Rootkit dans mon system32 !!
pelisse
Messages postés
2
Statut
Membre
-
VIRUS_KILLER Messages postés 2075 Statut Contributeur -
VIRUS_KILLER Messages postés 2075 Statut Contributeur -
Bonjour,
Mon antivirus Avast (V4.8 Pro et à jour) m'informe qu'un rootkit se trouve dans windows/system32/drivers/asc3550p.sys.
J'ai essayé un antirootkit (GMER) qui m'a été conseillé, mais on dirait que ça ne marche pas bien. J'ai même essayé différents anti-spyware et autres lecteurs de port et de process, mais je ne sais pas comment interpreter tout ça. Voici les différents rapports:
*********** Inspection des process avec procexp *****************
Process PID CPU Description Company Name
System Idle Process 0 96.97
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 836 Gestionnaire de session Windows NT Microsoft Corporation
csrss.exe 916 Client Server Runtime Process Microsoft Corporation
winlogon.exe 944 Application d'ouverture de session Windows NT Microsoft Corporation
services.exe 988 1.52 Applications Services et Contrôleur Microsoft Corporation
ati2evxx.exe 1180 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1196 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2448 WMI Microsoft Corporation
WLXQuickTimeControlHost.exe 3804 Windows Live QuickTime Control Host Microsoft Corporation
svchost.exe 1288 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1336 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1440 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1472 Generic Host Process for Win32 Services Microsoft Corporation
aswUpdSv.exe 1888 avast! Antivirus updating service ALWIL Software
ashServ.exe 1972 avast! antivirus service ALWIL Software
spoolsv.exe 564 Spooler SubSystem App Microsoft Corporation
svchost.exe 1036 Generic Host Process for Win32 Services Microsoft Corporation
LSSrvc.exe 1552 Hewlett-Packard Company
MDM.EXE 1800 Machine Debug Manager Microsoft Corporation
PSIService.exe 228 nTitles PSIService
svchost.exe 628 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 660 Windows User Mode Driver Manager Microsoft Corporation
hpqwmiex.exe 1484 hpqwmiex Module Hewlett-Packard Development Company, L.P.
ashMaiSv.exe 2348 avast! e-Mail Scanner Service ALWIL Software
ashWebSv.exe 2492 avast! Web Scanner ALWIL Software
alg.exe 2800 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1000 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1584 ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 1920 1.52 Explorateur Windows Microsoft Corporation
jusched.exe 360 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
hpwuSchd2.exe 472 Hewlett-Packard Product Assistant Hewlett-Packard Co.
QPService.exe 576 HP QuickPlay Resident Program CyberLink Corp.
eabservr.exe 620 Quick Launch Buttons Hewlett-Packard
ashDisp.exe 668 avast! service GUI component ALWIL Software
rundll32.exe 688 Exécuter une DLL en tant qu'application Microsoft Corporation
SearchSettings.exe 768 Search Settings application Vendio Services, Inc.
GoogleDesktop.exe 860 Google Desktop Google
GoogleDesktop.exe 1808 Google Desktop Google
GoogleDesktop.exe 1364 Google Desktop Google
PicasaMediaDetector.exe 920 Picasa Google Inc.
NMBgMonitor.exe 1168 Nero Home Nero AG
GoogleToolbarNotifier.exe 1232 GoogleToolbarNotifier Google Inc.
