Trojan. Inject. IA sur Svchost

[Danyspeed]

Y a quelques noms que je ne retrouve pas dans la liste sur speedweb:

6to4

WudfSvc

hpqcxs08,

hpqddsvc

Net Driver HPZ12

Pml Driver HPZ12

Stisvc

scan

[Falkra]

Tu mets problème résolu, bitdefender ne voit plus de menace ?

[Danyspeed]

Ta question répond donc à ma question. Je mets Bitdef en scan.

Autre question comment on change le titre d'un fil (pour que je puisse mettre [RESOLU]?

Modifié le 24 septembre 2009 par Danyspeed

[Falkra]

Ok, je demande confirmation, car l'ancien fichier est sain, et si il était détecté, je vais l'envoyer à bitdefender pour qu'il soit analysé comme faux positif, ou du moins examiné.

Avec le sp3 tu as un autre fichier, donc ça doit aller.

 

Pour terminer, poste un dernier rapport HijackThis, et je te prépare les conseils de sécurisation (le SP3 en a fait partie, il y a d'autres choses).

[Danyspeed]

Je vais voir pour faire un rapport hijack dans la journée.

Hier soir j'ai fait un scan partiel avec Bitdef: est ressortir 2 m....s habituels: 1 rootkit et 1 backdoor.

 

Sur le forum "prévention", je demandais s'il existait un moyen de connaître l'origine d'un virus, sans forcement savoir de quelle serveur ou autre il sort, juste savoir de lequel de mes "us et coûtumes" il sort? Mis à part de dire de ne pas faire du p2p, aller sur FB ou du 18+, et j'en passe...

 

Merci

[Falkra]

Probablement du fichier patché, mais pas svchost.

 

Teste ce fichier sur virustotal stp, et poste le rapport :

C:\WINDOWS\system32\drivers\ndis.sys

[Danyspeed]

Pour virustotal je verrais ce soir.

 

Voici le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:20:44, on 25/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\USB Storage RW\shwicon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\RaUI.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - .DEFAULT User Startup: Registration-Studio 8 LE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe (User 'Default user')

O4 - .DEFAULT User Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe (User 'Default user')

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0\aoltray.exe

O4 - Global Startup: SMCWPCI-GM MIMO Wireless Utility.lnk = C:\WINDOWS\RaUI.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ba10c2d7da5845e1bcf037b54a64dc50

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ba10c2d7da5845e1bcf037b54a64dc50

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Update Service (gupdate1c98c83df21c40a) (gupdate1c98c83df21c40a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8738 bytes

[Danyspeed]

Bonsoir,

Voici le rapport concernant ndis.sys:

