HttpQueryInfoA, HttpSendRequestA, HttpOpenRequestA<BR>> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> WINMM.dll: PlaySoundA<BR>> VERSION.dll: GetFileVersionInfoSizeA, VerQueryValueA, GetFileVersionInfoA<BR>> iphlpapi.dll: GetAdaptersInfo<BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: time, _iob, fwrite, calloc, fopen, fread, fclose, mbtowc, strcmp, memcpy, strncat, strcat, strlen, strcpy, memset, _atoi64, strpbrk, atof, wcsncmp, isalpha, _itoa, memmove, _except_handler3, wcslen, wcschr, wcsncpy, wcscmp, isdigit, sscanf, _strnicmp, _CIpow, strtoul, realloc, strncmp, _i64toa, strncpy, sprintf, atoi, _memicmp, _mbsicoll, _purecall, _mbsicmp, strrchr, strcspn, strstr, malloc, free, _ftol, _mbscmp, _CxxThrowException, __0exception@@QAE@ABQBD@Z, __1exception@@UAE@XZ, __0exception@@QAE@ABV0@@Z, __CxxFrameHandler, _stat, _fileno, _read, _close, _open, _setmbcp, _getch, _strdup, _strlwr, _strcmpi, _stricmp, toupper, tolower, _pctype, __mb_cur_max, _isctype, fseek, memchr, fgets, fputs, fflush, strtol, fputc, _errno, _beginthreadex, _lseeki64, gmtime, _fstati64, getenv, strerror, _sys_nerr, _stati64, rand, srand, qsort, abort, wcsstr, _vsnprintf, vfprintf, _setmode, ftell, fprintf, signal, __dllonexit, _onexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, strchr, _controlfp<BR>> KERNEL32.dll: GetTempFileNameA, GetStartupInfoA, FlushConsoleInputBuffer, QueryPerformanceCounter, GlobalMemoryStatus, ExpandEnvironmentStringsA, GetFileType, CreateDirectoryA, CopyFileA, CreateFileA, WriteFile, MulDiv, lstrcmpA, lstrcmpiA, GetTempPathA, CreateThread, CloseHandle, Sleep, lstrlenA, lstrcpyA, lstrcatA, GetLocalTime, SystemTimeToFileTime, LoadLibraryA, GetProcAddress, FreeLibrary, GetFileAttributesA, DeleteFileA, InterlockedIncrement, InterlockedDecrement, GetFileTime, GetFileSize, FileTimeToSystemTime, MultiByteToWideChar, SetEndOfFile, ReadFile, SetFilePointer, GetLastError, GetVersion, SetLastError, WaitForSingleObject, SetFileAttributesA, WideCharToMultiByte, CompareFileTime, CreateEventA, SetEvent, ResetEvent, WaitForMultipleObjects, SetThreadPriority, GetCurrentThread, SetThreadExecutionState, LocalFree, FormatMessageA, CreateMutexA, GetVersionExA, MoveFileA, GetModuleFileNameA, SetCurrentDirectoryA, SetUnhandledExceptionFilter, HeapDestroy, DeleteCriticalSection, GetCurrentThreadId, InitializeCriticalSection, GetCommandLineA, GetCurrentProcess, GetCurrentProcessId, lstrlenW, GetShortPathNameA, GetModuleHandleA, TerminateProcess, OpenProcess, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, lstrcpynA, IsDBCSLeadByte, LeaveCriticalSection, EnterCriticalSection, GlobalFree, GlobalUnlock, GlobalLock, GetExitCodeThread, DuplicateHandle, GlobalAlloc, SetFileTime, FlushFileBuffers, CreateProcessA, TerminateThread, FindClose, FindNextFileA, FindFirstFileA, LockResource, ReleaseMutex, GetTickCount, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetExitCodeProcess, GetWindowsDirectoryA, GetDateFormatA, CreateDirectoryW, CompareStringA, ExitProcess, WritePrivateProfileSectionA, MoveFileExA, GetStdHandle, AreFileApisANSI, CreateFileW, RemoveDirectoryA, DosDateTimeToFileTime, GetTimeZoneInformation, MoveFileW, GetFileAttributesW, DeleteFileW, RemoveDirectoryW, FindNextFileW, FindFirstFileW, SetFileAttributesW, GetLogicalDrives, GetPrivateProfileIntA, GetPrivateProfileStringA, GetCurrentDirectoryA, CreateSemaphoreA, ReleaseSemaphore, GetSystemInfo, VirtualAlloc, VirtualFree, SleepEx, PeekNamedPipe, GetTimeFormatA<BR>> USER32.dll: CreatePopupMenu, DrawTextA, GetMenu, DefWindowProcA, DrawMenuBar, SetMenu, CharLowerA, MoveWindow, AttachThreadInput, GetWindowThreadProcessId, GetForegroundWindow, GetClassNameA, SetClassLongA, CreateWindowExA, RegisterClassA, EndPaint, BeginPaint, SetCapture, ReleaseCapture, DrawIconEx, SetWindowRgn, GetIconInfo, SetCursor, GetUserObjectInformationW, GetProcessWindowStation, GetMenuItemID, GetMenuStringA, GetMenuItemCount, GetMenuState, GetMenuDefaultItem, ExitWindowsEx, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, SetClipboardViewer, ChangeClipboardChain, GetWindowDC, DrawIcon, wsprintfA, FindWindowA, IsIconic, GetWindowPlacement, SetFocus, RegisterWindowMessageA, CharNextA, SetForegroundWindow, LoadImageA, PeekMessageA, DispatchMessageA, BringWindowToTop, UpdateWindow, TranslateAcceleratorA, SetMenuDefaultItem, ShowWindow, GetKeyState, EnableMenuItem, ModifyMenuA, LoadMenuA, GetSubMenu, GetCursorPos, SystemParametersInfoA, SetWindowLongA, SetWindowTextA, MessageBoxA, KillTimer, SetTimer, GetDesktopWindow, SetWindowPos, IsWindowVisible, ClientToScreen, ScreenToClient, GetWindowLongA, DestroyMenu, CreateMenu, AppendMenuA, RemoveMenu, InsertMenuA, DrawStateA, DestroyIcon, TranslateMessage, GetMenuItemInfoA, GetScrollPos, RedrawWindow, CopyRect, IsRectEmpty, DrawEdge, DrawFocusRect, InflateRect, GetSysColor, SetRect, FillRect, GetDC, ReleaseDC, IsWindow, GetParent, InvalidateRect, LoadCursorA, PostMessageA, GetClientRect, GetSystemMetrics, EnableWindow, GetWindowRect, PtInRect, LoadIconA, SendMessageA, CheckMenuItem<BR>> GDI32.dll: BitBlt, GetDeviceCaps, CreateRoundRectRgn, CreatePolygonRgn, CreateRectRgn, CombineRgn, FillRgn, FrameRgn, SetROP2, DeleteDC, CreateDCA, MoveToEx, LineTo, DeleteObject, GetBitmapBits, SetDIBits, CreatePen, SetPixel, Rectangle, CreateFontA, GetObjectA, CreateFontIndirectA, SelectObject, CreateSolidBrush, GetStockObject, GetTextExtentPoint32A, CreateCompatibleDC, CreateCompatibleBitmap<BR>> ADVAPI32.dll: LookupPrivilegeValueA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA, RegDeleteKeyA, RegEnumKeyExA, RegDeleteValueA, RegisterEventSourceA, ReportEventA, DeregisterEventSource, RegCreateKeyA, OpenProcessToken, RegCloseKey, AdjustTokenPrivileges, RegEnumKeyA, RegOpenKeyA, RegEnumValueA, RegQueryInfoKeyA<BR>> SHELL32.dll: SHBrowseForFolderA, Shell_NotifyIconA, DragQueryFileA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, ShellExecuteA, SHGetDesktopFolder<BR>> COMCTL32.dll: ImageList_GetIcon, ImageList_ReplaceIcon, ImageList_Draw, ImageList_GetImageInfo, ImageList_GetImageCount, ImageList_AddMasked<BR>> ole32.dll: OleRun, CoCreateInstance, CoRegisterClassObject, OleInitialize, CoInitialize, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, PropVariantClear, CoFreeUnusedLibraries, CoRevokeClassObject, CoUninitialize, CLSIDFromString<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCP60.dll: __C@_1___Nullstr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@CAPBGXZ@4GB, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IG@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@2IB, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, __Xran@std@@YAXXZ, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __Xlen@std@@YAXXZ, __Tidy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEX_N@Z, __Copy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, __Freeze@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __Freeze@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXXZ, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, ___7logic_error@std@@6B@, ___7out_of_range@std@@6B@, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __1logic_error@std@@UAE@XZ, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV01@@Z, __0logic_error@std@@QAE@ABV01@@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, __Eos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __Grow@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAE_NI_N@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _erase@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@II@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _max_size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- pdfid.: - trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:<BR>publisher....: FreeDownloadManager.ORG<BR>copyright....: Copyright © 2003-2009<BR>product......: Free Download Manager<BR>description..: Free Download Manager<BR>original name: <BR>internal name: <BR>file version.: 3, 0, 844, 0<BR>comments.....: <BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
