Aller au contenu

tia55

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    13

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par tia55

  1. tia55
    Bon, c'était la première fois que j'ai demande de l'aide sur un forum et je ne savais pas que je ne pouvais pas demander sur plusieurs forums en même temps. Je te signale que j'ai prévenu kmisol des que le problème était regle et t'inquiètes, je sais m'excuser moi-même quand j'ai fait une gaffe ... En aucun cas c'était par manque de respect ... Alors reste zen, okay?
  2. tia55
    YES !!! Ca a marché ! Gmer ne trouve plus rien. Tu es un vrai boss, merci beaucoup, tu m'as sortie d'une belle galère ! Merci encore et bonne continuation ! Ciao !
  3. tia55
    Dois-je changer dans user select action de skip en delete ?
  4. tia55
    Salut, j'ai lancé le premier, il n'a rien trouvé. J'ai ensuite lancé le deuxième, ci-après le rapport. 2010/09/26 16:39:04.0877 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/26 16:39:04.0877 ================================================================================ 2010/09/26 16:39:04.0877 SystemInfo: 2010/09/26 16:39:04.0877 2010/09/26 16:39:04.0877 OS Version: 6.0.6002 ServicePack: 2.0 2010/09/26 16:39:04.0877 Product type: Workstation 2010/09/26 16:39:04.0877 ComputerName: PC-UTILISATEUR 2010/09/26 16:39:04.0877 UserName: Kurgan 2010/09/26 16:39:04.0877 Windows directory: C:\Windows 2010/09/26 16:39:04.0877 System windows directory: C:\Windows 2010/09/26 16:39:04.0877 Processor architecture: Intel x86 2010/09/26 16:39:04.0877 Number of processors: 2 2010/09/26 16:39:04.0877 Page size: 0x1000 2010/09/26 16:39:04.0877 Boot type: Normal boot 2010/09/26 16:39:04.0877 ================================================================================ 2010/09/26 16:39:05.0236 Initialize success 2010/09/26 16:39:08.0699 ================================================================================ 2010/09/26 16:39:08.0699 Scan started 2010/09/26 16:39:08.0699 Mode: Manual; 2010/09/26 16:39:08.0699 ================================================================================ 2010/09/26 16:39:10.0166 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2010/09/26 16:39:10.0244 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2010/09/26 16:39:10.0306 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2010/09/26 16:39:10.0384 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2010/09/26 16:39:10.0431 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2010/09/26 16:39:10.0556 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2010/09/26 16:39:10.0634 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2010/09/26 16:39:10.0743 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/09/26 16:39:10.0805 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2010/09/26 16:39:10.0868 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2010/09/26 16:39:10.0899 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2010/09/26 16:39:10.0961 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2010/09/26 16:39:11.0039 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2010/09/26 16:39:11.0164 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys 2010/09/26 16:39:11.0289 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2010/09/26 16:39:11.0336 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2010/09/26 16:39:11.0445 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys 2010/09/26 16:39:11.0523 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys 2010/09/26 16:39:11.0585 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys 2010/09/26 16:39:11.0663 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys 2010/09/26 16:39:11.0757 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/09/26 16:39:11.0819 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2010/09/26 16:39:11.0929 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/09/26 16:39:12.0022 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/09/26 16:39:12.0069 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys 2010/09/26 16:39:12.0256 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys 2010/09/26 16:39:12.0350 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2010/09/26 16:39:12.0475 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2010/09/26 16:39:12.0506 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2010/09/26 16:39:12.0568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/09/26 16:39:12.0599 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/09/26 16:39:12.0911 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/09/26 16:39:12.0974 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/09/26 16:39:13.0021 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/09/26 16:39:13.0052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/09/26 16:39:13.0114 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/09/26 16:39:13.0161 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2010/09/26 16:39:13.0223 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2010/09/26 16:39:13.0286 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2010/09/26 16:39:13.0348 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2010/09/26 16:39:13.0613 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/09/26 16:39:13.0723 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2010/09/26 16:39:13.0801 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2010/09/26 16:39:13.0910 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2010/09/26 16:39:14.0035 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/09/26 16:39:14.0081 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2010/09/26 16:39:14.0113 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2010/09/26 16:39:14.0144 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2010/09/26 16:39:14.0206 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2010/09/26 16:39:14.0331 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2010/09/26 16:39:14.0471 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2010/09/26 16:39:14.0549 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2010/09/26 16:39:14.0659 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2010/09/26 16:39:14.0752 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/09/26 16:39:14.0877 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2010/09/26 16:39:14.0939 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2010/09/26 16:39:15.0017 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2010/09/26 16:39:15.0127 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2010/09/26 16:39:15.0173 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2010/09/26 16:39:15.0236 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2010/09/26 16:39:15.0423 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2010/09/26 16:39:15.0532 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2010/09/26 16:39:15.0829 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/09/26 16:39:15.0922 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2010/09/26 16:39:15.0985 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2010/09/26 16:39:16.0047 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2010/09/26 16:39:16.0250 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2010/09/26 16:39:16.0484 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/09/26 16:39:16.0531 