Help keylogger sur mon pc

Fermé

bib - 13 mai 2009 à 23:21
Utilisateur anonyme - 22 mai 2009 à 01:18

Bonjour,

Je viens demandr de l'aide. En effet mon ex a trifouillé mon pc et j'ai découvert qu'il avait mit des keyloggers sur mon pc j'en ai supprimé manuellement mais je ne suis pas sûre d'avoir tout résolu, bien au contraire. Après avoir lu quelques posts sur ce forum, j'ai téléchargé Hijack et voici son log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:05, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\HiYo\bin\HiYo.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rkfree] "D:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hiyo] D:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [BboxUpdate] D:\Program Files\BboxUpdate\BTLiveUpdate.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BPK] D:\Program Files\Perfect Keylogger Lite\bpk.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

A voir également:

Help keylogger sur mon pc
Test performance pc - Guide
Plus de son sur mon pc - Guide
Mon pc rame que faire - Guide
Reinitialiser pc - Guide
Mon pc s'allume mais ne démarre pas windows 10 - Guide

83 réponses

Réponse 61 / 83

Utilisateur anonyme
20 mai 2009 à 18:34

salut pas du tout j ai du m'absenter ce week end donc quelques difficultés lol

pour SDFix , c'etait en mode sans echec

Réponse 62 / 83

bib
21 mai 2009 à 15:00

Salut ok pas de soucis ;) mais as tu vu le log SDFix que j'ai posté en fin de page 3?

Réponse 63 / 83

Utilisateur anonyme
21 mai 2009 à 20:55

oui il en manque les trois quarts :)

Réponse 64 / 83

bib
21 mai 2009 à 22:28

Ok voici donc le report SDFix:

[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 15/05/2009 at 14:51

Microsoft Windows XP [version 5.1.2600]
Running From: D:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 22:17:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DOT4PRT\Vid_03f0&Pid_4e11&MI[02&DOT4&PRINT_HPZ\9&9c9ade9&0&1]
"DeviceDesc"="Photosmart 2570 (DOT4PRINT)"
"Capabilities"=dword:000000c0
"ConfigFlags"=dword:00000000
"HardwareID"=str(7):"DOT4PRT\Vid_03f0&Pid_4e11&MI_02&DOT4&PRINT_HPZ\0Vid_03f0&Pid_4e11&MI_02&DOT4&PRINT_HPZ\0"
"ClassGUID"="{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}"
"Class"="Dot4Print"
"Driver"="{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}\0001"
"Mfg"="Hewlett-Packard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DOT4PRT\Vid_03f0&Pid_4e11&MI[02&DOT4&PRINT_HPZ\9&9c9ade9&0&1\Device Parameters]
"PortName"="DOT4_001"
"SoftwareCUEContextID"="#Hewlett-Packard#HP Photosmart 2570 series#1242126571"
"DDDevNodeColor"=dword:00000007

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\DOT4PRT\Vid_03f0&Pid_4e11&MI[02&DOT4&PRINT_HPZ\9&9c9ade9&0&1\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:85,ab,9a,f2,69,af,3f,2f,b3,34,b4,1f,68,8b,d9,35,de,45,c5,11,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:85,ab,9a,f2,69,af,3f,2f,b3,34,b4,1f,68,8b,d9,35,de,45,c5,11,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:85,ab,9a,f2,69,af,3f,2f,b3,34,b4,1f,68,8b,d9,35,de,45,c5,11,79,..

scanning hidden registry entries ...

scanning hidden files ...

D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\ma-config.com\\maconfservice.exe"="D:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\ACSPMonitor\\ASMonitor.exe"="D:\\Program Files\\ACSPMonitor\\ASMonitor.exe:*:Enabled:System"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\\eSKernel.exe"="E:\\eSKernel.exe:*:Enabled:Bbox assistant d'installation"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"D:\\Program Files\\Bbox\\eSKernel.exe"="D:\\Program Files\\Bbox\\eSKernel.exe:*:Enabled:Bbox assistant d'installation"
"D:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe"="D:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe:*:Enabled:Bbox - Bouygues Telecom - Utilitaire de mise … jour"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Sat 25 Oct 2008 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 11 Feb 2009 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 17 Jul 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ffe45341c231bb2b0219bca9e5806a77\BIT1A.tmp"

[b]Finished![/b]

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 65 / 83

Utilisateur anonyme
21 mai 2009 à 22:54

==> Télécharge OAD (de Laur3n7!)

- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher ,tapes : ASMonitor
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient

ensuite :

Télécharge : Gmer (by Przemyslaw Gmerek)

Dezippes gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

sur les lignes rouge:

Services:cliques droit delete service
Process:cliques droit kill process
Adl ,file:cliques droit delete files

Réponse 66 / 83

bib
21 mai 2009 à 23:23

voici le rapport OAD:

21/05/2009 ---- 23:21:27,79

----------------------------------
§§§§§§ [ASMonitor ] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 67 / 83

Utilisateur anonyme
21 mai 2009 à 23:40

tu as copié/colle un espace de trop refais-le en l'ecrivant stp

Réponse 68 / 83

bib
21 mai 2009 à 23:41

le rapport GMER arrive c'est un peu long à cause des Sims2 lol, trop de téléchargements sims2, patience... ;)

Réponse 69 / 83

Utilisateur anonyme
21 mai 2009 à 23:42

http://www.commentcamarche.net/forum/affich 12442646 help keylogger sur mon pc?page=4#70

Réponse 70 / 83

bib
21 mai 2009 à 23:42

quoi? j'ai pas compris ton histoire d'espace désolée... que veux tu que je fasse exactement? pourtant suis pas blonde lol ;)

Réponse 71 / 83

Utilisateur anonyme
21 mai 2009 à 23:45

mdr

refais la partie OAD (apres gMer) mais en ecrivant au lieu de copier/coller ASMonitor

un petit coup d'oeil à ca qu'est ASMonitor ?

https://www.processlibrary.com/en/search?q=asmonitor

Réponse 72 / 83

bib
21 mai 2009 à 23:54

oui je me doutais de ce que c'etait en plus celui là etait même pas caché il apparaissait dans "démarer" puis "tous les programmes" c'est actuely spy, ou encore ACSP monitoring. En fait, à priori mon ex m'a installé 3 keyloggers (mdr pour être sûr que ça marche!!) de souvenir donc actually spy et rkfree et le dernier je me rappelle plus du nom en fait ca date de spetembre 2008 j'ai un peu dormi depuis lol!! Ah si je crois le dernier s'appelait secure files ou un truc dans le genre, et à la base je ne savais même pas ce qu'était un keylogger et pour être franche je ne connais rien en informatique le truc c'est qu'il a fait ses recherches de keylogger depuis mon pc et par hasard j'ai trouvé la trace de ses recherches sur google depuis mon pc, mdr!! j'en rigole maintenant mais sur le coup pas du tout, surtout une fois que j'ai su ce qu'était un keylogger lol! Bref depuis je suis en mode parano mdr! Bon GMER continu et je m'occupe en suite de OAD ;) à toute

Réponse 73 / 83

Utilisateur anonyme
22 mai 2009 à 00:00

oui et par securite tu feras deux autres OAD :

un avec : rkfree

l autre avec : BPK

Réponse 74 / 83

bib
22 mai 2009 à 00:18

ok pas de soucis mais GMER est toujours en plein scan mdr entre les sims2 tous les additionnels tous mes téléchargements sims2 mes RPG, rappelz et toutes mes merdes lol il est toujours en plein boulot mais t'inquiètes, je suis encore là ;)

Réponse 75 / 83

bib
22 mai 2009 à 00:25

En fait, pour OAD (afin d'être sûre) ce que tu souhaites, c'est que je copie dans le bloc note et que je te l'envoie ensuite, c'est bien ça ou bien ai-je rien compris?

Réponse 76 / 83

Utilisateur anonyme
22 mai 2009 à 00:32

lol il faut que tu me copies colles le rapport obtenu pour chacun des mots

Réponse 77 / 83

bib
22 mai 2009 à 00:37

voici le rapport GMER:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-22 00:35:46
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xF154A790]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xF154ADB0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xF15492A0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xF1557890]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateKey [0xF1555BB0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xF1548F50]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xF1546220]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xF15465F0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xF1545D40]
SSDT F7AD4344 ZwCreateThread
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xF1548230]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteFile [0xF1558320]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteKey [0xF1556160]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteValueKey [0xF1556AB0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xF1548C70]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateKey [0xF1557830]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateValueKey [0xF1557860]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xF154A260]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadKey [0xF1556F00]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xF1557F30]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenKey [0xF15563A0]
SSDT F7AD4330 ZwOpenProcess
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xF1545FB0]
SSDT F7AD4335 ZwOpenThread
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xF154AA40]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryKey [0xF15577D0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryValueKey [0xF1557800]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xF154AF30]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwReplaceKey [0xF15572A0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xF1549E10]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRestoreKey [0xF1557500]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xF1548920]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSaveKey [0xF15577B0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xF1549660]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xF1548050]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetInformationFile [0xF15585E0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xF15483B0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetValueKey [0xF15563C0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xF154A160]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xF1548AD0]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xF1548750]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xF1548590]
SSDT F7AD433F ZwTerminateProcess
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xF1547E30]
SSDT \??\D:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xF154A480]
SSDT F7AD433A ZwWriteVirtualMemory

INT 0x62 ? 86572BF8
INT 0x63 ? 863DFBF8
INT 0x73 ? 86575BF8
INT 0x82 ? 86572BF8
INT 0x83 ? 86575BF8
INT 0xB4 ? 863DFBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [50, 8F, 54, F1, 20, 62, 54, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [D0, 8A, 54, F1, 50, 87, 54, ...]
? span.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F64078AC 5 Bytes JMP 863DF1D8
.text a3q8ifyx.SYS F5C97384 1 Byte [20]
.text a3q8ifyx.SYS F5C97384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a3q8ifyx.SYS F5C973AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a3q8ifyx.SYS F5C973C4 3 Bytes [00, 00, 00]
.text a3q8ifyx.SYS F5C973C9 1 Byte [00]
.text ...