  9. evans
    Merci beaucoup pour ton aide. Malheuresement comme je l'ais dit il va falloir que j'attente de pouvoir rentrer chez moi car je suis en internat et je me connecte ici grâce à un poste de notre CDI (soit le week-end du 11 juin soit après le 26 juin). Je ferais ce que tu m'as dit dès que je rentre mais je ne pense pas que le fichier 'fdm.exe' soit un virus car il s'agit de free download manager que j'utilise depuis plus de 2ans et demi. Mais je ferais tout de même cette analyse. Sinon aurait tu une idée de quel virus précisément je suis victime? Encore merci pour ton aide et ta patience.
  10. evans
    Je vais devoir m'absenter jusqu'au moins au 11 Juin. Je n'aurais sans doute pas accès à mon ordinateur. Mais mettais quand même vos réponses pour que je puissent les appliquer dès que possible. Merci d'avance pour votre aide.
  11. evans
    S'il vous plaît quelqu'un? Edit : mon ordinateur mets de plus en plus de temps à démarrer et j'ai des problèmes avec internet explorer qui se déclarent depuis aujourd'hui. Que dois-je faire?
  12. evans
    Voilàa le rapport : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:17:26, on 15/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe E:\Ad-Aware\aawservice.exe E:\Avast\aswUpdSv.exe E:\Avast\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Audio Deck\EnMixCPL.exe E:\Avast\ashDisp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\Louis\Local Settings\Apps\F.lux\flux.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe E:\Hamachi\hamachi-2.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe E:\Avast\ashMaiSv.exe E:\Avast\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe E:\Steam\Steam.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe E:\FREEDO~1\fdm.exe C:\WINDOWS\system32\msiexec.exe F:\tools\antivir\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 190.210.56.155 tailworlds.com O1 - Hosts: 190.210.56.155 http://www.tailworlds.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\acrobat reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 O4 - HKLM\..\Run: [QuickTime Task] "E:\Quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "E:\Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Louis\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: wwwzuc32.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\acrobat reader\Reader\reader_sl.exe O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Louis\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - http://fifa-online.easports.com/fo3-theme/...3AXLauncher.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_1_0.cab O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/w.../p3dactivex.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3A7B2F48-3860-4E50-9A09-91F8C517789F}: NameServer = 212.27.54.252,212.27.53.252 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11043 bytes
  13. evans
    Bonjour à tous, Apparament ma machine a été infecté par un rootkit. J'ai une petite icône qui représente un gyrophare et des lettres dans ma barres d'outils. Avast a détecté plusieurs root-kit. J'ai donc utilisé Spybot, Ad-aware et AVG anti-rootkit mais sans succès. Autre symptômes: - démarrage de windows très lents (de 2 à 3 mins) - e-mails envoyés vers des adresses inconnus Etant débutant en informatique, j'ai vraiment besoin de votre aide. Merci d'avance.
×
×
  • Créer...