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2010/09/26 16:39:16.0609 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/09/26 16:39:16.0702 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2010/09/26 16:39:16.0765 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2010/09/26 16:39:16.0843 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2010/09/26 16:39:16.0889 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2010/09/26 16:39:17.0061 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2010/09/26 16:39:17.0108 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2010/09/26 16:39:17.0155 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/09/26 16:39:17.0233 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2010/09/26 16:39:17.0404 igfx (f7ecd4b9e7fad4a01a0ed889d40e2494) C:\Windows\system32\DRIVERS\igdkmd32.sys 2010/09/26 16:39:17.0482 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/09/26 16:39:17.0576 IntcHdmiAddService (cace3be2499cf00827a641869297cea6) C:\Windows\system32\drivers\IntcHdmi.sys 2010/09/26 16:39:17.0607 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2010/09/26 16:39:17.0685 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2010/09/26 16:39:17.0747 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/09/26 16:39:17.0825 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2010/09/26 16:39:17.0888 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2010/09/26 16:39:17.0981 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2010/09/26 16:39:18.0122 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2010/09/26 16:39:18.0231 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/09/26 16:39:18.0278 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/09/26 16:39:18.0340 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/09/26 16:39:18.0418 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/09/26 16:39:18.0512 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/09/26 16:39:18.0621 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2010/09/26 16:39:18.0683 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/09/26 16:39:18.0793 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2010/09/26 16:39:18.0855 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2010/09/26 16:39:18.0917 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2010/09/26 16:39:18.0964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2010/09/26 16:39:19.0120 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2010/09/26 16:39:19.0167 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2010/09/26 16:39:19.0229 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2010/09/26 16:39:19.0370 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2010/09/26 16:39:19.0432 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2010/09/26 16:39:19.0463 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2010/09/26 16:39:19.0510 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2010/09/26 16:39:19.0541 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2010/09/26 16:39:19.0619 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2010/09/26 16:39:19.0666 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2010/09/26 16:39:19.0713 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/09/26 16:39:19.0791 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2010/09/26 16:39:19.0900 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/09/26 16:39:19.0963 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/09/26 16:39:19.0994 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/09/26 16:39:20.0041 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2010/09/26 16:39:20.0072 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2010/09/26 16:39:20.0150 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2010/09/26 16:39:20.0181 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2010/09/26 16:39:20.0259 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2010/09/26 16:39:20.0306 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/09/26 16:39:20.0368 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2010/09/26 16:39:20.0477 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2010/09/26 16:39:20.0524 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/09/26 16:39:20.0555 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2010/09/26 16:39:20.0602 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2010/09/26 16:39:20.0711 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2010/09/26 16:39:20.0852 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2010/09/26 16:39:20.0899 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/09/26 16:39:20.0961 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/09/26 16:39:21.0039 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/09/26 16:39:21.0117 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2010/09/26 16:39:21.0179 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2010/09/26 16:39:21.0289 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2010/09/26 16:39:21.0351 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/09/26 16:39:21.0429 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2010/09/26 16:39:21.0507 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2010/09/26 16:39:21.0616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2010/09/26 16:39:21.0679 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/09/26 16:39:21.0928 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2010/09/26 16:39:21.0959 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2010/09/26 16:39:22.0006 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2010/09/26 16:39:22.0053 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2010/09/26 16:39:22.0225 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2010/09/26 16:39:22.0271 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2010/09/26 16:39:22.0365 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/09/26 16:39:22.0443 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2010/09/26 16:39:22.0505 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2010/09/26 16:39:22.0568 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2010/09/26 16:39:22.0661 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2010/09/26 16:39:22.0708 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2010/09/26 16:39:22.0771 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/09/26 16:39:22.0833 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/09/26 16:39:22.0989 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\Windows\system32\DRIVERS\LV561AV.SYS 2010/09/26 16:39:23.0098 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2010/09/26 16:39:23.0348 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2010/09/26 16:39:23.0473 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2010/09/26 16:39:23.0551 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2010/09/26 16:39:23.0629 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/09/26 16:39:23.0691 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2010/09/26 16:39:23.0738 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2010/09/26 16:39:23.0785 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/09/26 16:39:23.0878 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/09/26 16:39:23.0987 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2010/09/26 16:39:24.0065 