ctfmon.exe 1492 CTF Loader Microsoft Corporation
msnmsgr.exe 1432 Windows Live Messenger Microsoft Corporation
LedWallpaper.exe 732 Logiciel de gestion d'image d'arrière plan LED
procexp.exe 3656 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
************* Recherche des rootkit-malware avec GMER ***************
GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-29 22:21:14
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE0A9D98]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE0A9CB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE0AA12A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE0A98AA]
SSDT sptd.sys ZwEnumerateKey [0xF744ED1C]
SSDT sptd.sys ZwEnumerateValueKey [0xF744F0BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE0A9D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE0A97C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE0A983C]
SSDT sptd.sys ZwQueryKey [0xF744F194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE0A9E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE0A9E02]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE0A9F84]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F672062C 5 Bytes JMP 865BD970
? System32\Drivers\a6apcwoy.SYS Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1432] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F744AAB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F744ABEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F744AB76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F744B71C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F744B5F2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F746F7AE] sptd.sys
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 867D31D8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 863647F8
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
Device \Driver\usbohci \Device\USBPDO-0 865CE7F8
Device \Driver\usbohci \Device\USBPDO-1 865CE7F8
Device \Driver\usbehci \Device\USBPDO-2 865C4990
Device \Driver\NetBT \Device\NetBT_Tcpip_{13D2928C-A207-4603-B39C-7466F662CF5B} 86230990
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676E1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE6D3201-6175-4304-A592-295B4BC2477A} 86230990
Device \Driver\Ftdisk \Device\HarddiskVolume2 8676E1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867D41D8
Device \Driver\atapi \Device\Ide\IdePort0 867D41D8
Device \Driver\atapi \Device\Ide\IdePort1 867D41D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 867D41D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8676E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8676E1D8
Device \Driver\USBSTOR \Device\00000083 8622A990
Device \Driver\NetBT \Device\NetBt_Wins_Export 86230990
Device \Driver\USBSTOR \Device\00000084 8622A990
Device \Driver\NetBT \Device\NetbiosSmb 86230990
Device \Driver\00000033 \Device\0000004d sptd.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 865CE7F8
Device \Driver\usbohci \Device\USBFDO-1 865CE7F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8621A3D0
Device \Driver\usbehci \Device\USBFDO-2 865C4990
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8621A3D0
Device \Driver\Ftdisk \Device\FtControl 8676E1D8
Device \Driver\a6apcwoy \Device\Scsi\a6apcwoy1 864F2570
Device \Driver\a6apcwoy \Device\Scsi\a6apcwoy1Port2Path0Target0Lun0 864F2570
Device \FileSystem\Fastfat \Fat 863647F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 86220990
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001237ad4081 0x50 0xBB 0x9E 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@0012373d0257 0xF6 0x8E 0x79 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001bafa9bdf0 0x3E 0xB4 0x9D 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001247e78d80 0x71 0x24 0x50 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@00192c10e675 0xE9 0xFC 0xDF 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001adb380d4f 0x38 0x81 0xFE 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001df6be0c4a 0xDD 0x7B 0xFA 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1969264452
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -715523829
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xF0 0x47 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0xAC 0x82 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x17 0xDA 0x1C 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001237ad4081 0x50 0xBB 0x9E 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@0012373d0257 0xF6 0x8E 0x79 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001bafa9bdf0 0x3E 0xB4 0x9D 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001247e78d80 0x71 0x24 0x50 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@00192c10e675 0xE9 0xFC 0xDF 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001adb380d4f 0x38 0x81 0xFE 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001df6be0c4a 0xDD 0x7B 0xFA 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xF0 0x47 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0xAC 0x82 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x17 0xDA 0x1C 0x48 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 67
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 20
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.14 ----
************ Recherche de fichiers cachés et infectés avec catchme ****************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
*********** Recherche de spyware et malware avec A-Squared ***************
Version - a-squared Free 3.5
Dernière mise à jour : N/A
Paramètres du Scan :
Éléments : Mémoire, Traces, Cookies, C:\, D:\, F:\
Analyse les archives : Marche
Analyse heuristiques : Marche
Analyse ADS : Marche
Début de l'analyse : 29/04/2008 22:58:48