---- User code sections - GMER 1.0.15 ----

.text D:\WINDOWS\system32\svchost.exe[240] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\WINDOWS\system32\csrss.exe[476] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\WINDOWS\system32\winlogon.exe[500] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\WINDOWS\system32\services.exe[544] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\WINDOWS\system32\lsass.exe[556] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\Program Files\Mozilla Firefox\firefox.exe[628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text D:\Program Files\Mozilla Firefox\firefox.exe[628] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Mozilla Firefox\firefox.exe[628] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\Mozilla Firefox\firefox.exe[628] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Mozilla Firefox\firefox.exe[628] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\system32\svchost.exe[716] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\WINDOWS\system32\svchost.exe[776] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\WINDOWS\System32\svchost.exe[840] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\WINDOWS\system32\svchost.exe[896] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\Program Files\Tall Emu\Online Armor\OAcat.exe[1096] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\Program Files\Tall Emu\Online Armor\oasrv.exe[1116] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text D:\Program Files\Tall Emu\Online Armor\oasrv.exe[1116] user32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text D:\Program Files\Tall Emu\Online Armor\oasrv.exe[1116] user32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text D:\WINDOWS\system32\spoolsv.exe[1276] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 716F003D
.text D:\Program Files\Tall Emu\Online Armor\OAhlp.exe[1452] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text D:\Program Files\Tall Emu\Online Armor\OAhlp.exe[1452] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Tall Emu\Online Armor\OAhlp.exe[1452] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text D:\Program Files\Tall Emu\Online Armor\OAhlp.exe[1452] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1600] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\WINDOWS\System32\alg.exe[1620] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\WINDOWS\system32\nvsvc32.exe[1792] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2016] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2080] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2080] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2080] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2080] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2080] user32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2080] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F100F5A
.text D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Bureau\gmer.exe[2188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Bureau\gmer.exe[2188] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Bureau\gmer.exe[2188] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Bureau\gmer.exe[2188] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Documents and Settings\Administrateur.XPSP2-EB005977F\Bureau\gmer.exe[2188] user32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\WINDOWS\system32\WgaTray.exe[2316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001
.text D:\WINDOWS\system32\WgaTray.exe[2316] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\system32\WgaTray.exe[2316] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\WINDOWS\system32\WgaTray.exe[2316] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\WINDOWS\system32\WgaTray.exe[2316] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01400001
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 10047D60 D:\Program Files\HiYo\bin\HiYo.dll
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 10047BC0 D:\Program Files\HiYo\bin\HiYo.dll
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 10047DA0 D:\Program Files\HiYo\bin\HiYo.dll
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 10047C90 D:\Program Files\HiYo\bin\HiYo.dll
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 100198E0 D:\Program Files\HiYo\bin\HiYo.dll
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] USER32.dll!CreateWindowExA 7E3AE4A9 5 Bytes JMP 100199C0 D:\Program Files\HiYo\bin\HiYo.dll
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2332] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 1006F800 D:\Program Files\HiYo\bin\HiYo.dll
.text D:\WINDOWS\Explorer.EXE[2416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text D:\WINDOWS\Explorer.EXE[2416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\Explorer.EXE[2416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\WINDOWS\Explorer.EXE[2416] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\WINDOWS\Explorer.EXE[2416] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Windows Live\Contacts\wlcomm.exe[2572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001
.text D:\Program Files\Windows Live\Contacts\wlcomm.exe[2572] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Windows Live\Contacts\wlcomm.exe[2572] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\Windows Live\Contacts\wlcomm.exe[2572] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Windows Live\Contacts\wlcomm.exe[2572] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2636] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2636] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2636] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F100F5A
.text D:\WINDOWS\system32\svchost.exe[2856] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\WINDOWS\System32\svchost.exe[3084] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
.text D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3356] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3356] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3356] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F100F5A
.text D:\Program Files\HiYo\bin\HiYo.exe[3524] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text D:\Program Files\HiYo\bin\HiYo.exe[3524] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\HiYo\bin\HiYo.exe[3524] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\HiYo\bin\HiYo.exe[3524] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\HiYo\bin\HiYo.exe[3524] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Tall Emu\Online Armor\oaui.exe[3640] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01550001
