Votre question

[résolu] Redirection google vers google ou vers cheval de troyes

Tags :
  • google
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Avril 2010 12:06:20

Bonjour,
Je désespère, je suis sous Windows XP, antivirus Avast, Mozilla, je suis sans cesse lors de mes recherches google redirigé vers des cheval de troyes détectés par avast, j'ai lancé divers scan avec ad-aware, spybot, malwarebytes qui m'ont trouvé certains logiciels malveillants mais mon problème n'est toujours pas résolu. J'ai fait en ligne scan panda, bitdefender, sans autre résultat.
Je me tourne du coup vers vous en espérant que vous pourrez m'aider. Merci, merci d'avance.

Autres pages sur : resolu redirection google vers google vers cheval troyes

22 Avril 2010 12:20:25

Salut

Fais ceci:

Télécharger sur le bureau
DDS

= Double-clic dessus pour le lancer
= Une fenêtre s'ouvre
= Attendre la fin
= Copier le rapport DDS.txt qui s'ouvre dans le bloc-notes
pour cela ==> Édition ==> Sélectionner tout
et dans la partie sur-ligné ==> clic-droit ==> copier

Coller le contenu du rapport dans votre nouvelle discussion
22 Avril 2010 12:25:08

Voilà :

DDS (Ver_10-03-17.01) - NTFSx86
Run by Yann at 12:22:48,90 on 22/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1535.979 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Yann\Mes documents\Téléchargements\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\yann\menudm~1\progra~1\dmarra~1\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
IE: Ajouter au fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {11FC12D0-1A72-12D2-992D-5BC14F992BC7} - c:\windows\system32\javan.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\yann\applic~1\mozilla\firefox\profiles\jkv46hra.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2005-11-10 102400]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-5 162768]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-5 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-5 40384]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9a54c67ddfcce;Service Google Update (gupdate1c9a54c67ddfcce);c:\program files\google\update\GoogleUpdate.exe [2009-3-15 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-5 1265264]

=============== Created Last 30 ================

2010-04-22 09:27:00 0 d-----w- c:\docume~1\yann\applic~1\Malwarebytes
2010-04-22 09:26:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-22 09:26:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-22 09:26:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 09:26:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 09:16:01 0 d-----w- c:\program files\trend micro
2010-04-22 09:02:36 0 d-----w- c:\docume~1\yann\applic~1\QuickScan
2010-04-18 18:50:02 0 d-----w- c:\docume~1\yann\applic~1\DAEMON Tools Pro
2010-04-18 18:48:52 0 d-----w- c:\program files\Hide The IP 2010
2010-04-17 10:32:33 0 d-----w- c:\docume~1\yann\applic~1\CheeseSoft
2010-04-17 10:32:13 0 d-----w- c:\program files\FinalUninstaller
2010-04-17 10:27:34 0 d-----w- c:\windows\pss
2010-04-17 09:44:40 0 d-----w- c:\program files\Panda Security
2010-04-07 17:11:43 0 d-----w- c:\docume~1\yann\applic~1\SlipStream
2010-04-05 20:57:32 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-05 20:00:56 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-04-05 17:43:38 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-05 17:43:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-05 15:34:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

==================== Find3M ====================

2010-03-28 15:58:53 540222 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-28 15:58:52 97400 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-11 12:34:41 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:34:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:34:30 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:10:23 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-28 16:17:22 46 ----a-w- c:\documents and settings\yann\index.dat
2010-02-25 10:12:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:07:06 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:07:06 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:34:07 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-03-26 16:41:08 56 --sh--r- c:\windows\system32\F6429C6689.sys
2009-03-26 16:41:08 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-12-30 17:41:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008122220081229\index.dat
2008-12-30 17:41:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008123020081231\index.dat

============= FINISH: 12:23:43,87 ===============
Contenus similaires
22 Avril 2010 12:29:54

Tu peux désinstaller Spybot , Ad-Aware.
Je vois que tu as des traces de Kaspersky? Tu l'as bien désinstallé?

Je pourrais avoir les rapports Malwarebytes?
22 Avril 2010 12:37:10

Je viens de désinstaller Spybot & ad-Aware, concernant kapersky (version 10 évaluation) je pense l'avoir bien désinstallé, mais auparavant j'avais eu des problèmes avec la version 9 (pc a commencé à être instable) et j'ai eu beaucoup de peine à le désinstaller entièrement (j'ai eu recours à un logiciel sur internet pour cela).
Voilà sinon le rapport Malwarebytes :
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 4021

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

22/04/2010 11:40:46
mbam-log-2010-04-22 (11-40-46).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 119955
Temps écoulé: 12 minute(s), 27 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yann\Local Settings\Temp\Setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Malwarebytes.Anti-Malware.v1.33.Multilangages.Incl-Keygen.[emule-island.com].rar (Dont.Steal.Our.Software.S) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
22 Avril 2010 12:41:08

Plusieurs choses!