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2010/09/26 16:39:24.0112 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/09/26 16:39:24.0159 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2010/09/26 16:39:24.0206 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2010/09/26 16:39:24.0299 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2010/09/26 16:39:24.0424 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/09/26 16:39:24.0471 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2010/09/26 16:39:24.0518 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2010/09/26 16:39:24.0565 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/09/26 16:39:24.0643 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2010/09/26 16:39:24.0721 SAVRKBootTasks (68de5b1e82d3dd10f5f6169522c7c88a) C:\Windows\system32\SAVRKBootTasks.sys 2010/09/26 16:39:24.0783 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/09/26 16:39:24.0908 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2010/09/26 16:39:24.0955 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/09/26 16:39:25.0017 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2010/09/26 16:39:25.0064 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2010/09/26 16:39:25.0111 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2010/09/26 16:39:25.0173 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/09/26 16:39:25.0220 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2010/09/26 16:39:25.0329 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/09/26 16:39:25.0391 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2010/09/26 16:39:25.0485 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2010/09/26 16:39:25.0563 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2010/09/26 16:39:25.0641 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2010/09/26 16:39:25.0735 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2010/09/26 16:39:25.0813 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2010/09/26 16:39:25.0922 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys 2010/09/26 16:39:26.0000 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys 2010/09/26 16:39:26.0078 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys 2010/09/26 16:39:26.0140 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/09/26 16:39:26.0234 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2010/09/26 16:39:26.0296 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/09/26 16:39:26.0343 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/09/26 16:39:26.0405 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/09/26 16:39:26.0546 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2010/09/26 16:39:26.0624 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2010/09/26 16:39:26.0717 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2010/09/26 16:39:26.0780 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2010/09/26 16:39:26.0827 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2010/09/26 16:39:26.0920 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2010/09/26 16:39:26.0998 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2010/09/26 16:39:27.0107 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/09/26 16:39:27.0154 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2010/09/26 16:39:27.0232 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2010/09/26 16:39:27.0310 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2010/09/26 16:39:27.0435 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2010/09/26 16:39:27.0513 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2010/09/26 16:39:27.0575 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2010/09/26 16:39:27.0638 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/09/26 16:39:27.0685 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/09/26 16:39:27.0747 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2010/09/26 16:39:27.0809 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/09/26 16:39:27.0872 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/09/26 16:39:28.0012 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2010/09/26 16:39:28.0137 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2010/09/26 16:39:28.0199 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/09/26 16:39:28.0262 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 2010/09/26 16:39:28.0355 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/09/26 16:39:28.0387 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/09/26 16:39:28.0574 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2010/09/26 16:39:28.0683 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/09/26 16:39:28.0730 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2010/09/26 16:39:28.0792 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2010/09/26 16:39:28.0839 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2010/09/26 16:39:28.0901 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2010/09/26 16:39:28.0948 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2010/09/26 16:39:29.0026 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2010/09/26 16:39:29.0089 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2010/09/26 16:39:29.0167 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2010/09/26 16:39:29.0245 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/09/26 16:39:29.0307 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/09/26 16:39:29.0323 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2010/09/26 16:39:29.0385 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2010/09/26 16:39:29.0463 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2010/09/26 16:39:29.0588 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2010/09/26 16:39:29.0697 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/09/26 16:39:29.0791 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/09/26 16:39:29.0853 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/09/26 16:39:29.0931 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/09/26 16:39:29.0947 Suspicious service (NoAccess): xrstksy 2010/09/26 16:39:30.0040 xrstksy (164612b4c5f05cecc983b5e48b20d269) C:\Windows\system32\drivers\xrstksy.sys 2010/09/26 16:39:30.0040 Suspicious file (NoAccess): C:\Windows\system32\drivers\xrstksy.sys. md5: 164612b4c5f05cecc983b5e48b20d269 2010/09/26 16:39:30.0040 xrstksy - detected Locked service (1) 2010/09/26 16:39:30.0118 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys 2010/09/26 16:39:30.0165 ================================================================================ 2010/09/26 16:39:30.0165 Scan finished 2010/09/26 16:39:30.0165 ================================================================================ 2010/09/26 16:39:30.0181 Detected object count: 1 2010/09/26 16:39:41.0241 Locked service(xrstksy) - User select action: Skip
  5. tia55
    J'ai relancé GMER et il trouve toujours le rootkit : GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit quick scan 2010-09-26 14:55:01 Windows 6.0.6002 Service Pack 2 Running: m4pgi6vn.exe; Driver: C:\Users\Kurgan\AppData\Local\Temp\fwliakog.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 866C81D0 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [bOOT] xrstksy <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- Je ne peux toujours pas le supprimer en cliquant droit. Je fais quoi maintentant ?
