Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

help ! VIRUS DESACTIVE PARFEU

MCFIVE

Par MCFIVE
dans Analyses et éradication malwares

 Partager

Messages recommandés

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ca va aller mieux, on continue.

Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau.

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes.

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

  • Sections
  • **Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

MCFIVE Mega Power Member

MCFIVE

Posté(e)
  • Auteur
Posté(e)
Ca va aller mieux, on continue.

Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau.

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes.

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

  • Sections
  • **Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

 

bonjour,

 

es espérant que j'ai pas zapper quelque chose ;

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-02-16 18:10:09

Windows 5.1.2600 Service Pack 3

Running: ub2le2qy.exe; Driver: C:\DOCUME~1\Michel\LOCALS~1\Temp\fwncrpod.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT 865548A0 ZwAssignProcessToJobObject

SSDT spfy.sys ZwCreateKey [0xF73900E0]

SSDT spfy.sys ZwEnumerateKey [0xF73AECA2]

SSDT spfy.sys ZwEnumerateValueKey [0xF73AF030]

SSDT spfy.sys ZwOpenKey [0xF73900C0]

SSDT 86553CB0 ZwOpenProcess

SSDT 865540D0 ZwOpenThread

SSDT spfy.sys ZwQueryKey [0xF73AF108]

SSDT spfy.sys ZwQueryValueKey [0xF73AEF88]

SSDT spfy.sys ZwSetValueKey [0xF73AF19A]

SSDT 865546D0 ZwSuspendProcess

SSDT 865544F0 ZwSuspendThread

SSDT 86553EE0 ZwTerminateProcess

SSDT 86554310 ZwTerminateThread

 

INT 0x62 ? 86F67BF8

INT 0x63 ? 86F67BF8

INT 0x63 ? 86F67BF8

INT 0x63 ? 86B41F00

INT 0x74 ? 86B41F00

INT 0x82 ? 86F67BF8

INT 0x84 ? 86B41F00

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7391040] spfy.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739113C] spfy.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73910BE] spfy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73917FC] spfy.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73916D2] spfy.sys

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KeGetCurrentIrql] CB033043

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfRaiseIrql] 0673C13B

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfLowerIrql] C13B0003

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!HalGetInterruptVector] 8366FA72

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_USHORT] 83660000

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200

IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A1048] spfy.sys

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [03DA1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetWindowLongA] [03DA15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [6302910F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [63029137] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowLongA] [03DA1530] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExA] [63029296] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DeferWindowPos] [03DA14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcA] [630571AF] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TrackPopupMenuEx] [63029137] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DefWindowProcA] [03DA1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DeferWindowPos] [03DA14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetSysColorBrush] [6305C5E9] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!FillRect] [63028DEF] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DrawFrameControl] [6301DF7F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TrackPopupMenu] [6302910F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetScrollInfo] [03DA1750] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetWindowLongA] [03DA15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExA] [63029296] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 86F661F8

 

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

 

Device \Driver\NetBT \Device\NetBT_Tcpip_{165C0591-6FD4-4111-BF17-C9020B6885C1} 86A7F500

Device \Driver\usbuhci \Device\USBPDO-0 86B53500

Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD91F8

Device \Driver\dmio \Device\DmControl\DmConfig 86FD91F8

Device \Driver\dmio \Device\DmControl\DmPnP 86FD91F8

Device \Driver\dmio \Device\DmControl\DmInfo 86FD91F8

Device \Driver\usbuhci \Device\USBPDO-1 86B53500

Device \Driver\usbuhci \Device\USBPDO-2 86B53500

Device \Driver\usbuhci \Device\USBPDO-3 86B53500

 

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

 

Device \Driver\Ftdisk \Device\HarddiskVolume1 86F681F8

Device \Driver\Cdrom \Device\CdRom0 86B54500

Device \Driver\NetBT \Device\NetBT_Tcpip_{E6A3A1B3-8463-4240-A41B-E37446C03EEE} 86A7F500

Device \Driver\Cdrom \Device\CdRom1 86B54500

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort0 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\NetBT \Device\NetBt_Wins_Export 86A7F500