Malwarebytes est un soft GRATUIT, je ne vois pas l'intérêt d'aller le chercher sur Emule, qui de plus pourrait être plein de virus. A ne pas refaire! :pfff: 

Tu avait un Zbot, truc assez méchant. J'espère que tu n'as pas fait de transactions bancaires depuis...

Il y a bien une redirection, on va faire ça en douceur.

Télécharger sur le bureau
Hijackthis

=Double-clic dessus
= Clic Do a system scan and save the log
= copier le rapport, le coller dans la réponse
22 Avril 2010 12:50:07

Je ne suis pas allé chercher Malwarebytes sur emule, je viens de le télécharger peu avant que je poste mon sujet à partir d'un lien sur ce forum, concernant une discussion similaire.
Je n'ai pas fait de transaction bancaire depuis... ouf ! merci de l'info
Voici le rapport de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:50, on 22/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Yann\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.onspeed.com/pac/?id=08410bbf0638b7a47a2a3260...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1c9a54c67ddfcce) (gupdate1c9a54c67ddfcce) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 7369 bytes
22 Avril 2010 12:52:37

Par contre auparavant (quinzaine de jours) en regardant le log ci-dessus, j'ai tenté bien des solutions et j'ai du effectivement téléchargé sur emule divers logiciels conseillés pour éradiquer les menaces sur mon ordinateur. toujours sans succès... Je ne le referai plus...
22 Avril 2010 14:07:33

Tutut! :pfff:  J'invente rien:

Citation :
C:\Program Files\eMule\Incoming\Malwarebytes.Anti-Malware.v1.33.Multilangages.Incl-Keygen.[emule-island.com].rar (Dont.Steal.Our.Software.S) -> Quarantined and deleted successfully.



Relancer Hijack this
= "Do a system scan only"
= cocher les lignes suivantes:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.onspeed.com/pac/?id=084 [...] 6097b4b4f4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,



= cliquer sur fix checked
= Relancer Hijack pour vérifier qu'elles sont parties.

-------

Mettre à jour Avast avec la version 5

Me dire si tu as toujours des redirections


22 Avril 2010 14:18:05

J'ai effectué les suppressions dans Hijack. Mis à jour avast qui l'était déjà. Mais les redirections n'ont pas cessé : adwordsredirect.google.com/go.php vers site style AV antivirus votre système est infecté ou vers google ou vers toujours cheval de troyes détecté par avast...
22 Avril 2010 14:20:04

On continue, c'est peut etre plus grave.

Télécharger sur le bureau
Gmer
= Clic sur ==> GMER Application: Gmer.zip
= Clic-droit sur l'archive Gmer
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= Double-clic sur Gmer qui vient de se créer
= Une fenêtre s'ouvre, clic Scan
Patienter jusqu'à la fin du scan
= Clic Save
= Choisir => bureau => nommer : rapport

= Ne pas refermer Gmer ( ceci n'est pas impératif,mais évite de recommencer le scan si des supprressions à faire)
22 Avril 2010 14:21:55

Ensuite tu fais ceci:

*Copier ceci:

c:\windows\system32\F6429C6689.sys

*Aller sur Virus Total
* Cliquer sur "Choisir"
*Coller dans "nom du fichier" et envoyer le fichier
*Puis coller le rapport généré

-------

C'est toi qui a installé Hide My IP?

22 Avril 2010 14:38:03

Je suis en train de faire le scan. Sinon, concernant hide my IP, oui c'est moi. Je l'ai utilisé une fois ponctuellement, avec résultat bof, je croyais d'ailleurs l'avoir désinstallé.
22 Avril 2010 14:39:53

ok.
est ce que tu as des lignes rouges pour l'instan dans Gmer?
Tu peux faire le scan Virus total en attendant?
22 Avril 2010 14:42:55

Une question bête. Tu as redémarré ton PC depuis Malwarebytes?
22 Avril 2010 14:48:43