  6. tia55
    Bonjour, j'ai suivi tes instructions, voici le rapport de combofix : ComboFix 10-09-25.02 - Kurgan 25/09/2010 22:24:40.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3061.1715 [GMT 2:00] Lancé depuis: c:\users\Kurgan\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Kurgan\Desktop\CFScript.txt SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé FILE :: "c:\users\Kurgan\AppData\Local\Temp\Cab1AE0.tmp" "c:\users\Kurgan\AppData\Local\Temp\Tar1AE1.tmp" "c:\windows\TEMP\TMP0000003D4C51EAD1D64C49A" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XRSTKSY -------\Service_xrstksy ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-25 au 2010-09-25 )))))))))))))))))))))))))))))))))))) . 2010-09-25 20:29 . 2010-09-25 20:35 -------- d-----w- c:\users\Kurgan\AppData\Local\temp 2010-09-25 20:29 . 2010-09-25 20:29 -------- d-----w- c:\users\Utilisateur\AppData\Local\temp 2010-09-25 20:29 . 2010-09-25 20:29 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-25 11:25 . 2010-09-25 11:26 -------- d-----w- C:\rsit 2010-09-25 11:25 . 2010-09-25 11:25 -------- d-----w- c:\program files\trend micro 2010-09-25 02:28 . 2010-09-25 02:28 -------- d-----w- c:\program files\Windows Portable Devices 2010-09-25 01:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-09-25 01:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-09-25 01:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-09-25 01:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-09-25 01:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-09-25 01:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-09-24 16:52 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2010-09-24 16:16 . 2010-09-24 16:16 -------- d-----w- c:\users\Kurgan\AppData\Roaming\OpenOffice.org 2010-09-24 15:40 . 2010-09-24 15:40 -------- d-----w- c:\program files\Sophos 2010-09-24 15:28 . 2010-09-24 15:28 -------- d-----w- c:\users\Kurgan\AppData\Roaming\Malwarebytes 2010-09-24 15:21 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-24 15:21 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-24 15:21 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-24 15:21 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-24 15:21 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-24 15:21 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-09-24 15:21 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-24 15:21 . 2010-09-24 15:21 -------- d-----w- c:\programdata\Alwil Software 2010-09-24 15:21 . 2010-09-24 15:21 -------- d-----w- c:\program files\Alwil Software 2010-09-24 12:53 . 2010-09-24 12:53 -------- d-----w- c:\windows\system32\ca-ES 2010-09-24 12:53 . 2010-09-24 12:53 -------- d-----w- c:\windows\system32\eu-ES 2010-09-24 12:53 . 2010-09-24 12:53 -------- d-----w- c:\windows\system32\vi-VN 2010-09-24 12:30 . 2010-09-24 12:30 -------- d-----w- c:\windows\system32\EventProviders 2010-09-24 05:30 . 2010-09-24 05:30 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-09-23 17:13 . 2010-09-23 17:13 -------- d-----w- c:\program files\CCleaner 2010-09-23 15:34 . 2010-09-23 15:34 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\Malwarebytes 2010-09-23 15:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-23 15:34 . 2010-09-23 15:34 -------- d-----w- c:\programdata\Malwarebytes 2010-09-23 15:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-23 15:34 . 2010-09-23 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-22 16:38 . 2010-09-22 19:23 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\B2805F367F4843B300F417152390293A 2010-09-15 05:14 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-15 05:14 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-15 05:14 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-09-15 05:14 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2010-08-27 10:48 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-27 10:48 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-25 20:30 . 2009-05-27 08:46 12 ----a-w- c:\windows\bthservsdp.dat 2010-09-25 20:22 . 2009-05-27 18:39 679042 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-25 20:22 . 2009-05-27 18:39 126626 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-25 16:26 . 2009-10-21 15:56 -------- d-----w- c:\programdata\Google Updater 2010-09-25 02:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-09-25 02:28 . 2010-09-25 02:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-09-25 02:27 . 2010-09-25 02:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-09-24 19:12 . 2009-08-24 16:55 4318 ----a-w- c:\users\Utilisateur\AppData\Roaming\wklnhst.dat 2010-09-24 17:40 . 2010-09-24 16:16 1 ----a-w- c:\users\Kurgan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-24 15:13 . 2010-04-11 07:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-09-24 12:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-09-24 12:29 . 2009-06-27 14:42 72784 ----a-w- c:\users\Kurgan\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-24 05:13 . 