Virus Ohrda1.Dll Impossible de s'en debarasse
Résolu
Oli_G
-
Oli_G Messages postés 57 Statut Membre -
Oli_G Messages postés 57 Statut Membre -
Virus/trojan - Ohrda1.dll -
Voila j'ai depuis cette aprem ce virus, ou trojan, qui me cause des soucis.
Tout d'abord chaque fois que je veux acceder a mes fichiers ou windows explorer j'ai un message d'alert de mon anti virus.
J'ai regarde sur le net des post sur ce virus, je n'ai rien trouve a part des pages italiennes et un post sur ce forum, que j'ai essaye de suivre, mais je n'arrive pas a lancer blacklight il me refuse l'acces. de meme j'ai essaye d'acceder a des pages web notamment pour telecharger un anti virus prevx, malheureusement le virus me refuse l'acces et j'obtiens a tout les coup une erreur 404.
Bon j'ai reussi a telecharger et faire marcher Hijackthis, mais je sais pas comment proceder pour eliminer ce virus.
Voici le LOG :
Logfile of HijackThis v1.99.1
Scan saved at 21:04:41, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\AOL\1157408391\ee\AOLSoftware.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\fichiers communs\aol\1157408391\ee\aim6.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Olivier Glantschnig\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {346D8699-DAC7-DD78-5CD4-CA50A929983C} - C:\WINDOWS\ohrda1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msoff.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157408391\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: RapidShare-Download - res://D:\rppv4_-_43in1__AIO_\RapidShare - the way YOU like it!\more-rapid.exe/RsMenExt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371290.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogEjn - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\lpt9.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
merci pour votre Aide!
Voila j'ai depuis cette aprem ce virus, ou trojan, qui me cause des soucis.
Tout d'abord chaque fois que je veux acceder a mes fichiers ou windows explorer j'ai un message d'alert de mon anti virus.
J'ai regarde sur le net des post sur ce virus, je n'ai rien trouve a part des pages italiennes et un post sur ce forum, que j'ai essaye de suivre, mais je n'arrive pas a lancer blacklight il me refuse l'acces. de meme j'ai essaye d'acceder a des pages web notamment pour telecharger un anti virus prevx, malheureusement le virus me refuse l'acces et j'obtiens a tout les coup une erreur 404.
Bon j'ai reussi a telecharger et faire marcher Hijackthis, mais je sais pas comment proceder pour eliminer ce virus.
Voici le LOG :
Logfile of HijackThis v1.99.1
Scan saved at 21:04:41, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\AOL\1157408391\ee\AOLSoftware.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\fichiers communs\aol\1157408391\ee\aim6.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Olivier Glantschnig\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {346D8699-DAC7-DD78-5CD4-CA50A929983C} - C:\WINDOWS\ohrda1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msoff.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1157408391\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: RapidShare-Download - res://D:\rppv4_-_43in1__AIO_\RapidShare - the way YOU like it!\more-rapid.exe/RsMenExt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371290.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogEjn - Unknown owner - \\?\C:\Program Files\Fichiers communs\System\lpt9.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
merci pour votre Aide!
A voir également:
- Virus Ohrda1.Dll Impossible de s'en debarasse
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Softonic virus ✓ - Forum Virus
- Impossible de terminer l'opération car le fichier contient un virus - Forum Virus
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
93 réponses
re,
j'attends la réponse de Malekal mais pour moi, gromozon n'est plus présent!
à toi de me dire Malekak!
a+
j'attends la réponse de Malekal mais pour moi, gromozon n'est plus présent!
à toi de me dire Malekak!
a+
Rapport Gmer :
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-28 19:15:26
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT pxfsf.sys ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23A4 805010A8 8 Bytes [ 6F, 78, 31, F7, D0, 28, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, 78, 31, F7, 83, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ D0, A0, 77, EE, BF, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 8 Bytes [ 60, 2C, 77, EE, E0, 8E, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23ED 805010F1 3 Bytes [ 91, 77, EE ]
.text ...