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.09.25 -

AhnLab-V3 5.0.0.2 2009.09.25 -

AntiVir 7.9.1.25 2009.09.25 -

Antiy-AVL 2.0.3.7 2009.09.25 -

Authentium 5.1.2.4 2009.09.25 -

Avast 4.8.1351.0 2009.09.24 -

AVG 8.5.0.412 2009.09.25 -

BitDefender 7.2 2009.09.25 -

CAT-QuickHeal 10.00 2009.09.25 -

ClamAV 0.94.1 2009.09.25 -

Comodo 2434 2009.09.25 -

DrWeb 5.0.0.12182 2009.09.25 -

eSafe 7.0.17.0 2009.09.24 -

eTrust-Vet 31.6.6760 2009.09.25 -

F-Prot 4.5.1.85 2009.09.25 -

F-Secure 8.0.14470.0 2009.09.25 -

Fortinet 3.120.0.0 2009.09.25 -

GData 19 2009.09.25 -

Ikarus T3.1.1.72.0 2009.09.25 -

Jiangmin 11.0.800 2009.09.25 -

K7AntiVirus 7.10.853 2009.09.24 -

Kaspersky 7.0.0.125 2009.09.25 -

McAfee 5752 2009.09.25 -

McAfee+Artemis 5752 2009.09.25 -

McAfee-GW-Edition 6.8.5 2009.09.25 -

Microsoft 1.5005 2009.09.23 -

NOD32 4458 2009.09.25 -

Norman 6.01.09 2009.09.25 -

nProtect 2009.1.8.0 2009.09.25 -

Panda 10.0.2.2 2009.09.24 -

PCTools 4.4.2.0 2009.09.25 -

Prevx 3.0 2009.09.25 -

Rising 21.48.44.00 2009.09.25 -

Sophos 4.45.0 2009.09.25 -

Sunbelt 3.2.1858.2 2009.09.24 -

Symantec 1.4.4.12 2009.09.25 -

TheHacker 6.5.0.2.017 2009.09.24 -

TrendMicro 8.950.0.1094 2009.09.25 -

VBA32 3.12.10.11 2009.09.25 -

ViRobot 2009.9.25.1956 2009.09.25 -

VirusBuster 4.6.5.0 2009.09.25 -

 

Information additionnelle

File size: 182912 bytes

MD5...: 558635d3af1c7546d26067d5d9b6959e

SHA1..: de08d6d587fe19ce3c61a1cf3773158df212dbe8

SHA256: 8c1802908df35e442575969d29f4b22019a2b3e4c309b8e193f98f75ae81f013

ssdeep: 3072:dUPRp0JvUcoAwGydDXFgKHHJldqFV3zljJ1HF7WevjPlzx7Mtk70I9:hyDD<br>X1Hpl4vnZd7YW<br>