2009-05-27 08:50 680 ----a-w- c:\users\Utilisateur\AppData\Local\d3d9caps.dat 2010-09-23 18:13 . 2009-06-07 12:15 1 ----a-w- c:\users\Utilisateur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-23 17:32 . 2010-04-11 07:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-09-23 07:00 . 2009-06-16 22:02 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\dvdcss 2010-09-16 06:13 . 2009-12-12 14:52 -------- d-----w- c:\programdata\Microsoft Help 2010-09-10 05:05 . 2009-11-20 22:49 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-04 15:11 . 2009-06-08 16:21 -------- d-----w- c:\programdata\Dell 2010-08-28 06:37 . 2009-06-08 16:29 -------- d-----w- c:\program files\Microsoft Works 2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\programdata\Dell\DSL\DSLCheck.exe 2009-06-12 09:50 . 2009-06-12 09:50 74 --sh--r- c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\users\Kurgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 133104] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6096.tmp [x] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSP;aswSP; [x] S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-29 108289] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - XRSTKSY *Deregistered* - xrstksy [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-09-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-28 15:56] 2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 15:56] 2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 15:56] 2010-09-25 c:\windows\Tasks\User_Feed_Synchronization-{B21C6BAA-1577-4BDF-8A25-DCCA89B8B771}.job - c:\windows\system32\msfeedssync.exe [2010-08-27 04:24] . . ------- Examen supplémentaire ------- . IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-25 22:32 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\6096.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xrstksy] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\WLANExt.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe . ************************************************************************** . Heure de fin: 2010-09-25 22:41:26 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-25 20:41 ComboFix2.txt 2010-09-25 18:44 Avant-CF: 161 321 963 520 octets libres Après-CF: 161 074 176 000 octets libres Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 7BA9703197CFDBAD7406E0D16E2EA10A T'en penses quoi ? Merci par avance et à + !
  7. tia55
    Voilà le rapport de Combofix : Tu peux avancer avec ça ? ComboFix 10-09-25.01 - Kurgan 25/09/2010 19:56:52.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3061.1566 [GMT 2:00] Lancé depuis: c:\users\Kurgan\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-25 au 2010-09-25 )))))))))))))))))))))))))))))))))))) . 2010-09-25 18:03 . 2010-09-25 18:41 -------- d-----w- c:\users\Kurgan\AppData\Local\temp 2010-09-25 11:25 . 2010-09-25 11:26 -------- d-----w- C:\rsit 2010-09-25 11:25 . 2010-09-25 11:25 -------- d-----w- c:\program files\trend micro 2010-09-25 02:28 . 2010-09-25 02:28 -------- d-----w- c:\program files\Windows Portable Devices 2010-09-25 01:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-09-25 01:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-09-25 01:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-09-25 01:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-09-25 01:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-09-25 01:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-09-24 16:52 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2010-09-24 16:16 . 2010-09-24 17:40 1 ----a-w- c:\users\Kurgan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-24 16:16 . 2010-09-24 16:16 -------- d-----w- c:\users\Kurgan\AppData\Roaming\OpenOffice.org 2010-09-24 15:40 . 2010-09-24 15:40 -------- d-----w- c:\program files\Sophos 2010-09-24 15:28 . 2010-09-24 15:28 -------- d-----w- c:\users\Kurgan\AppData\Roaming\Malwarebytes 2010-09-24 15:21 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-24 15:21 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-24 15:21 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-24 15:21 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-24 15:21 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-09-24 15:21 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-09-24 15:21 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-24 15:21 . 2010-09-24 15:21 -------- d-----w- c:\programdata\Alwil Software 2010-09-24 15:21 . 2010-09-24 15:21 -------- d-----w- c:\program files\Alwil Software 2010-09-24 12:53 . 2010-09-24 12:53 -------- d-----w- c:\windows\system32\ca-ES 2010-09-24 12:53 . 2010-09-24 12:53 -------- d-----w- c:\windows\system32\eu-ES 2010-09-24 12:53 . 2010-09-24 12:53 -------- d-----w- c:\windows\system32\vi-VN 2010-09-24 12:30 . 2010-09-24 12:30 -------- d-----w- c:\windows\system32\EventProviders 2010-09-24 05:30 . 2010-09-24 05:30 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-09-23 17:13 . 2010-09-23 17:13 -------- d-----w- c:\program files\CCleaner 2010-09-23 15:34 . 