.text USBPORT.SYS!DllUnload F700B62C 5 Bytes JMP 864415B0
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 270018E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001860 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001650 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003510 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003020 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004BC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 27004760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 270048E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004D20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!send 719F428A 5 Bytes JMP 27009360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 27009150 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!recv 719F615A 5 Bytes JMP 27008FC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 270094E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 270096F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 5 Bytes JMP 27002960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 27001AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 27001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetCloseHandle 771BE85D 5 Bytes JMP 27008230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpOpenRequestA 771C160A 5 Bytes JMP 27007F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 270080B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 867CF1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 865361D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLEANUP 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_PNP 864164E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86511980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 862F3980
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867631D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D01D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-28 19:15:26
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT pxfsf.sys ZwAlertResumeThread
SSDT pxfsf.sys ZwAllocateUserPhysicalPages
SSDT pxfsf.sys ZwAllocateVirtualMemory
SSDT pxfsf.sys ZwClose
SSDT pxfsf.sys ZwCompactKeys
SSDT pxfsf.sys ZwCompressKey
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT pxfsf.sys ZwCreateDirectoryObject
SSDT pxfsf.sys ZwCreateEvent
SSDT pxfsf.sys ZwCreateEventPair
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT pxfsf.sys ZwCreateIoCompletion
SSDT pxfsf.sys ZwCreateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT pxfsf.sys ZwCreateMailslotFile
SSDT pxfsf.sys ZwCreateMutant
SSDT pxfsf.sys ZwCreateNamedPipeFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT pxfsf.sys ZwCreateSemaphore
SSDT pxfsf.sys ZwCreateSymbolicLinkObject
SSDT pxfsf.sys ZwCreateThread
SSDT pxfsf.sys ZwCreateTimer
SSDT pxfsf.sys ZwCreateToken
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT pxfsf.sys ZwDeviceIoControlFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT pxfsf.sys ZwEnumerateKey
SSDT pxfsf.sys ZwEnumerateValueKey
SSDT pxfsf.sys ZwFreeUserPhysicalPages
SSDT pxfsf.sys ZwFreeVirtualMemory
SSDT pxfsf.sys ZwImpersonateAnonymousToken
SSDT pxfsf.sys ZwImpersonateThread
SSDT pxfsf.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT pxfsf.sys ZwLoadKey2
SSDT pxfsf.sys ZwLockRegistryKey
SSDT pxfsf.sys ZwLockVirtualMemory
SSDT pxfsf.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT pxfsf.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT pxfsf.sys ZwOpenProcessToken
SSDT pxfsf.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT pxfsf.sys ZwOpenThreadToken
SSDT pxfsf.sys ZwProtectVirtualMemory
SSDT pxfsf.sys ZwQueryInformationProcess
SSDT pxfsf.sys ZwQueryInformationThread
SSDT pxfsf.sys ZwQueryKey
SSDT pxfsf.sys ZwQueryMultipleValueKey
SSDT pxfsf.sys ZwQueryOpenSubKeys
SSDT pxfsf.sys ZwQueryValueKey
SSDT pxfsf.sys ZwQueueApcThread
SSDT pxfsf.sys ZwReadFile
SSDT pxfsf.sys ZwReadVirtualMemory
SSDT pxfsf.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT pxfsf.sys ZwResumeProcess
SSDT pxfsf.sys ZwResumeThread
SSDT pxfsf.sys ZwSaveKey
SSDT pxfsf.sys ZwSaveKeyEx
SSDT pxfsf.sys ZwSaveMergedKeys
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT pxfsf.sys ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT pxfsf.sys ZwSetInformationKey
SSDT pxfsf.sys ZwSetInformationProcess
SSDT pxfsf.sys ZwSetInformationThread
SSDT pxfsf.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT pxfsf.sys ZwSuspendProcess
SSDT pxfsf.sys ZwSuspendThread
SSDT pxfsf.sys ZwSystemDebugControl
SSDT pxfsf.sys ZwTerminateJobObject
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT pxfsf.sys ZwTerminateThread
SSDT pxfsf.sys ZwUnloadDriver
SSDT pxfsf.sys ZwUnloadKey
SSDT pxfsf.sys ZwUnloadKeyEx
SSDT pxfsf.sys ZwUnlockVirtualMemory
SSDT pxfsf.sys ZwUnmapViewOfSection
SSDT pxfsf.sys ZwWriteFile
SSDT pxfsf.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23A4 805010A8 8 Bytes [ 6F, 78, 31, F7, D0, 28, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23B4 805010B8 24 Bytes [ 79, 78, 31, F7, 83, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D0 805010D4 16 Bytes [ D0, A0, 77, EE, BF, 78, 31, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805010E8 8 Bytes [ 60, 2C, 77, EE, E0, 8E, 77, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 23ED 805010F1 3 Bytes [ 91, 77, EE ]
.text ...