Value: HKEY_CLASSES_ROOT\CLSID\{33337170-F789-11CE-86F8-0020AFD8C6DB}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.SGOOPE
Value: HKEY_CLASSES_ROOT\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{37587889-FC28-4507-B6D3-8557305F7511}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{4A5E947E-C407-4DCC-A0B5-5658E457153B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{4FD5C4D3-6C15-4EA0-9EB9-EEE8FC74A91B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{620D55B0-F2FB-464E-A278-B4308DB1DB2B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{741BEEFD-AEC0-4AFF-84AF-4F61D15F5526}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{7A41359E-0407-470F-B3F7-7C6A0F7C449A}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{7C4A630A-DE98-4E3E-8093-E8F5E159BB72}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{7ED1E9B1-CB57-4FA0-84E8-FAE653FE8E6B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{A6931B16-90FA-4D69-A49F-3ABFA2C04060}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{C5AA36A1-8BD1-47E0-90F8-47E7239C6EA1}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{FA2CBAFB-F7B1-4F41-9B7A-73329A6C1CB7}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37587889-FC28-4507-B6D3-8557305F7511}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A5E947E-C407-4DCC-A0B5-5658E457153B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FD5C4D3-6C15-4EA0-9EB9-EEE8FC74A91B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{620D55B0-F2FB-464E-A278-B4308DB1DB2B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741BEEFD-AEC0-4AFF-84AF-4F61D15F5526}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A41359E-0407-470F-B3F7-7C6A0F7C449A}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C4A630A-DE98-4E3E-8093-E8F5E159BB72}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED1E9B1-CB57-4FA0-84E8-FAE653FE8E6B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6931B16-90FA-4D69-A49F-3ABFA2C04060}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5AA36A1-8BD1-47E0-90F8-47E7239C6EA1}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA2CBAFB-F7B1-4F41-9B7A-73329A6C1CB7}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed Objets détectés : Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache Objets détectés : Trace.Registry.Warez P2P Faster Accelerator
C:\Documents and Settings\Wilfried\Cookies\wilfried@247realmedia[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@2o7[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@adserver.aol[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@adtech[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@advertising[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@adviva[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@as1.falkag[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@atdmt[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@bluestreak[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@bs.serving-sys[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@casalemedia[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@com[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@countus.get.kadserver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@doubleclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@fastclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@fl01.ct2.comclick[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@goclick[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@hitbox[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@hotlog[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@linksys[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@linksys[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@media.adrevolver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@mediaplex[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@questionmarket[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@serving-sys[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@sexe-blogger[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@sexlist[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@sexyavenue[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@smartadserver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@specificclick[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@spylog[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@statcounter[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@tradedoubler[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@tribalfusion[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@valueclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@weborama[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@www.cibleclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@zedo[2].txt Objets détectés : Trace.TrackingCookie
C:\Chessmaster 8000\INJECT.EXE Objets détectés : Worm.Win32.Anilogo.b
C:\Documents and Settings\Wilfried\Mes documents\My Completed Downloads\3gp-video-converter.exe Objets détectés : Riskware.FraudTool.Win32.SpywareDetector.d
C:\Program Files\Multimédia\CloneDVD2\Clone DVD 2.8.2.1 Patch.exe Objets détectés : P2P-Worm.Win32.VB.eg
Analysé
Fichiers : 269976
Traces : 399286
Cookies : 380
Processus : 47
Objets trouvés
Fichiers : 3
Traces : 29
Cookies : 38
Processus : 0
Clés du Registre : 0
Fin de l'analyse : 30/04/2008 00:52:04
Temps de l'analyse : 1:53:16
NB: J'ai mis en quarantaine les 70 éléments que j'ai trouvé avec A-Squared
Quelqu'un peut-il m'expliquer ce que tout cela signifie et que faut-il faire?
MERCI D'AVANCE!!!!!!!!!
Configuration: Windows XP SP2
Navigateur: Internet explorer 7
Mon antivirus Avast (V4.8 Pro et à jour) m'informe qu'un rootkit se trouve dans windows/system32/drivers/asc3550p.sys.