Je ne vois pas de lignes rouges dans Gmer, je ne parviens pas à coller c:\windows\system32\F6429C6689.sys dans virus total, je fais "parcourir", mais je ne trouve pas le fichier en question dans system 32
22 Avril 2010 14:49:51

Oui j'ai redémarré mon pc pour finaliser désinstallation de Ad-aware
22 Avril 2010 14:52:49

Tu as essayé le copié collé de cette ligne dans Virus total?

c:\windows\system32\F6429C6689.sys
22 Avril 2010 14:53:20

ça y'est je suis parvenu à mettre fichier dans Virus Total, n'avais pas bien lu
22 Avril 2010 14:54:12

Rapport Virus Total

Fichier F6429C6689.sys reçu le 2010.04.22 12:51:17 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/41 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 42 et 60 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.04.22 -
AhnLab-V3 5.0.0.2 2010.04.22 -
AntiVir 8.2.1.220 2010.04.22 -
Antiy-AVL 2.0.3.7 2010.04.21 -
Authentium 5.2.0.5 2010.04.22 -
Avast 4.8.1351.0 2010.04.22 -
Avast5 5.0.332.0 2010.04.22 -
AVG 9.0.0.787 2010.04.22 -
BitDefender 7.2 2010.04.22 -
CAT-QuickHeal 10.00 2010.04.22 -
ClamAV 0.96.0.3-git 2010.04.22 -
Comodo 4665 2010.04.22 -
DrWeb 5.0.2.03300 2010.04.22 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7443 2010.04.22 -
F-Prot 4.5.1.85 2010.04.21 -
F-Secure 9.0.15370.0 2010.04.22 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.22 -
Ikarus T3.1.1.80.0 2010.04.22 -
Jiangmin 13.0.900 2010.04.22 -
Kaspersky 7.0.0.125 2010.04.22 -
McAfee 5.400.0.1158 2010.04.22 -
McAfee-GW-Edition 6.8.5 2010.04.22 -
Microsoft 1.5703 2010.04.22 -
NOD32 5049 2010.04.22 -
Norman 6.04.11 2010.04.21 -
nProtect 2010-04-22.01 2010.04.22 -
Panda 10.0.2.7 2010.04.21 -
PCTools 7.0.3.5 2010.04.22 -
Prevx 3.0 2010.04.22 -
Rising 22.44.03.04 2010.04.22 -
Sophos 4.53.0 2010.04.22 -
Sunbelt 6207 2010.04.22 -
Symantec 20091.2.0.41 2010.04.22 -
TheHacker 6.5.2.0.267 2010.04.22 -
TrendMicro 9.120.0.1004 2010.04.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.22 -
VBA32 3.12.12.4 2010.04.22 -
ViRobot 2010.4.21.2288 2010.04.22 -
VirusBuster 5.0.27.0 2010.04.22 -
Information additionnelle
File size: 56 bytes
MD5...: 8bb8104177b83860b95300976a63f852
SHA1..: 0ac04557e9ab5ca8af8d27f2d00e6f9a1f7a8e34
SHA256: f40c9a11b7ec974e1829dfdaf77185064a4054fd987a2b753d789753faa81be3
ssdeep: 3:/ldEVlrVX:qh
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
22 Avril 2010 15:02:22

Rien de méchant donc.
On verra le Gmer.
22 Avril 2010 15:19:51

Je crois qu'il va falloir utiliser un autre outil , dont je n'ai pas l'autorisation. Je demande aux Helpers.
22 Avril 2010 15:46:17

J'attend quand même le rapport du Gmer ;) 
22 Avril 2010 18:44:04

Bonsoir
je reprends ce sujet
tigzy, tu n'es plus autorisé à désinfecter sur ce forum...
poste ton rapport GMER

22 Avril 2010 20:26:32

Voici donc mon rapport Gmer après un scan très long... J'ai aussi sauvegardé le fichier log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-22 20:24:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Yann\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB02B4C08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB02B4AC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB02B5078]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB02B4FA2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB02B469A]
SSDT spax.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spax.sys ZwEnumerateValueKey [0xF74F6030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB02B4B9E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB02B45DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB02B463E]
SSDT spax.sys ZwQueryKey [0xF74F6108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB02B4CBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB02B5146]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB02B4C7E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB02B4DFE]