.text USBPORT.SYS!DllUnload F700B62C 5 Bytes JMP 864415B0
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 270018E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001860 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001650 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003510 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003020 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004BC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 27004760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 270048E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004D20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!send 719F428A 5 Bytes JMP 27009360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 27009150 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!recv 719F615A 5 Bytes JMP 27008FC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 270094E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 270096F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 5 Bytes JMP 27002960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 27001AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 27001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetCloseHandle 771BE85D 5 Bytes JMP 27008230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpOpenRequestA 771C160A 5 Bytes JMP 27007F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 270080B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[696] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 867CF1D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 865361D8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 865361D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_CLEANUP 864164E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0DF44C1-0D4C-4ECE-ACF2-5C500683358A} IRP_MJ_PNP 864164E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86511980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86511980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 862F3980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 862F3980
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EE7842A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EE7842A0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867631D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867631D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D01D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 864164E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir tout le monde
Merci salwa d'avoir posé cette question ( à tester absolument ) :
« d'apres ce que j'ai compris cette infection bloque certain programe , es possible de contourner ca en renommant le programe en question , comme par exemple renomer gmer en abcd ??? »
Bonne chance
Al.
Merci salwa d'avoir posé cette question ( à tester absolument ) :
« d'apres ce que j'ai compris cette infection bloque certain programe , es possible de contourner ca en renommant le programe en question , comme par exemple renomer gmer en abcd ??? »
Bonne chance
Al.
Bonsoir à tous,
Oli_G, as tu toujours accès à tous les utilitaires cités tout au long de ce sujet?
Peux tu passer un scan en ligne ici:
http://www.bitdefender.fr/scan8/ie.html
et poster le rapport!
Pour Al, j'ai déjà répondu que ça ne servait à rien de renommer Gmer!!
a+
Oli_G, as tu toujours accès à tous les utilitaires cités tout au long de ce sujet?
Peux tu passer un scan en ligne ici:
http://www.bitdefender.fr/scan8/ie.html
et poster le rapport!
Pour Al, j'ai déjà répondu que ça ne servait à rien de renommer Gmer!!
a+
Oauis j'ai acces a tous les programmes etc...
Encore un truc Bitdefender.... Ecoute j'ai Bitdefender sur mon Ordi, c'est pas efficace. Il ne m'a pas protege, alors le scan online de chez eux....
Voila.
Encore un truc Bitdefender.... Ecoute j'ai Bitdefender sur mon Ordi, c'est pas efficace. Il ne m'a pas protege, alors le scan online de chez eux....
Voila.
re,
le scan on line de bitdefender est très intéressant!
je voudrais voir le rapport qu'il montrera!
a+
le scan on line de bitdefender est très intéressant!
je voudrais voir le rapport qu'il montrera!
a+
Rapport Bitdefender :
BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Jan 29, 2007 - 00:51:41
Voie d'analyse: C:\;D:\;
Statistiques
Temps
02:07:27
Fichiers
450779
Directoires
7825
Secteurs de boot
4
Archives
19197
Paquets programmes
40789
Résultats
Virus identifiés
0
Fichiers infectés
0
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
0
Info sur les moteurs
Définition virus
394334
Version des moteurs
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
6
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
Aucun virus trouvé.
BitDefender Online Scanner
Rapport d'analyse généré à: Mon, Jan 29, 2007 - 00:51:41
Voie d'analyse: C:\;D:\;
Statistiques
Temps
02:07:27
Fichiers
450779
Directoires
7825
Secteurs de boot
4
Archives
19197
Paquets programmes
40789
Résultats
Virus identifiés
0
Fichiers infectés
0
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
0
Info sur les moteurs
Définition virus
394334
Version des moteurs
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Analyse des plugins
14
Archive des plugins
38
Unpack des plugins
6
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
*;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
Aucun virus trouvé.
re,
donc ça conforte mon point de vue!
la bébéte est morte!
Le pc tourne normalement?
Aucune alerte?
a+
donc ça conforte mon point de vue!
la bébéte est morte!
Le pc tourne normalement?
Aucune alerte?
a+
Tout tourne merveilleusement, j'ai comme l'impression qu'il tourne plus rapidement, les problemes que j'avais avec ie7 ont disparus ( il etait lent ), plus aucune alerte, stabilite 100%. bref tout pour le mieux dans le meilleur des mondes :)
Merci Encore a toi Did71 et a Malekal!
je sais pas comment vous remercier!!!!
Merci Encore a toi Did71 et a Malekal!
je sais pas comment vous remercier!!!!