J'ai essayé un antirootkit (GMER) qui m'a été conseillé, mais on dirait que ça ne marche pas bien. J'ai même essayé différents anti-spyware et autres lecteurs de port et de process, mais je ne sais pas comment interpreter tout ça. Voici les différents rapports:
*********** Inspection des process avec procexp *****************
Process PID CPU Description Company Name
System Idle Process 0 96.97
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 836 Gestionnaire de session Windows NT Microsoft Corporation
csrss.exe 916 Client Server Runtime Process Microsoft Corporation
winlogon.exe 944 Application d'ouverture de session Windows NT Microsoft Corporation
services.exe 988 1.52 Applications Services et Contrôleur Microsoft Corporation
ati2evxx.exe 1180 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1196 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 2448 WMI Microsoft Corporation
WLXQuickTimeControlHost.exe 3804 Windows Live QuickTime Control Host Microsoft Corporation
svchost.exe 1288 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1336 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1440 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1472 Generic Host Process for Win32 Services Microsoft Corporation
aswUpdSv.exe 1888 avast! Antivirus updating service ALWIL Software
ashServ.exe 1972 avast! antivirus service ALWIL Software
spoolsv.exe 564 Spooler SubSystem App Microsoft Corporation
svchost.exe 1036 Generic Host Process for Win32 Services Microsoft Corporation
LSSrvc.exe 1552 Hewlett-Packard Company
MDM.EXE 1800 Machine Debug Manager Microsoft Corporation
PSIService.exe 228 nTitles PSIService
svchost.exe 628 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 660 Windows User Mode Driver Manager Microsoft Corporation
hpqwmiex.exe 1484 hpqwmiex Module Hewlett-Packard Development Company, L.P.
ashMaiSv.exe 2348 avast! e-Mail Scanner Service ALWIL Software
ashWebSv.exe 2492 avast! Web Scanner ALWIL Software
alg.exe 2800 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1000 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1584 ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 1920 1.52 Explorateur Windows Microsoft Corporation
jusched.exe 360 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
hpwuSchd2.exe 472 Hewlett-Packard Product Assistant Hewlett-Packard Co.
QPService.exe 576 HP QuickPlay Resident Program CyberLink Corp.
eabservr.exe 620 Quick Launch Buttons Hewlett-Packard
ashDisp.exe 668 avast! service GUI component ALWIL Software
rundll32.exe 688 Exécuter une DLL en tant qu'application Microsoft Corporation
SearchSettings.exe 768 Search Settings application Vendio Services, Inc.
GoogleDesktop.exe 860 Google Desktop Google
GoogleDesktop.exe 1808 Google Desktop Google
GoogleDesktop.exe 1364 Google Desktop Google
PicasaMediaDetector.exe 920 Picasa Google Inc.
NMBgMonitor.exe 1168 Nero Home Nero AG
GoogleToolbarNotifier.exe 1232 GoogleToolbarNotifier Google Inc.
ctfmon.exe 1492 CTF Loader Microsoft Corporation
msnmsgr.exe 1432 Windows Live Messenger Microsoft Corporation
LedWallpaper.exe 732 Logiciel de gestion d'image d'arrière plan LED
procexp.exe 3656 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
************* Recherche des rootkit-malware avec GMER ***************
GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-29 22:21:14
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE0A9D98]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE0A9CB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE0AA12A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE0A98AA]
SSDT sptd.sys ZwEnumerateKey [0xF744ED1C]
SSDT sptd.sys ZwEnumerateValueKey [0xF744F0BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE0A9D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE0A97C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE0A983C]
SSDT sptd.sys ZwQueryKey [0xF744F194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE0A9E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE0A9E02]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE0A9F84]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F672062C 5 Bytes JMP 865BD970
? System32\Drivers\a6apcwoy.SYS Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP111.SYS Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[1432] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F744AAB6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F744ABEE] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F744AB76] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F744B71C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F744B5F2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F746F7AE] sptd.sys
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 867D31D8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom 863647F8
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
Device \Driver\usbohci \Device\USBPDO-0 865CE7F8
Device \Driver\usbohci \Device\USBPDO-1 865CE7F8
Device \Driver\usbehci \Device\USBPDO-2 865C4990
Device \Driver\NetBT \Device\NetBT_Tcpip_{13D2928C-A207-4603-B39C-7466F662CF5B} 86230990