PEiD..: -

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x29205<br>timedatestamp.....: 0x41107ec3 (Wed Aug 04 06:14:27 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 16 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x480 0x56f5 0x5700 6.39 b6004a8c408b0b21e9a1c536cb85d2fb<br>.rdata 0x5b80 0x504 0x580 5.22 efaf608cc1de7c48ceeb626a5ec8b2ca<br>.data 0x6100 0xa78 0xa80 0.86 ea828843870721d869d5e7c2d84b0657<br>PAGENPNP 0x6b80 0xebea 0xec00 6.45 a8f9836f5ef6c554ffe1fb8e25897b66<br>PAGENDSP 0x15780 0x362d 0x3680 6.34 75a532ac9d1ba34f90b6974b6c1f8097<br>PAGENDSM 0x18e00 0x5d38 0x5d80 6.45 f3f298c4e666be42c6a370b6b48aed7c<br>PAGENDCO 0x1eb80 0x2676 0x2680 6.34 a260fd98d0d457154a8dab4d5b2af428<br>PAGENDSF 0x21200 0x18dc 0x1900 6.34 5180eb7c032c602620c53f183c3e3278<br>PAGENDSE 0x22b00 0x12a4 0x1300 6.27 a3aeaa5c6c6eb6d0b08c83df610bcfad<br>PAGENDST 0x23e00 0xd7d 0xd80 6.49 630fe1c563b0501350a171c74ba16328<br>PAGENDSA 0x24b80 0x10c6 0x1100 6.35 3b356da77767b8b8c67a65fe1672dd16<br>.edata 0x25c80 0x2559 0x2580 5.53 7356411e31a166b5148cd2afd5c24cdf<br>PAGE 0x28200 0xf98 0x1000 5.35 56b98d3d77aa6b57e54eec9dd2bfe9f5<br>INIT 0x29200 0x1d14 0x1d80 6.02 8e6257471af10b6bbaad7ef277953a56<br>.rsrc 0x2af80 0x3f0 0x400 3.41 d57196926d32725f42e80548c8dca4b1<br>.reloc 0x2b380 0x16e8 0x1700 6.77 04e5ecb8b0ac760285385494f627f9da<br><br>( 2 imports ) <br>> ntoskrnl.exe: IoWMIWriteEvent, ExNotifyCallback, RtlImageDirectoryEntryToData, KeReleaseMutex, KeInitializeEvent, KeWaitForSingleObject, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, IofCompleteRequest, KeInitializeMutex, ZwPowerInformation, ExRegisterCallback, DbgPrint, ExCreateCallback, KeQuerySystemTime, KeInitializeQueue, ExInitializeResourceLite, KeQueryTimeIncrement, KeInitializeSpinLock, IoCreateSymbolicLink, IoCreateDevice, KeNumberProcessors, RtlWriteRegistryValue, ZwClose, ZwOpenKey, IoOpenDeviceRegistryKey, RtlCharToInteger, ZwEnumerateKey, RtlUnicodeStringToInteger, RtlEqualUnicodeString, RtlAppendUnicodeToString, IoGetDeviceProperty, IoSetDeviceInterfaceState, _alldiv, IoInvalidateDeviceState, MmUnlockPagableImageSection, MmLockPagableDataSection, MmLockPagableSectionByHandle, MmAllocateContiguousMemory, MmAllocateNonCachedMemory, MmFreeContiguousMemory, MmFreeNonCachedMemory, KeTickCount, InterlockedPushEntrySList, MmBuildMdlForNonPagedPool, IoAllocateMdl, IoBuildPartialMdl, MmMapLockedPages, MmMapIoSpace, MmUnmapIoSpace, ZwReadFile, ZwQueryInformationFile, ZwCreateFile, RtlExtendedIntegerMultiply, ExGetCurrentProcessorCpuUsage, ExGetCurrentProcessorCounts, KeResetEvent, _allmul, MmMapLockedPagesSpecifyCache, InterlockedPopEntrySList, RtlGetCallersAddress, ObfDereferenceObject, RtlFreeUnicodeString, IoUnregisterShutdownNotification, IoGetDriverObjectExtension, KeSetTimerEx, KeSetTimer, KeInitializeTimerEx, KeBugCheckEx, IoWMIRegistrationControl, KeInsertQueue, ExInterlockedAddLargeInteger, ExfInterlockedInsertHeadList, _except_handler3, memmove, KeSetEvent, RtlAnsiStringToUnicodeString, ExfInterlockedAddUlong, ExfInterlockedInsertTailList, ExfInterlockedRemoveHeadList, ExfInterlockedPushEntryList, ExfInterlockedPopEntryList, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeInsertQueueDpc, IoDeleteSymbolicLink, IoRegisterDeviceInterface, KeInitializeDpc, KeSetImportanceDpc, KeInitializeTimer, KeCancelTimer, IoDeleteDevice, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, IoGetDmaAdapter, KeRegisterBugCheckCallback, KeDeregisterBugCheckCallback, IofCallDriver, IoBuildSynchronousFsdRequest, IoCancelIrp, KeGetRecommendedSharedDataAlignment, ExDeleteNPagedLookasideList, IoDetachDevice, IoAttachDeviceToDeviceStack, MmIsDriverVerifying, IoAllocateDriverObjectExtension, IoFreeIrp, IoAllocateIrp, KeSynchronizeExecution, IoConnectInterrupt, KeSetTargetProcessorDpc, IoDisconnectInterrupt, ZwLoadDriver, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, PoSetPowerState, SeSinglePrivilegeCheck, RtlInitAnsiString, MmAddVerifierThunks, MmIsVerifierEnabled, ExAllocatePoolWithTagPriority, ExInitializeNPagedLookasideList, RtlGetAce, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, RtlInitializeSid, RtlLengthRequiredSid, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, ObSetSecurityObjectByPointer, RtlSetDaclSecurityDescriptor, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, ObGetObjectSecurity, SeExports, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlCreateSecurityDescriptor, SeUnlockSubjectContext, SeFreePrivileges, SeAppendPrivileges, SeAccessCheck, SeLockSubjectContext, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlQueryRegistryValues, RtlInitUnicodeString, RtlUpcaseUnicodeString, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, PsGetCurrentThread, ObfReferenceObject, KeRemoveQueue, PsCreateSystemThread, NtClose, ExQueueWorkItem, ExAllocatePoolWithTag, IoFreeMdl, ExFreePoolWithTag<br>> HAL.dll: KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, READ_PORT_ULONG, READ_PORT_USHORT, READ_PORT_UCHAR, WRITE_PORT_ULONG, WRITE_PORT_USHORT, WRITE_PORT_UCHAR, HalTranslateBusAddress, KfAcquireSpinLock, KfReleaseSpinLock, KeRaiseIrqlToDpcLevel<br><br>( 276 exports ) <br>ArcFilterDprIndicateReceive, ArcFilterDprIndicateReceiveComplete, EthFilterDprIndicateReceive, EthFilterDprIndicateReceiveComplete, FddiFilterDprIndicateReceive, FddiFilterDprIndicateReceiveComplete, NDIS_BUFFER_TO_SPAN_PAGES, NdisAcquireReadWriteLock, NdisAcquireSpinLock, NdisAdjustBufferLength, NdisAllocateBuffer, NdisAllocateBufferPool, NdisAllocateFromBlockPool, NdisAllocateMemory, NdisAllocateMemoryWithTag, NdisAllocatePacket, NdisAllocatePacketPool, NdisAllocatePacketPoolEx, NdisAllocateSpinLock, NdisAnsiStringToUnicodeString, NdisBufferLength, NdisBufferVirtualAddress, NdisCancelSendPackets, NdisCancelTimer, NdisClAddParty, NdisClCloseAddressFamily, NdisClCloseCall, NdisClDeregisterSap, NdisClDropParty, NdisClGetProtocolVcContextFromTapiCallId, NdisClIncomingCallComplete, NdisClMakeCall, NdisClModifyCallQoS, NdisClOpenAddressFamily, NdisClRegisterSap, NdisCloseAdapter, NdisCloseConfiguration, NdisCloseFile, NdisCmActivateVc, NdisCmAddPartyComplete, NdisCmCloseAddressFamilyComplete, NdisCmCloseCallComplete, NdisCmDeactivateVc, NdisCmDeregisterSapComplete, NdisCmDispatchCallConnected, NdisCmDispatchIncomingCall, NdisCmDispatchIncomingCallQoSChange, NdisCmDispatchIncomingCloseCall, NdisCmDispatchIncomingDropParty, NdisCmDropPartyComplete, NdisCmMakeCallComplete, NdisCmModifyCallQoSComplete, NdisCmOpenAddressFamilyComplete, NdisCmRegisterAddressFamily, NdisCmRegisterSapComplete, NdisCoAssignInstanceName, NdisCoCreateVc, NdisCoDeleteVc, NdisCoGetTapiCallId, NdisCoRequest, NdisCoRequestComplete, NdisCoSendPackets, NdisCompareAnsiString, NdisCompareUnicodeString, NdisCompleteBindAdapter, NdisCompleteDmaTransfer, NdisCompletePnPEvent, NdisCompleteUnbindAdapter, NdisConvertStringToAtmAddress, NdisCopyBuffer, NdisCopyFromPacketToPacket, NdisCopyFromPacketToPacketSafe, NdisCreateBlockPool, NdisDeregisterProtocol, NdisDeregisterTdiCallBack, NdisDestroyBlockPool, NdisDprAcquireSpinLock, NdisDprAllocatePacket, NdisDprAllocatePacketNonInterlocked, NdisDprFreePacket, NdisDprFreePacketNonInterlocked, NdisDprReleaseSpinLock, NdisEqualString, NdisFreeBuffer, NdisFreeBufferPool, NdisFreeMemory, NdisFreePacket, NdisFreePacketPool, NdisFreeSpinLock, NdisFreeToBlockPool, NdisGeneratePartialCancelId, NdisGetBufferPhysicalArraySize, NdisGetCurrentProcessorCounts, NdisGetCurrentProcessorCpuUsage, NdisGetCurrentSystemTime, NdisGetDriverHandle, NdisGetFirstBufferFromPacket, NdisGetFirstBufferFromPacketSafe, NdisGetPacketCancelId, NdisGetPoolFromPacket, NdisGetReceivedPacket, NdisGetRoutineAddress, NdisGetSharedDataAlignment, NdisGetSystemUpTime, NdisGetVersion, NdisIMAssociateMiniport, NdisIMCancelInitializeDeviceInstance, NdisIMCopySendCompletePerPacketInfo, NdisIMCopySendPerPacketInfo, NdisIMDeInitializeDeviceInstance, NdisIMDeregisterLayeredMiniport, NdisIMGetBindingContext, NdisIMGetCurrentPacketStack, NdisIMGetDeviceContext, NdisIMInitializeDeviceInstance, NdisIMInitializeDeviceInstanceEx, NdisIMNotifyPnPEvent, NdisIMQueueMiniportCallback, NdisIMRegisterLayeredMiniport, NdisIMRevertBack, NdisIMSwitchToMiniport, NdisImmediateReadPciSlotInformation, NdisImmediateReadPortUchar, NdisImmediateReadPortUlong, NdisImmediateReadPortUshort, NdisImmediateReadSharedMemory, NdisImmediateWritePciSlotInformation, NdisImmediateWritePortUchar, NdisImmediateWritePortUlong, NdisImmediateWritePortUshort, NdisImmediateWriteSharedMemory, NdisInitAnsiString, NdisInitUnicodeString, NdisInitializeEvent, NdisInitializeReadWriteLock, NdisInitializeString, NdisInitializeTimer, NdisInitializeWrapper, NdisInterlockedAddLargeInterger, NdisInterlockedAddUlong, NdisInterlockedDecrement, NdisInterlockedIncrement, NdisInterlockedInsertHeadList, NdisInterlockedInsertTailList, NdisInterlockedPopEntryList, NdisInterlockedPushEntryList, NdisInterlockedRemoveHeadList, NdisMAllocateMapRegisters, NdisMAllocateSharedMemory, NdisMAllocateSharedMemoryAsync, NdisMCancelTimer, NdisMCloseLog, NdisMCmActivateVc, NdisMCmCreateVc, NdisMCmDeactivateVc, NdisMCmDeleteVc, NdisMCmRegisterAddressFamily, NdisMCmRequest, NdisMCoActivateVcComplete, NdisMCoDeactivateVcComplete, NdisMCoIndicateReceivePacket, NdisMCoIndicateStatus, NdisMCoReceiveComplete, NdisMCoRequestComplete, NdisMCoSendComplete, NdisMCompleteBufferPhysicalMapping, NdisMCreateLog, NdisMDeregisterAdapterShutdownHandler, NdisMDeregisterDevice, NdisMDeregisterDmaChannel, NdisMDeregisterInterrupt, NdisMDeregisterIoPortRange, NdisMFlushLog, NdisMFreeMapRegisters, NdisMFreeSharedMemory, NdisMGetDeviceProperty, NdisMGetDmaAlignment, NdisMIndicateStatus, NdisMIndicateStatusComplete, NdisMInitializeScatterGatherDma, NdisMInitializeTimer, NdisMMapIoSpace, NdisMPciAssignResources, NdisMPromoteMiniport, NdisMQueryAdapterInstanceName, NdisMQueryAdapterResources, NdisMQueryInformationComplete, NdisMReadDmaCounter, NdisMRegisterAdapterShutdownHandler, NdisMRegisterDevice, NdisMRegisterDmaChannel, NdisMRegisterInterrupt, NdisMRegisterIoPortRange, NdisMRegisterMiniport, NdisMRegisterUnloadHandler, NdisMRemoveMiniport, NdisMResetComplete, NdisMSendComplete, NdisMSendResourcesAvailable, NdisMSetAttributes, NdisMSetAttributesEx, NdisMSetInformationComplete, NdisMSetMiniportSecondary, NdisMSetPeriodicTimer, NdisMSetTimer, NdisMSleep, NdisMStartBufferPhysicalMapping, NdisMSynchronizeWithInterrupt, NdisMTransferDataComplete, NdisMUnmapIoSpace, NdisMWanIndicateReceive, NdisMWanIndicateReceiveComplete, NdisMWanSendComplete, NdisMWriteLogData, NdisMapFile, NdisMatchPdoWithPacket, NdisOpenAdapter, NdisOpenConfiguration, NdisOpenConfigurationKeyByIndex, NdisOpenConfigurationKeyByName, NdisOpenFile, NdisOpenProtocolConfiguration, NdisOverrideBusNumber, NdisPacketPoolUsage, NdisPacketSize, NdisQueryAdapterInstanceName, NdisQueryBindInstanceName, NdisQueryBuffer, NdisQueryBufferOffset, NdisQueryBufferSafe, NdisQueryMapRegisterCount, NdisQueryPendingIOCount, NdisReEnumerateProtocolBindings, NdisReadConfiguration, NdisReadEisaSlotInformation, NdisReadEisaSlotInformationEx, NdisReadMcaPosInformation, NdisReadNetworkAddress, NdisReadPciSlotInformation, NdisReadPcmciaAttributeMemory, NdisRegisterProtocol, NdisRegisterTdiCallBack, NdisReleaseReadWriteLock, NdisReleaseSpinLock, NdisRequest, NdisReset, NdisResetEvent, NdisReturnPackets, NdisScheduleWorkItem, NdisSend, NdisSendPackets, NdisSetEvent, NdisSetPacketCancelId, NdisSetPacketPoolProtocolId, NdisSetPacketStatus, NdisSetProtocolFilter, NdisSetTimer, NdisSetTimerEx, NdisSetupDmaTransfer, NdisSystemProcessorCount, NdisTerminateWrapper, NdisTransferData, NdisUnchainBufferAtBack, NdisUnchainBufferAtFront, NdisUnicodeStringToAnsiString, NdisUnmapFile, NdisUpcaseUnicodeString, NdisUpdateSharedMemory, NdisWaitEvent, NdisWriteConfiguration, NdisWriteErrorLogEntry, NdisWriteEventLogEntry, NdisWritePciSlotInformation, NdisWritePcmciaAttributeMemory, TrFilterDprIndicateReceive, TrFilterDprIndicateReceiveComplete<br>