2010-09-23 15:34 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\Malwarebytes 2010-09-23 15:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-23 15:34 . 2010-09-23 15:34 -------- d-----w- c:\programdata\Malwarebytes 2010-09-23 15:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-23 15:34 . 2010-09-23 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-22 16:38 . 2010-09-22 19:23 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\B2805F367F4843B300F417152390293A 2010-09-15 05:14 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-15 05:14 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-15 05:14 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-09-15 05:14 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\programdata\Dell\DSL\DSLCheck.exe 2010-08-27 10:48 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-27 10:48 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-25 18:14 . 2009-05-27 18:39 679042 ----a-w- c:\windows\system32\perfh00C.dat 2010-09-25 18:14 . 2009-05-27 18:39 126626 ----a-w- c:\windows\system32\perfc00C.dat 2010-09-25 18:03 . 2009-05-27 08:46 12 ----a-w- c:\windows\bthservsdp.dat 2010-09-25 16:26 . 2009-10-21 15:56 -------- d-----w- c:\programdata\Google Updater 2010-09-25 02:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-09-25 02:28 . 2010-09-25 02:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-09-25 02:27 . 2010-09-25 02:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-09-24 19:12 . 2009-08-24 16:55 4318 ----a-w- c:\users\Utilisateur\AppData\Roaming\wklnhst.dat 2010-09-24 15:13 . 2010-04-11 07:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-09-24 12:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-09-24 12:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-09-24 12:29 . 2009-06-27 14:42 72784 ----a-w- c:\users\Kurgan\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-24 05:13 . 2009-05-27 08:50 680 ----a-w- c:\users\Utilisateur\AppData\Local\d3d9caps.dat 2010-09-23 18:13 . 2009-06-07 12:15 1 ----a-w- c:\users\Utilisateur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-23 17:32 . 2010-04-11 07:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-09-23 07:00 . 2009-06-16 22:02 -------- d-----w- c:\users\Utilisateur\AppData\Roaming\dvdcss 2010-09-16 06:13 . 2009-12-12 14:52 -------- d-----w- c:\programdata\Microsoft Help 2010-09-10 05:05 . 2009-11-20 22:49 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-04 15:11 . 2009-06-08 16:21 -------- d-----w- c:\programdata\Dell 2010-08-28 06:37 . 2009-06-08 16:29 -------- d-----w- c:\program files\Microsoft Works 2009-06-12 09:50 . 2009-06-12 09:50 74 --sh--r- c:\windows\CT4CET.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-28 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-31 148888] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\users\Kurgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 133104] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6096.tmp [x] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSP;aswSP; [x] S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-29 108289] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104] --- Autres Services/Pilotes en mémoire --- *Deregistered* - xrstksy [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' 2010-09-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-28 15:56] 2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 15:56] 2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-21 15:56] 2010-09-25 c:\windows\Tasks\User_Feed_Synchronization-{B21C6BAA-1577-4BDF-8A25-DCCA89B8B771}.job - c:\windows\system32\msfeedssync.exe [2010-08-27 04:24] . . ------- Examen supplémentaire ------- . IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-soft2PC - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-25 20:39 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\users\Kurgan\AppData\Local\Temp\Cab1AE0.tmp 32042 bytes c:\users\Kurgan\AppData\Local\Temp\Tar1AE1.tmp 83498 bytes c:\windows\TEMP\TMP0000003D4C51EAD1D64C49A5 524288 bytes Scan terminé avec succès Fichiers cachés: 3 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\6096.tmp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xrstksy] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\system32\WLANExt.exe c:\windows\System32\bcmwltry.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\conime.exe c:\windows\system32\igfxsrvc.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2010-09-25 20:44:27 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-25 18:44 Avant-CF: 161 271 844 864 octets libres Après-CF: 161 262 403 584 octets libres Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 4ECC4A1D659F9D1FBC53030094458935
  8. tia55
    Salut, on fait la paix, okay ? Oui, je t'ai fait confiance et j'ai essayé "delete service", mais j'ai un message d'erreur : file"" couldn't be deleted, error 0x00000007B !: syntaxe du nom de fichier, de répertoire ou du volume incorrecte. Je fais quoi maintenant ? Si tu as encore une idée, je suis preneur. Merci par avance !