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8676E1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE6D3201-6175-4304-A592-295B4BC2477A} 86230990
Device \Driver\Ftdisk \Device\HarddiskVolume2 8676E1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 867D41D8
Device \Driver\atapi \Device\Ide\IdePort0 867D41D8
Device \Driver\atapi \Device\Ide\IdePort1 867D41D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 867D41D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8676E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8676E1D8
Device \Driver\USBSTOR \Device\00000083 8622A990
Device \Driver\NetBT \Device\NetBt_Wins_Export 86230990
Device \Driver\USBSTOR \Device\00000084 8622A990
Device \Driver\NetBT \Device\NetbiosSmb 86230990
Device \Driver\00000033 \Device\0000004d sptd.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBFDO-0 865CE7F8
Device \Driver\usbohci \Device\USBFDO-1 865CE7F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8621A3D0
Device \Driver\usbehci \Device\USBFDO-2 865C4990
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8621A3D0
Device \Driver\Ftdisk \Device\FtControl 8676E1D8
Device \Driver\a6apcwoy \Device\Scsi\a6apcwoy1 864F2570
Device \Driver\a6apcwoy \Device\Scsi\a6apcwoy1Port2Path0Target0Lun0 864F2570
Device \FileSystem\Fastfat \Fat 863647F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Cdfs \Cdfs 86220990
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001237ad4081 0x50 0xBB 0x9E 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@0012373d0257 0xF6 0x8E 0x79 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001bafa9bdf0 0x3E 0xB4 0x9D 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001247e78d80 0x71 0x24 0x50 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@00192c10e675 0xE9 0xFC 0xDF 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001adb380d4f 0x38 0x81 0xFE 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b10a2314@001df6be0c4a 0xDD 0x7B 0xFA 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1969264452
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -715523829
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xF0 0x47 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0xAC 0x82 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x17 0xDA 0x1C 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001237ad4081 0x50 0xBB 0x9E 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@0012373d0257 0xF6 0x8E 0x79 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001bafa9bdf0 0x3E 0xB4 0x9D 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001247e78d80 0x71 0x24 0x50 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@00192c10e675 0xE9 0xFC 0xDF 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001adb380d4f 0x38 0x81 0xFE 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b10a2314@001df6be0c4a 0xDD 0x7B 0xFA 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0xF0 0x47 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC1 0xAC 0x82 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x17 0xDA 0x1C 0x48 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 67
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 20
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.14 ----
************ Recherche de fichiers cachés et infectés avec catchme ****************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
*********** Recherche de spyware et malware avec A-Squared ***************
Version - a-squared Free 3.5
Dernière mise à jour : N/A
Paramètres du Scan :
Éléments : Mémoire, Traces, Cookies, C:\, D:\, F:\
Analyse les archives : Marche
Analyse heuristiques : Marche
Analyse ADS : Marche
Début de l'analyse : 29/04/2008 22:58:48
Value: HKEY_CLASSES_ROOT\CLSID\{33337170-F789-11CE-86F8-0020AFD8C6DB}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.SGOOPE
Value: HKEY_CLASSES_ROOT\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{37587889-FC28-4507-B6D3-8557305F7511}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{4A5E947E-C407-4DCC-A0B5-5658E457153B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{4FD5C4D3-6C15-4EA0-9EB9-EEE8FC74A91B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{620D55B0-F2FB-464E-A278-B4308DB1DB2B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{741BEEFD-AEC0-4AFF-84AF-4F61D15F5526}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{7A41359E-0407-470F-B3F7-7C6A0F7C449A}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{7C4A630A-DE98-4E3E-8093-E8F5E159BB72}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{7ED1E9B1-CB57-4FA0-84E8-FAE653FE8E6B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{A6931B16-90FA-4D69-A49F-3ABFA2C04060}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{C5AA36A1-8BD1-47E0-90F8-47E7239C6EA1}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_CLASSES_ROOT\CLSID\{FA2CBAFB-F7B1-4F41-9B7A-73329A6C1CB7}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37587889-FC28-4507-B6D3-8557305F7511}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A5E947E-C407-4DCC-A0B5-5658E457153B