RDS...: NSRL Reference Data Set<br>-

pdfid.: -

trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: © Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: NDIS 5.1 wrapper driver<br>original name: NDIS.SYS<br>internal name: NDIS.SYS<br>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=558635d3af1c7546d26067d5d9b6959e' target='_blank'>http://www.threatexpert.com/report.aspx?md5=558635d3af1c7546d26067d5d9b6959e</a>

 

 

Je mets MBAM et Bit def en scan.

[Falkra]

Ok, mais pas besoin de scan mbam hein.

 

Je préfererais un nouveau rapport Gmer stp.

[Danyspeed]

Voici le rapport Gmer:

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit scan 2009-09-26 15:25:53

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\pgtdypog.sys

 

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???f?n??LegacyDriver?????????????i???????&?`?f?e?f?h?f???????????&???&???u?u?u??? ???????f???????????_?n????????N???????12??{8ECC055D-047F-11D1-A537-0000F8753ED1}?v05??? ?????????????f?????f?n?????????????????????1??? ???????f???????????b?n????????N????????!???????????!?????s?"?????????#???(?d?d???????????%???)?e?f????LocalSystem??????????????2???????k???f???*?`?l?`?l?l?e???????????5??????????? ??????????????p?????N??h??????????\???e488bc64?"???????????5???????i??? l??h???%?????:?????a?c?g?c?g?g?w??{8ECC055D-047F-11D1-A537-0000F8753ED1}????????4??i???????????i???????F????????????????2??h????????h??????????????h???h???????????9???????f???f???????????????????????f???????????5????????????????????????????????????????N??h???a????D)????? ???h???%??????s???LegacyDriver??????N??g??? ????Dsat??? ???f???t????????????N??f???N????DTEM??{8ECC055D-047F-11D1-A537-0000F8753ED1}?WIN??? ???f???t?????y_s??? ???????d?????$?????g?n??"???&??????????????o??? B??f???B?????543???????????0?????ssM?????f#?????.??f???5?????????n43??Nok

 

---- Files - GMER 1.0.15 ----

 

File C:\Documents and Settings\All Users\Documents\(Aurélie 090909)\Mariage\Cheval\Résultats de la recherche d’image Google à partir de http--www_bellapix_com-user-global-ACCOUNTS-USER41347eeea6502-images-4293648f5e0f2_jpg_fichiers\index_fichiers\hautd2_fichiers\show_ads.js 15783 bytes

 

---- EOF - GMER 1.0.15 ----

 

 

ça veut dire quoi tout ça?