Device \Driver\usbstor \Device\00000083 86ABF500

Device \Driver\usbstor \Device\00000084 86ABF500

Device \Driver\NetBT \Device\NetbiosSmb 86A7F500

Device \Driver\usbstor \Device\00000085 86ABF500

Device \Driver\usbstor \Device\00000086 86ABF500

Device \Driver\usbstor \Device\00000087 86ABF500

Device \Driver\PCI_PNP5740 \Device\0000004f spfy.sys

Device \Driver\sptd \Device\4097846990 spfy.sys

Device \Driver\usbuhci \Device\USBFDO-0 86B53500

Device \Driver\usbuhci \Device\USBFDO-1 86B53500

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86ACF500

Device \Driver\usbuhci \Device\USBFDO-2 86B53500

Device \FileSystem\MRxSmb \Device\LanmanRedirector 86ACF500

Device \Driver\usbuhci \Device\USBFDO-3 86B53500

Device \Driver\Ftdisk \Device\FtControl 86F681F8

Device \Driver\ayorc6tf \Device\Scsi\ayorc6tf1 86B0F500

Device \Driver\ayorc6tf \Device\Scsi\ayorc6tf1Port4Path0Target0Lun0 86B0F500

Device \FileSystem\Cdfs \Cdfs 86B67500

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:464] 86552930

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0x2A 0x88 0x4E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x37 0x59 0xC3 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xD1 0x19 0x2D ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0x2A 0x88 0x4E ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x37 0x59 0xC3 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xD1 0x19 0x2D ...

 

---- EOF - GMER 1.0.15 ----

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau en cliquant sur ce lien :

 

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

 

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

  • Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
  • A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
  • Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
  • Fais redémarrer ton PC

MCFIVE Mega Power Member

MCFIVE

Posté(e)
  • Auteur
Posté(e)
Télécharge load_tdsskiller de Loup Blanc sur ton Bureau en cliquant sur ce lien :

 

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

 

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

  • Lance load_tdsskiller en double-cliquant dessus : l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan
  • A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
  • Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (le fichier est également présent ici : C:\tdsskiller\report.txt)
  • Fais redémarrer ton PC

 

 

BONJOUR,

 

la page bloc-notes est vide ! ...je ne peux rien copier/coller..normal ou pas normal?

 

merci

MCFIVE Mega Power Member

MCFIVE

Posté(e)
  • Auteur
Posté(e)
As-tu un rapport dans C:\tdsskiller\report.txt ?

 

BONJOUR,

oui :

 

END USER LICENSE AGREEMENT

 

Kaspersky Lab ZAO (the “Rightholder”) is an owner of all rights, whether exclusive or otherwise to the Software.

 

By using the Software You consent to be bound by the terms and conditions of this agreement.

 

The Rightholder hereby grants You a non-exclusive perpetual license to store, load, install, execute, and display (to “use”) the free of charge Software that will substantially perform according to the specifications and descriptions set forth on http://support.kaspersky.com/viruses. The Software should be used as an auxiliary tool for removing threats from Your computer as described on http://support.kaspersky.com/viruses. The Rightholder doesn’t guarantee complete removal of threats and fixing issues caused by these threats.

 

No technical support for the Software is available.

 

You shall not emulate, modify, decompile, or reverse engineer the Software or disassemble or create derivative works based on the Software or any portion thereof with the sole exception of a non-waivable right granted to You by applicable legislation.

 

THE SOFTWARE IS PROVIDED "AS IS" AND THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW THE RIGHTHOLDER AND ITS PARTNERS MAKE NO WARRANTY, CONDITION, REPRESENTATION, OR TERM (EXPRESS OR IMPLIED, WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, SATISFACTORY QUALITY, INTEGRATION, OR APPLICABILITY FOR A PARTICULAR PURPOSE. YOU ASSUME ALL FAULTS, AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET ANY OR ALL YOUR REQUIREMENTS WHETHER OR NOT DICLOSED TO THE RIGHTHOLDER.

 

© 1997-2009 Kaspersky Lab ZAO. All Rights Reserved.