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FD5C4D3-6C15-4EA0-9EB9-EEE8FC74A91B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{620D55B0-F2FB-464E-A278-B4308DB1DB2B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741BEEFD-AEC0-4AFF-84AF-4F61D15F5526}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A41359E-0407-470F-B3F7-7C6A0F7C449A}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C4A630A-DE98-4E3E-8093-E8F5E159BB72}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED1E9B1-CB57-4FA0-84E8-FAE653FE8E6B}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6931B16-90FA-4D69-A49F-3ABFA2C04060}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5AA36A1-8BD1-47E0-90F8-47E7239C6EA1}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA2CBAFB-F7B1-4F41-9B7A-73329A6C1CB7}\InprocServer32 --> ThreadingModel Objets détectés : Trace.Registry.Spam Blocker Utility
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> Changed Objets détectés : Trace.Registry.Warez P2P Faster Accelerator
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Download Accelerator Plus (DAP) --> SlowInfoCache Objets détectés : Trace.Registry.Warez P2P Faster Accelerator
C:\Documents and Settings\Wilfried\Cookies\wilfried@247realmedia[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@2o7[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@adserver.aol[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@adtech[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@advertising[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@adviva[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@as1.falkag[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@atdmt[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@bluestreak[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@bs.serving-sys[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@casalemedia[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@com[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@countus.get.kadserver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@doubleclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@fastclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@fl01.ct2.comclick[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@goclick[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@hitbox[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@hotlog[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@linksys[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@linksys[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@media.adrevolver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@mediaplex[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@questionmarket[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@serving-sys[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@sexe-blogger[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@sexlist[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@sexyavenue[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@smartadserver[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@specificclick[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@spylog[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@statcounter[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@tradedoubler[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@tribalfusion[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@valueclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@weborama[2].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@www.cibleclick[1].txt Objets détectés : Trace.TrackingCookie
C:\Documents and Settings\Wilfried\Cookies\wilfried@zedo[2].txt Objets détectés : Trace.TrackingCookie
C:\Chessmaster 8000\INJECT.EXE Objets détectés : Worm.Win32.Anilogo.b
C:\Documents and Settings\Wilfried\Mes documents\My Completed Downloads\3gp-video-converter.exe Objets détectés : Riskware.FraudTool.Win32.SpywareDetector.d
C:\Program Files\Multimédia\CloneDVD2\Clone DVD 2.8.2.1 Patch.exe Objets détectés : P2P-Worm.Win32.VB.eg
Analysé
Fichiers : 269976
Traces : 399286
Cookies : 380
Processus : 47
Objets trouvés
Fichiers : 3
Traces : 29
Cookies : 38
Processus : 0
Clés du Registre : 0
Fin de l'analyse : 30/04/2008 00:52:04
Temps de l'analyse : 1:53:16
NB: J'ai mis en quarantaine les 70 éléments que j'ai trouvé avec A-Squared
Quelqu'un peut-il m'expliquer ce que tout cela signifie et que faut-il faire?
MERCI D'AVANCE!!!!!!!!!
Configuration: Windows XP SP2
Navigateur: Internet explorer 7
A voir également:
- Rootkit dans mon system32 !!
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- X:\windows\system32> - Forum Virus
- Comment enlever mon virus trojan:win32/si... ✓ - Forum Virus
- @System32\drivers\pci.sys, ✓ - Forum Windows
- &Quot;System32\DRIVERS\pci.sys" - Forum Windows
1 réponse
Salut
Tu pourai peut étre essayer Avg AntiRootkit proposer par Grisoft:
http://ftpclubic40.clubic.com/...
Met le a jour,et fait un scan.
Tu pourai peut étre essayer Avg AntiRootkit proposer par Grisoft:
http://ftpclubic40.clubic.com/...
Met le a jour,et fait un scan.