INT 0x62 ? 8ADE9BF8
INT 0x63 ? 8A97ABF8
INT 0x63 ? 8A97ABF8
INT 0x73 ? 8AE59BF8
INT 0x82 ? 8ADE9BF8
INT 0x83 ? 8A97ABF8
INT 0xB4 ? 8A97ABF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB02C150A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB02C132E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB02C1468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP B02BE97E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP B02C1332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B02C150E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP B02BD4AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP B02C146C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spax.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B938F8AC 5 Bytes JMP 8A97A1D8
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xB9423B8D]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB8D51360, 0x32E00D, 0xE8000020]
.text az81rm60.SYS B8D07386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az81rm60.SYS B8D073AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az81rm60.SYS B8D073C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text az81rm60.SYS B8D073C9 1 Byte [2E]
.text az81rm60.SYS B8D073C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1128] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 05052862
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1128] WS2_32.dll!send 719F4C27 5 Bytes JMP 050526EE
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1128] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 050527E0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1128] WS2_32.dll!recv 719F676F 5 Bytes JMP 05052726
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1128] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0505275E
.text C:\WINDOWS\Explorer.EXE[1432] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 016C2862
.text C:\WINDOWS\Explorer.EXE[1432] WS2_32.dll!send 719F4C27 5 Bytes JMP 016C26EE
.text C:\WINDOWS\Explorer.EXE[1432] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 016C27E0
.text C:\WINDOWS\Explorer.EXE[1432] WS2_32.dll!recv 719F676F 5 Bytes JMP 016C2726
.text C:\WINDOWS\Explorer.EXE[1432] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 016C275E
.text C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe[1620] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00B62862
.text C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe[1620] WS2_32.dll!send 719F4C27 5 Bytes JMP 00B626EE
.text C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe[1620] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00B627E0
.text C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe[1620] WS2_32.dll!recv 719F676F 5 Bytes JMP 00B62726
.text C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe[1620] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00B6275E
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1632] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00DE2862
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1632] WS2_32.dll!send 719F4C27 5 Bytes JMP 00DE26EE
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1632] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00DE27E0
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1632] WS2_32.dll!recv 719F676F 5 Bytes JMP 00DE2726
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[1632] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00DE275E
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1748] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 01322862
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1748] WS2_32.dll!send 719F4C27 5 Bytes JMP 013226EE
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1748] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 013227E0
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1748] WS2_32.dll!recv 719F676F 5 Bytes JMP 01322726
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1748] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0132275E
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!??2@YAPAXI@Z 77BF9CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!??3@YAXPAX@Z 77BF9CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77BF9D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_aligned_offset_malloc 77BF9DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_aligned_free 77BF9E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_aligned_malloc 77BF9E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_aligned_offset_realloc 77BF9E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_aligned_realloc 77BF9FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_expand 77BF9FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_heapadd 77BFBC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_heapchk 77BFBCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_heapset + 1 77BFBD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_heapmin 77BFBD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_heapused 77BFBE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_heapwalk 77BFBE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!_msize 77BFBF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!calloc 77BFC0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!free 77BFC21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!malloc 77BFC407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] MSVCRT.dll!realloc 77BFC437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 012E2862
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] WS2_32.dll!send 719F4C27 5 Bytes JMP 012E26EE
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 012E27E0
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] WS2_32.dll!recv 719F676F 5 Bytes JMP 012E2726
.text C:\Program Files\Palm\HOTSYNC.EXE[1768] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 012E275E
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 020D2862
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!send 719F4C27 5 Bytes JMP 020D26EE
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 020D27E0
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!recv 719F676F 5 Bytes JMP 020D2726
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 020D275E
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2260] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605629 C:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2260] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 02A42862
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2260] WS2_32.dll!send 719F4C27 5 Bytes JMP 02A426EE
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2260] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 02A427E0
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2260] WS2_32.dll!recv 719F676F 5 Bytes JMP 02A42726
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2260] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 02A4275E
.text C:\WINDOWS\System32\alg.exe[3192] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 00C32862
.text C:\WINDOWS\System32\alg.exe[3192] WS2_32.dll!send 719F4C27 5 Bytes JMP 00C326EE
.text C:\WINDOWS\System32\alg.exe[3192] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00C327E0
.text C:\WINDOWS\System32\alg.exe[3192] WS2_32.dll!recv 719F676F 5 Bytes JMP 00C32726
.text C:\WINDOWS\System32\alg.exe[3192] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00C3275E
.text C:\Program Files\Mozilla Firefox\firefox.exe[3824] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8AE592D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spax.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spax.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spax.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spax.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spax.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A97A2D8
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\az81rm60.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[544] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[544] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8ADE81F8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8A9791F8
Device \Driver\ACPI \Device\00000051 8A8A9300
Device \Driver\ACPI \Device\00000044 8A8A9300
Device \Driver\NetBT \Device\NetBT_Tcpip_{40C1E83A-1B1C-495F-B2DE-E42DDDC1EA52} 8A311500
Device \Driver\usbohci \Device\USBPDO-1 8A9791F8
Device \Driver\ACPI \Device\00000052 8A8A9300
Device \Driver\usbehci \Device\USBPDO-2 8A9621F8
Device \Driver\ACPI \Device\00000053 8A8A9300
Device \Driver\ACPI \Device\00000060 8A8A9300
Device \Driver\ACPI \Device\00000047 8A8A9300
Device \Driver\ACPI \Device\00000061 8A8A9300

AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{1E0FC03E-4DBF-4906-B042-1160263F7EB2} 8A311500
Device \Driver\ACPI \Device\00000056 8A8A9300
Device \Driver\PCI_PNP5032 \Device\00000049 spax.sys
Device \Driver\PCI_PNP5032 \Device\00000049 spax.sys
Device \Driver\ACPI \Device\00000062 8A8A9300
Device \Driver\ACPI \Device\00000063 8A8A9300
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AE571F8
Device \Driver\ACPI \Device\00000064 8A8A9300
Device \Driver\ACPI \Device\00000058 8A8A9300
Device \Driver\Cdrom \Device\CdRom0 8A9531F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AE571F8
Device \Driver\Cdrom \Device\CdRom1 8A9531F8
Device \Driver\USBSTOR \Device\00000075 8A322500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A311500
Device \Driver\USBSTOR \Device\00000078 8A322500
Device \Driver\NetBT \Device\NetbiosSmb 8A311500
Device \Driver\ACPI \Device\0000004e 8A8A9300
Device \Driver\ACPI \Device\0000005c 8A8A9300
Device \Driver\sptd \Device\1867693782 spax.sys
Device \Driver\ACPI \Device\0000005d 8A8A9300
Device \Driver\ACPI \Device\0000005e 8A8A9300
Device \Driver\ACPI \Device\0000006b 8A8A9300
Device \Driver\ACPI \Device\0000005f 8A8A9300
Device \Driver\usbohci \Device\USBFDO-0 8A9791F8
Device \Driver\ACPI \Device\0000006c 8A8A9300
Device \Driver\usbohci \Device\USBFDO-1 8A9791F8
Device \Driver\ACPI \Device\0000006d 8A8A9300
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A9151F8
Device \Driver\usbehci \Device\USBFDO-2 8A9621F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A9151F8
Device \Driver\Ftdisk \Device\FtControl 8AE571F8
Device \Driver\SI3112r \Device\Scsi\SI3112r1 8AE561F8
Device \Driver\az81rm60 \Device\Scsi\az81rm601 8A93F500
Device \FileSystem\Cdfs \Cdfs 8A36D500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0x78 0x20 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x23 0xEF 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xCF 0xA4 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA4 0xF5 0x2B 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0x78 0x20 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x23 0xEF 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xCF 0xA4 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA4 0xF5 0x2B 0x83 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0x78 0x20 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0x23 0x1F 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0xA4 0x52 0x2F ...

---- EOF - GMER 1.0.15 ----
22 Avril 2010 21:42:16

re

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Copie (Ctrl+C) le texte ci-dessous :
Folder::
c:\program files\Hide The IP 2010



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



  • Combofix se lance, laisse toi guider..

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    22 Avril 2010 22:54:31

    C'est tout bonnement parfait, plus du tout de redirections... Merci, merci, merci !!! Voici le rapport Combo fix :
    ComboFix 10-04-21.01 - Yann 22/04/2010 22:33:31.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1535.1150 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Yann\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Yann\Bureau\CFScript.txt.txt
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\log.tmp
    c:\program files\Hide The IP 2010
    c:\program files\Hide The IP 2010\options.ini
    c:\program files\Hide The IP 2010\SpOrder.dll

    .
    original MBR restored successfully !
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-22 au 2010-04-22 ))))))))))))))))))))))))))))))))))))
    .