MCFIVE Mega Power Member

MCFIVE

Posté(e)
  • Auteur
Posté(e)
Télécharge manuellement TDSS killer, décompresse le rar et lance l'utilitaire à la main (dis oui pour la désinfection) :

http://www.esagelab.com/files/tdss_remover_latest.rar

 

Là tu devrais avoir un rapport.

 

 

BONJOUR,

 

Me revoici, désolé pour ces délais de réponse...

alors voici :

 

TDSS remover

version 1.6.3.4

 

Copyright 2009 eSage Lab

http://www.esagelab.com

support@esagelab.com

 

 

*** USAGE

 

- close all running programs and save all unsaved data;

- un-rar and run the tool (Administrator privileges required);

- reboot if necessary;

- let the tool scan the system for hidden objects;

- tick malicious objects you want to remove (hint: if you are not sure which

objects are malicious, use the context menu option 'Scan at VirusTotal.com');

- click the 'Delete selected' button;

- allow immediate reboot.

 

*** IMPORTANT: KNOWN FALSE POSITIVES

 

Some legitimate applications prevent normal reading of their drivers. Such a

behaviour may also be a sign of a rootkit. Thus, TDSS remover detects

blocked files with the verdict 'No Access', though they may be legitimate

files.

 

Currently we are aware of the following false positives:

- Daemon Tools and Alcohol 120%: sptd.sys.

- Kaspersky Antivirus: fidbox*.*.

- Avast! antivirus: aswBoot.exe, AvastSS.scr, aswFsBlk.sys, aswMonFlt.sys,

aswRdr.sys, aswTdi.sys, aswSP.sys.

- Symantec Antivirus: S32EVNT1.DLL, SymNeti.dll, SymRedir.dll, co_mon.cat,

CO_Mon.inf, CO_Mon.sys, srtsp.cat, srtsp.inf, srtsp.sys, srtspl.cat,

srtspl.inf, srtspl.sys, srtspx.cat, srtspx.inf, srtspx.sys, symdns.sys,

SYMEVENT.CAT, SYMEVENT.INF, SYMEVENT.SYS, symfw.sys. symids.sys. SymIM.sys.

symndis.sys. symndisv.sys, SymRedir.cat. SymRedir.inf, symredrv.sys. symtdi.sys.

- Dr.Web antivirus: dwprot.sys.

- Outpost: sandbox.sys, afw.sys.

 

In most cases, if you get one of the listed FPs ('No Access' verdict only!)

AND if you have the appropriate software installed, it's safe to leave

the listed files. Howewer, checking all ambiguous files at

www.virustotal.com is recommended, since a rootkit can mask under a legitimate

software. Thus,

 

!!! Use the 'Scan at VirusTotal.com' context menu option on ambiguous files. !!!

 

*** TROUBLESHOOTING

 

First, check comments to the following blog entry for a possible solution

of your problem:

http://blog.alisa.sh/2009/06/09/tdss-rootk...eaner/#comments.

 

If the solution isn't there, contact us at support@esagelab.com.

Please, DO ATTACH YOUR LOG FILE! (rk_remover_debug_log.txt).

 

*** VERSION HISTORY

 

12.12.2009: version 1.6.3

- Added context menu option "Scan at VirusTotal.com"

- Fixed some bugs

 

06.12.2009: version 1.6.2

- Improved the TDL3 disinfection

- Added the capability to resize program window

- Optimized scanning time

 

25.11.2009: version 1.6

- Added disinfection of the TDL3 rootkit

- Added the option to save malicious objects to a custom folder

- Added optional sending of statistics and infected files to our server.

 

30.07.2009: version 1.4

- Added Windows 7 support

- Improved hidden files scanning

- Fixed drives scanning error

- Fixed some minor bugs.

 

08.06.2009: version 1.3.5.0

- Initial release.

MCFIVE Mega Power Member

MCFIVE

Posté(e)
  • Auteur
Posté(e)
Ca, c'est le fichier readme, le manuel quoi, ce n'est pas un rapport. :P

 

 

 

Ah!

dans ce cas, j'ai des fichiers ouverts dans le décompresseur et je clique sur remover, et ce qui apparait ne me demande rien

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...