  9. tia55
    Dis-donc, t'as l'air un peu susceptible ... Désolée de t'avoir offensé, mais je ne connais pas grande chose et je voulais juste être sûre ... J'apprécie ton aide,mais reste zen, okay ?
  10. tia55
    Tu es sur que je peux supprimer la ligne rouge dans Gmer ? Ca ne plantera pas mon système ?
  11. tia55
    Et ici le rapport Malware : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4684 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 25/09/2010 13:21:00 mbam-log-2010-09-25 (13-21-00).txt Type d'examen: Examen rapide Elément(s) analysé(s): 146117 Temps écoulé: 5 minute(s), 36 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\system32\Drivers\xrstksy.sys (Rootkit.Agent) -> No action taken.
  12. tia55
    Bonjour, voici le report de GMER, je vais aussi refaire un avec malware. GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-09-24 19:29:03 Windows 6.0.6002 Service Pack 2 Running: m4pgi6vn.exe; Driver: C:\Users\Kurgan\AppData\Local\Temp\fwliakog.sys ---- System - GMER 1.0.15 ---- SSDT 8CBDDD64 ZwCreateThread SSDT 8CBDDD50 ZwOpenProcess SSDT 8CBDDD55 ZwOpenThread SSDT 8CBDDD5F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 824E0984 4 Bytes [64, DD, BD, 8C] .text ntkrnlpa.exe!KeSetEvent + 3F1 824E0B54 4 Bytes [50, DD, BD, 8C] .text ntkrnlpa.exe!KeSetEvent + 40D 824E0B70 4 Bytes [55, DD, BD, 8C] .text ntkrnlpa.exe!KeSetEvent + 621 824E0D84 4 Bytes [5F, DD, BD, 8C] ? System32\Drivers\xrstksy.sys Un périphérique attaché au système ne fonctionne pas correctement. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!FindResourceExA 775B2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!FindResourceA 775B2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!CreateEventA 775D44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!LockResource 775D68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!FindResourceExW 775D69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!LoadResource 775D6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!FindResourceW 775D7FA1 5 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] kernel32.dll!SizeofResource 775D7FBF 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] ADVAPI32.dll!CryptDeriveKey 7696FCAE 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] ADVAPI32.dll!CryptDecrypt 7696FE91 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!CreateDialogParamW 77B572A2 5 Bytes JMP 28006000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!SetWindowPlacement 77B57963 5 Bytes JMP 28005D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!SetWindowRgn 77B5A221 7 Bytes JMP 28005EC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!LoadImageW 77B5C9E5 5 Bytes JMP 28006650 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!LoadIconW 77B5DA9F 5 Bytes JMP 28006840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!CreateWindowExW 77B61305 5 Bytes JMP 28003C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!GetWindowLongW 77B6F8BF 7 Bytes JMP 280069E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!PeekMessageW 77B7045A 5 Bytes JMP 280045B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!TrackPopupMenuEx 77B80CE7 5 Bytes JMP 28004E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] USER32.dll!MessageBoxIndirectW 77BAD5D3 5 Bytes JMP 280061F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WS2_32.dll!closesocket 7666330C 5 Bytes JMP 2800B5E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WS2_32.dll!recv 7666343A 5 Bytes JMP 2800AE00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WS2_32.dll!WSASend 76664496 5 Bytes JMP 2800B3A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WS2_32.dll!send 7666659B 5 Bytes JMP 2800B1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WS2_32.dll!WSARecv 76668400 5 Bytes JMP 2800AFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] SHELL32.dll!Shell_NotifyIconW 76A88642 5 Bytes JMP 280033D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] ole32.dll!CoRegisterClassObject 766A7DB6 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] ole32.dll!CoCreateInstance 766E9EA6 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] ole32.dll!CoInitializeEx 766EAD63 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WININET.dll!InternetReadFile 7772654B 5 Bytes JMP 28009E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WININET.dll!InternetCloseHandle 77729088 5 Bytes JMP 2800A000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WININET.dll!HttpOpenRequestA 7772D508 5 Bytes JMP 28009CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] WININET.dll!HttpSendRequestA 7773EE89 5 Bytes JMP 28009F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) ? C:\Windows\System32\svchost.exe[4476] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001F2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001F2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001F2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001F2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C02F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01C02CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C02C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[548] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C02CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\system32\services.exe[576] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00060002 IAT C:\Windows\system32\services.exe[576] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00060000 IAT C:\Program Files\Windows Sidebar\sidebar.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000C2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Sidebar\sidebar.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000C2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Sidebar\sidebar.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000C2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Program Files\Windows Sidebar\sidebar.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000C2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.) IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 01A6B6E9 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 5409E800 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] 68500000 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] 0F6DEAD8 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 00113EE8 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] F8BD8D00 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] E81394A3 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] 00000C58 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 59756668 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 04C76661 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 838FFE24 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 66F9FFC6 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] 0CE1BA0F IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 85C330F5 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 12CEE9FE IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 60F90000 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] F902ED83 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 000634E9 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 24648D00 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8F8E0F28 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 9C00005E IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 2474FF60 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 042444C6 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 8D9C9C92 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 000053DA IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 005BE7E9 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 514EE900 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] 35E90000 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9C0001AD IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 892434FF IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6604247C IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0C89CF0F IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] A0B98D24 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] F7B8C753 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24BC8DD7 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] BA86FAAB IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] BA0F669C IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 879C0AFF IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0F66F8B6 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 01F7BA0F IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 5F73E52C IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] CFD3E1F2 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] FF896652 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 35FF6056 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] [004011C5] C:\Windows\System32\svchost.exe (Processus hôte pour les services Windows/Microsoft Corporation) IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] 1C24448F IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] 005638E9 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] F6F5F800 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] C4F766D2 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] ED831B48 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] FCEC8302 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 54A0800F IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] D0200000 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] 04C69C60 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] 81E85024 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 9C00000D IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 2824448F IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00458F2C IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 2489669C IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 648D5124 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 37E93824 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] E8000053 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0000510A IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] C450E9D5 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 74FF0001 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 5318E934 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B660000 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 56B1E900 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 7E270000 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] C421E9B1 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3300001 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 16F4E900 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 33E90000 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 9C000056 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E9986054 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000FD4 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 24048954 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 24648D60 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 578F0F20 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 60000010 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 1C247C89 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 59E96056 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 000002A7 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 66CE0F9C IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 66CCA30F IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] D6F7C5D3 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00090AE8 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 242C8700 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EAB60F66 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4AE8F960 IAT C:\Windows\System32\svchost.exe[4476] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] D0000014 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86AEDB08 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\BTHUSB \Device\00000071 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000071 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000073 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000073 bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation) ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [bOOT] xrstksy <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2da5cdb Reg HKLM\SYSTEM\CurrentControlSet\Services\xrstksy@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\xrstksy@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\xrstksy@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\xrstksy@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet002\Services\xrstksy@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\xrstksy@Start 0 Reg HKLM\SYSTEM\ControlSet002\Services\xrstksy@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\xrstksy@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\xrstksy@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\xrstksy@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\xrstksy@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\xrstksy@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe2da5cdb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\xrstksy@Type 1 Reg HKLM\SYSTEM\ControlSet004\Services\xrstksy@Start 0 Reg HKLM\SYSTEM\ControlSet004\Services\xrstksy@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\Services\xrstksy@Group Boot Bus Extender ---- EOF - GMER 1.0.15 ----
  13. tia55
    Bonjour, j'ai le virus cité ci-dessus sur mon ordi et je n'arrive pas à m'en débarasser. malware l'efface, mais il se charge à chaque démarrage du pc j'ai désactivé la restauration du système j'ai lancé anti vir, avast, spybot, cleaner etc... rien à faire, le virus revient à chaque fois je voudrais essayer combofix, mais je ne sais pas comment est-ce que quelqu'un pourrait m'aider svp ? merci vista service pack 32
×
×
  • Créer...