    2010-04-22 09:27 . 2010-04-22 09:27 -------- d-----w- c:\documents and settings\Yann\Application Data\Malwarebytes
    2010-04-22 09:26 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-22 09:26 . 2010-04-22 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-22 09:26 . 2010-04-22 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-22 09:26 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-22 09:16 . 2010-04-22 09:16 -------- d-----w- c:\program files\trend micro
    2010-04-22 09:15 . 2010-04-22 09:16 -------- d-----w- C:\rsit
    2010-04-22 09:02 . 2010-04-22 09:06 -------- d-----w- c:\documents and settings\Yann\Application Data\QuickScan
    2010-04-18 18:50 . 2010-04-18 18:50 -------- d-----w- c:\documents and settings\Yann\Application Data\DAEMON Tools Pro
    2010-04-18 18:50 . 2010-04-18 18:50 -------- d-----w- c:\documents and settings\Yann\Application Data\DAEMON Tools
    2010-04-18 18:48 . 2010-04-18 18:48 -------- d-----w- c:\documents and settings\Yann\Local Settings\Application Data\ONSPEED
    2010-04-18 18:48 . 2010-04-18 18:48 -------- d-----w- c:\documents and settings\Yann\Local Settings\Application Data\PackageAware
    2010-04-17 10:32 . 2010-04-17 10:32 -------- d-----w- c:\documents and settings\Yann\Application Data\CheeseSoft
    2010-04-17 10:32 . 2010-04-18 18:30 -------- d-----w- c:\program files\FinalUninstaller
    2010-04-17 09:44 . 2010-04-22 09:19 -------- d-----w- c:\program files\Panda Security
    2010-04-07 17:11 . 2010-04-17 10:07 -------- d-----w- c:\documents and settings\Yann\Application Data\SlipStream
    2010-04-05 21:25 . 2010-04-05 21:25 -------- d-----w- c:\documents and settings\Yann\Local Settings\Application Data\Cooliris
    2010-04-05 17:43 . 2010-04-22 10:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-05 17:43 . 2010-04-22 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-04-05 15:36 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-05 15:36 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-04-05 15:35 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-04-05 15:35 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-04-05 15:35 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-04-05 15:35 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-05 15:34 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-04-05 15:34 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-04-05 15:34 . 2010-04-05 15:34 -------- d-----w- c:\program files\Alwil Software
    2010-04-05 15:34 . 2010-04-05 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-03-31 11:51 . 2010-03-31 11:51 -------- d-----w- c:\program files\Fichiers communs\Java
    2010-03-28 16:13 . 2010-04-18 18:43 -------- d-----w- c:\documents and settings\Yann\Application Data\vlc