.text D:\Program Files\Tall Emu\Online Armor\oaui.exe[3640] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Tall Emu\Online Armor\oaui.exe[3640] USER32.dll!LoadStringW 7E399E36 6 Bytes JMP 5F0B001E
.text D:\Program Files\Tall Emu\Online Armor\oaui.exe[3640] USER32.dll!LoadStringA 7E3AC908 6 Bytes JMP 5F05001E
.text D:\WINDOWS\system32\ctfmon.exe[3712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
.text D:\WINDOWS\system32\ctfmon.exe[3712] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\WINDOWS\system32\ctfmon.exe[3712] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\WINDOWS\system32\ctfmon.exe[3712] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\WINDOWS\system32\ctfmon.exe[3712] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\Messenger\msmsgs.exe[3800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text D:\Program Files\Messenger\msmsgs.exe[3800] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Messenger\msmsgs.exe[3800] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\Messenger\msmsgs.exe[3800] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\Messenger\msmsgs.exe[3800] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3960] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3960] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3960] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3960] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F728A046] span.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728A142] span.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F728A0C4] span.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F728A7CE] span.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F728A6A4] span.sys
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!KfAcquireSpinLock] 00000034
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!KeGetCurrentIrql] 00000043
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!KfRaiseIrql] 00000044
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!KfLowerIrql] 000000C4
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!HalGetInterruptVector] 000000DE
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!KfReleaseSpinLock] 00000054
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!READ_PORT_USHORT] 00000094
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[WMILIB.SYS!WmiSystemControl] 00000023
IAT \SystemRoot\System32\Drivers\a3q8ifyx.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7295D7A] span.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F28BF300] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F28BF360] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F28BF610] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F28BF650] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F28BF610] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F28BF360] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F28BF300] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F28BF610] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F28BF650] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F28BF300] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F28BF360] \??\D:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865DD1F8
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\usbohci \Device\USBPDO-0 863251F8
Device \Driver\usbehci \Device\USBPDO-1 863211F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 865731F8
Device \Driver\dmio \Device\DmControl\DmConfig 865731F8
Device \Driver\dmio \Device\DmControl\DmPnP 865731F8
Device \Driver\dmio \Device\DmControl\DmInfo 865731F8
Device \Driver\PCI_PNP1564 \Device\00000046 span.sys
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Ftdisk \Device\HarddiskVolume1 865E01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 865E01F8
Device \Driver\Cdrom \Device\CdRom0 863171F8
Device \Driver\Cdrom \Device\CdRom1 863171F8
Device \Driver\nvata \Device\00000069 865721F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 852C21F8
Device \Driver\NetBT \Device\NetbiosSmb 852C21F8
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\usbohci \Device\USBFDO-0 863251F8
Device \Driver\usbehci \Device\USBFDO-1 863211F8
Device \Driver\nvata \Device\NvAta0 865721F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 851A01F8
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 851A01F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{ABDF7806-8C5E-41D9-87FD-0CB142A0ABD4} 852C21F8
Device \Driver\Ftdisk \Device\FtControl 865E01F8
Device \Driver\sptd \Device\2683992814 span.sys
Device \Driver\a3q8ifyx \Device\Scsi\a3q8ifyx1Port3Path0Target0Lun0 8639C1F8
Device \Driver\nvgts \Device\Scsi\nvgts1 865DE1F8
Device \Driver\nvgts \Device\Scsi\nvgts2 865DE1F8
Device \Driver\a3q8ifyx \Device\Scsi\a3q8ifyx1 8639C1F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port1Path0Target0Lun0 865DE1F8
Device \FileSystem\Cdfs \Cdfs 8640C500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0xAB 0x9A 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0x94 0x4F 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x40 0x5F 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0xAB 0x9A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0x94 0x4F 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x40 0x5F 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0xAB 0x9A 0xF2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0x94 0x4F 0x5B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x02 0x40 0x5F 0x4A ...

---- EOF - GMER 1.0.15 ----

Réponse 78 / 83

bib
22 mai 2009 à 00:53

ok mais je t'ai collé le rapport OAD et apparemment il y a un pb donc que veux tu que je fasse je recommence la manip ou bien autre chose tel que copier dans le bloc note mais je pense pas il est déjà en bloc note à mon avis il y a eu un pb mais je ne comprend pas ce que tu souhaites que je fasse exactement je parle pour le moment de ACSP ensuiteje ferais our rkfree et file securer soit BKP ou un truc dans le genre je reprendrais ton post mais j'attend ta réponse désolée si je suis longue la comprenette

Réponse 79 / 83

Utilisateur anonyme
22 mai 2009 à 00:54

t as pas eu de lignes rouges ?

Réponse 80 / 83

bib
22 mai 2009 à 00:58

non aucune ligne rouge