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-22 13:20 . 2009-12-10 18:27 -------- d-----w- c:\documents and settings\Yann\Application Data\DivX
    2010-04-22 10:32 . 2009-03-21 10:17 -------- d-----w- c:\program files\Lavasoft
    2010-04-22 10:32 . 2009-03-21 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-04-18 18:50 . 2009-10-10 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Skyline
    2010-04-18 18:49 . 2009-01-15 21:52 -------- d-----w- c:\documents and settings\Yann\Application Data\CoreFTP
    2010-04-18 18:47 . 2010-03-03 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-04-18 18:46 . 2009-01-19 19:05 -------- d-----w- c:\program files\VLC
    2010-04-18 18:37 . 2009-01-21 09:19 -------- d-----w- c:\documents and settings\Yann\Application Data\dvdcss
    2010-04-18 18:31 . 2008-12-30 17:57 -------- d-----w- c:\documents and settings\Yann\Application Data\Azureus
    2010-04-18 18:31 . 2009-03-18 17:13 -------- d-----w- c:\documents and settings\Yann\Application Data\Orbit
    2010-04-18 18:31 . 2010-02-13 10:25 -------- d-----w- c:\documents and settings\Yann\Application Data\Ulead Systems
    2010-04-13 13:58 . 2010-04-22 09:00 670696 ----a-w- c:\documents and settings\Yann\Application Data\Mozilla\Firefox\Profiles\jkv46hra.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-04-13 13:58 . 2010-04-22 09:00 833960 ----a-w- c:\documents and settings\Yann\Application Data\Mozilla\Firefox\Profiles\jkv46hra.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-04-05 22:23 . 2008-12-30 18:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-05 15:19 . 2010-03-03 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2010-03-31 11:49 . 2010-03-31 11:49 503808 ----a-w- c:\documents and settings\Yann\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a7b9357-n\msvcp71.dll
    2010-03-31 11:49 . 2010-03-31 11:49 61440 ----a-w- c:\documents and settings\Yann\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-70681084-n\decora-sse.dll
    2010-03-31 11:49 . 2010-03-31 11:49 499712 ----a-w- c:\documents and settings\Yann\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a7b9357-n\jmc.dll
    2010-03-31 11:49 . 2010-03-31 11:49 348160 ----a-w- c:\documents and settings\Yann\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2a7b9357-n\msvcr71.dll
    2010-03-31 11:49 . 2010-03-31 11:49 12800 ----a-w- c:\documents and settings\Yann\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-70681084-n\decora-d3d.dll
    2010-03-31 11:48 . 2009-05-18 11:02 -------- d-----w- c:\program files\Java
    2010-03-28 15:58 . 2003-04-24 12:00 540222 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-28 15:58 . 2003-04-24 12:00 97400 ----a-w- c:\windows\system32\perfc00C.dat
    2010-03-16 12:46 . 2008-12-30 17:56 -------- d-----w- c:\program files\Vuze
    2010-03-13 09:03 . 2009-07-24 16:28 -------- d-----w- c:\program files\Defraggler
    2010-03-11 12:34 . 2006-06-23 12:28 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:34 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:34 . 2003-04-24 12:00 17408 ------w- c:\windows\system32\corpol.dll
    2010-03-09 11:10 . 2003-04-24 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-09 02:28 . 2009-05-18 11:02 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-03-08 11:48 . 2010-03-08 11:48 -------- d-----w- c:\documents and settings\Yann\Application Data\Ahead
    2010-03-08 11:44 . 2010-03-08 11:43 -------- d-----w- c:\program files\Fichiers communs\Ahead
    2010-03-08 11:43 . 2010-03-08 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2010-03-08 11:43 . 2009-01-04 14:36 -------- d-----w- c:\program files\Nero
    2010-03-05 07:27 . 2009-01-04 15:49 -------- d-----w- c:\program files\Documents To Go
    2010-03-05 07:26 . 2009-01-04 15:24 -------- d-----w- c:\program files\Palm
    2010-03-04 17:18 . 2010-02-25 17:55 -------- d-----w- c:\program files\WinTV
    2010-03-04 08:34 . 2010-03-04 08:27 -------- d-----w- c:\program files\TrojanHunter 4.5
    2010-03-03 09:54 . 2009-01-18 17:51 -------- d-----w- c:\program files\eMule
    2010-03-01 09:33 . 2010-02-25 17:33 -------- d-----w- c:\program files\MeuhMeuhTV
    2010-03-01 09:32 . 2010-02-25 17:33 -------- d-----w- c:\program files\MMTVConfig
    2010-03-01 09:31 . 2010-02-23 08:53 -------- d-----w- c:\program files\Fichiers communs\Nero
    2010-02-28 16:17 . 2010-03-01 08:49 46 ----a-w- c:\documents and settings\HelpAssistant\index.dat
    2010-02-28 16:17 . 2010-02-28 16:17 46 ----a-w- c:\documents and settings\Yann\index.dat
    2010-02-25 17:34 . 2010-02-25 17:34 -------- d-----w- c:\documents and settings\Yann\Application Data\MMTVConfig
    2010-02-25 10:12 . 2010-02-25 10:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-02-24 13:11 . 2003-04-24 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-23 09:50 . 2010-02-23 09:50 218136 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-02-23 07:30 . 2010-02-23 07:30 -------- d-----w- c:\program files\Lavalys
    2010-02-17 12:07 . 2003-04-24 12:00 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 19:07 . 2002-08-29 11:42 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-13 17:04 . 2008-12-28 16:19 85704 ----a-w- c:\documents and settings\Yann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-02-12 04:34 . 2006-08-16 12:16 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2003-04-24 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2009-03-26 16:41 . 2009-03-26 16:41 56 --sh--r- c:\windows\system32\F6429C6689.sys
    2009-03-26 16:41 . 2009-03-26 16:41 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-10-07 13574144]
    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-10-07 86016]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Yann\Menu D‚marrer\Programmes\D‚marrage\
    HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008]

    c:\documents and settings\Yann\Menu D‚marrer\Programmes\D‚marrage\
    HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-10-14 299008]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2006-10-22 22:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-06-27 18:03 152872 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-10-07 12:33 1630208 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Palm\\HOTSYNC.EXE"=
    "c:\\Program Files\\Encyclopaedia Universalis\\Encyclopaedia Universalis\\starter.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Le Robert\\Le Petit Robert 2009\\RobertHA.exe"=
    "c:\\Program Files\\Le Robert\\Le Petit Robert 2009\\prnet.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15164:TCP"= 15164:TCP:*:D isabled:NortonAV
    "12568:TCP"= 12568:TCP:*:D isabled:NortonAV
    "12877:TCP"= 12877:TCP:*:D isabled:NortonAV
    "16527:TCP"= 16527:TCP:*:D isabled:NortonAV
    "14982:TCP"= 14982:TCP:*:D isabled:NortonAV
    "49665:TCP"= 49665:TCP:49665
    "49665:UDP"= 49665:UDP:49665
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2479:TCP"= 2479:TCP:Services
    "4428:TCP"= 4428:TCP:Services
    "3389:TCP"= 3389:TCP:Remote Desktop
    "6322:TCP"= 6322:TCP:Services
    "6323:TCP"= 6323:TCP:Services

    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [10/11/2005 18:00 102400]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/04/2010 17:36 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2010 17:36 19024]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c9a54c67ddfcce;Service Google Update (gupdate1c9a54c67ddfcce);c:\program files\Google\Update\GoogleUpdate.exe [15/03/2009 10:59 133104]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/12/2008 18:59 717296]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 08:59]

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 08:59]
    .
    .
    ------- Examen supplémentaire -------
    .
    IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
    FF - ProfilePath - c:\documents and settings\Yann\Application Data\Mozilla\Firefox\Profiles\jkv46hra.default\
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Photodex Presenter\npPxPlay.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
    MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe
    ActiveSetup-{11FC12D0-1A72-12D2-992D-5BC14F992BC7} - c:\windows\system32\javan.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-22 22:43
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2010-04-22 22:48:23
    ComboFix-quarantined-files.txt 2010-04-22 20:48

    Avant-CF: 27 683 082 240 octets libres
    Après-CF: 27 687 288 832 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

    - - End Of File - - 72E754836E361FB709DD3B79E9A6E252
    23 Avril 2010 17:31:12

    re
    désinstalle TrojanHunter 4.5

    refais un scan avec GMER et poste le rapport stp
    27 Avril 2010 19:26:44

    Bonjour, j'ai désinstallé Trojan Hunter 4.5 & voici le scan Gmer :
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-27 19:21:44
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Yann\LOCALS~1\Temp\pxtdapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAEC33C08]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAEC33AC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAEC34078]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAEC33FA2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAEC3369A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAEC33B9E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAEC335DA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAEC3363E]
    SSDT \??\C:\DOCUME~1\Yann\LOCALS~1\Temp\ASFWHide ZwQuerySystemInformation [0xAD1B8486]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAEC33CBE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAEC34146]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAEC33C7E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAEC33DFE]
    SSDT \??\C:\DOCUME~1\Yann\LOCALS~1\Temp\ASFWHide ZwTerminateProcess [0xAD1B86DA]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAEC4050A]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAEC4032E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAEC40468]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP AEC3D97E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP AEC40332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP AEC4050E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP AEC3C4AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP AEC4046C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xB9B65B8D]
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB92FE360, 0x32E00D, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!??2@YAPAXI@Z 77BF9CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!??3@YAXPAX@Z 77BF9CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77BF9D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_aligned_offset_malloc 77BF9DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_aligned_free 77BF9E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_aligned_malloc 77BF9E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_aligned_offset_realloc 77BF9E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_aligned_realloc 77BF9FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_expand 77BF9FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_heapadd 77BFBC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_heapchk 77BFBCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_heapset + 1 77BFBD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_heapmin 77BFBD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_heapused 77BFBE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_heapwalk 77BFBE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!_msize 77BFBF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!calloc 77BFC0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!free 77BFC21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!malloc 77BFC407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\Palm\HOTSYNC.EXE[1996] MSVCRT.dll!realloc 77BFC437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[528] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[528] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
    IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1296] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] [00401630] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/ALWIL Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0x78 0x20 0x28 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x23 0xEF 0x69 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xCF 0xA4 0x7B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA4 0xF5 0x2B 0x83 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0x78 0x20 0x28 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0x23 0xEF 0x69 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xCF 0xA4 0x7B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA4 0xF5 0x2B 0x83 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAC 0x78 0x20 0x28 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x94 0x23 0x1F 0x54 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x86 0xA4 0x52 0x2F ...

    ---- EOF - GMER 1.0.15 ----
    27 Avril 2010 23:12:49

    re
    d'autres soucis?
    28 Avril 2010 12:59:38

    Non plus aucun et ça change la vie, j'ai l'impression d'avoir une nouvelle machine. MERCI !!!!
    28 Avril 2010 15:04:06

    re
    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS