[resolu] problèmes après formatage

[choucroune]

Bonjour,

je viens de formater mon pc puis j'ai réinstallé windows xp avec le cd d'installation. tout s'est bien passé j'ai réinstallé mes logiciels cela marchait. mais au bout d'un moment quand je faisais une recherche sur google avec firefox et que je cliquais sur un lien ca m'ouvre un nouvel onglet et ca ne m'ouvre pas la bonne page (pub de tchat ou site x). j'ai essayé de télécharger malwarebyte's anti-malware mais il ne veut pas m'ouvrir le logiciel une fois installé. je ne peux pas accéder au mode sans échec non plus. est-ce que quelqu'un pourrait m'aider svp? je ne sais plus quoi faire merci beaucoup

 

je vous met un rapport hijackthis si ca peut aider

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:33:36, on 06/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238844973156

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 4289 bytes

Modifié le 7 avril 2009 par choucroune

[angelique]

Comment tu fais pour te faire infecter sur un pc formaté , tes symptomes sont tout à fait ceux d'une infection meme si rien n'est mis en évidence dans le rapport HijackThis.

 

• telecharge sur ton bureau Drv32Look.exe , double clic dessus et poste le contenu du rapport TXT qui s'affiche:

 

http://senduit.com/29747c

 

• Télécharge Gmer http://www.gmer.net/gmer.zip

 

Déconnecte toi d'internet si possible et ferme tous les programmes.

Décompresse le fichier zip et double-clic sur gmer.exe

IMPORTANT Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clic sur l'onglet "rootkit"

A droite, laisse tout coché

Clic sur Scan

Lorsque le scan est terminé, clique sur "copy"

 

Ouvre le bloc-note et clique sur le Menu Edition / Coller

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et poste le rapport dans ta prochaine réponse.

 

renouvelle l'opération mais avant de le lançer clic droit dans la fenetre\option\coche Only non MS Files , clic scan et idem que precedemment , poste le rapport.

 

http://imagesup.org/images/1239086511-onlynonmsfiles.jpg

[choucroune]

1er rapport Drv32Look.exe

 

REGEDIT

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midimapper"="midimap.dll"

"msacm.imaadpcm"="imaadp32.acm"

"msacm.msadpcm"="msadp32.acm"

"msacm.msg711"="msg711.acm"

"msacm.msgsm610"="msgsm32.acm"

"msacm.trspch"="tssoft32.acm"

"vidc.cvid"="iccvid.dll"

"vidc.I420"="msh263.drv"

"vidc.iv31"="ir32_32.dll"

"vidc.iv32"="ir32_32.dll"

"vidc.iv41"="ir41_32.ax"

"vidc.iyuv"="iyuv_32.dll"

"vidc.mrle"="msrle32.dll"

"vidc.msvc"="msvidc32.dll"

"vidc.uyvy"="msyuv.dll"

"vidc.yuy2"="msyuv.dll"

"vidc.yvu9"="tsbyuv.dll"

"vidc.yvyu"="msyuv.dll"

"wavemapper"="msacm32.drv"

"msacm.msg723"="msg723.acm"

"vidc.M263"="msh263.drv"

"vidc.M261"="msh261.drv"

"msacm.msaudio1"="msaud32.acm"

"msacm.sl_anet"="sl_anet.acm"

"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"

"vidc.iv50"="ir50_32.dll"

"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"

"msacm.siren"="sirenacm.dll"

"wave"="wdmaud.drv"

"midi"="wdmaud.drv"

"mixer"="wdmaud.drv"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]

"wave"="rdpsnd.dll"

"mixer"="rdpsnd.dll"

"MaxBandwidth"=dword:000056b9

"wavemapper"="msacm32.drv"

"EnableMP3Codec"=dword:00000001

"midimapper"="midimap.dll"

 

 

 

 

 

 

2ème rapport Gmer

 

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-07 10:36:57

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

Code 8978A390 ZwEnumerateKey

Code 89773E78 ZwFlushInstructionCache

Code 8977BA86 IofCallDriver

Code 8977B9AE IofCompleteRequest

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 8977BA8B

.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 8977B9B3

PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 8978A394

PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 89773E7C

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4437F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4451187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 44511800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 44511844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 4451178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 445117C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 445118BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 443A16F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] WS2_32.dll!send 719F4C27 5 Bytes JMP 00CD000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00D0000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] WS2_32.dll!recv 719F676F 5 Bytes JMP 00CE000A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2508] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00CF000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3656] WS2_32.dll!send 719F4C27 5 Bytes JMP 00D5000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3656] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 00D8000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3656] WS2_32.dll!recv 719F676F 5 Bytes JMP 00D6000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3656] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 00D7000A

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- Modules - GMER 1.0.15 ----

 

Module \systemroot\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys (*** hidden *** ) B8C1F000-B8C34000 (86016 bytes)

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys (*** hidden *** ) [sYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxsbjfvpiyfvkplvnkthosdohmpxhraetn.dll

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys

Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxsbjfvpiyfvkplvnkthosdohmpxhraetn.dll

 

---- Files - GMER 1.0.15 ----

 

File C:\WINDOWS\system32\gaopdxcounter 4 bytes

File C:\WINDOWS\system32\gaopdxsbjfvpiyfvkplvnkthosdohmpxhraetn.dll 13824 bytes executable

File C:\WINDOWS\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys 34816 bytes executable <-- ROOTKIT !!!

 

---- EOF - GMER 1.0.15 ----

[choucroune]

3ème rapport Gmer

 

 

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-07 10:43:14

Windows 5.1.2600 Service Pack 3

 

 

---- Modules - GMER 1.0.15 ----

 

Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes)

Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) BA247000-BA417000 (1900544 bytes)

Module \SystemRoot\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) BA0E5000-BA21B000 (1269760 bytes)

Module \SystemRoot\system32\drivers\vinyl97.sys (Vinyl AC'97 Codec Combo WDM Driver/VIA Technologies, Inc.) BA06B000-BA09E000 (208896 bytes)

Module \SystemRoot\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) F7777000-F777E000 (28672 bytes)

Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7797000-F779C000 (20480 bytes)

Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 56.73 /NVIDIA Corporation) BF012000-BF426000 (4276224 bytes)

Module \SystemRoot\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) B8BDF000-B8BE5000 (24576 bytes)

Module \SystemRoot\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) B6000000-B604E000 (319488 bytes)

Module \SystemRoot\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) B5FE7000-B6000000 (102400 bytes)

Module \??\C:\DOCUME~1\laetitia\LOCALS~1\Temp\aujasnkj.sys (GMER) B3675000-B3689000 (81920 bytes)

Module \systemroot\system32\drivers\gaopdxxbfagvscpabrprtlwerqhqhwexjgnrit.sys (*** hidden *** ) B8C1F000-B8C34000 (86016 bytes)

 

---- Processes - GMER 1.0.15 ----

 

Process C:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 268

Library C:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 0x00400000

 

Process C:\WINDOWS\System32\TUProgSt.exe (TuneUp Program Statistics Service/TuneUp Software) 688

Library C:\WINDOWS\System32\TUProgSt.exe (TuneUp Program Statistics Service/TuneUp Software) 0x00400000

 

Process C:\Program Files\AVG\AVG8\avgtray.exe (AVG Tray Monitor/AVG Technologies CZ, s.r.o.) 852

Library C:\Program Files\AVG\AVG8\avgtray.exe (AVG Tray Monitor/AVG Technologies CZ, s.r.o.) 0x00400000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000

Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

Library C:\Program Files\AVG\AVG8\AVGUIRES.DLL (AVG User Interface Resource Library/AVG Technologies CZ, s.r.o.) 0x6D0B0000

 

Process C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 1228

Library C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 0x00400000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\PROGRA~1\AVG\AVG8\avgwd.dll (AVG Watchdog Module/AVG Technologies CZ, s.r.o.) 0x6D740000

Library C:\PROGRA~1\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000

Library C:\PROGRA~1\AVG\AVG8\avgamnot.dll (AVG Event Notification Library/AVG Technologies CZ, s.r.o.) 0x6A5B0000

Library C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll (AVG Windows Security Center Module/AVG Technologies CZ, s.r.o.) 0x6D930000

Library C:\PROGRA~1\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

Library C:\PROGRA~1\AVG\AVG8\avgsched.dll (AVG Scheduler Module/AVG Technologies CZ, s.r.o.) 0x6C250000

 

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1340

Library c:\windows\system32\uxtuneup.dll (TuneUp Theme Extension/TuneUp Software) 0x55580000

 

Process C:\PROGRA~1\AVG\AVG8\avgnsx.exe (AVG Network scanner Service/AVG Technologies CZ, s.r.o.) 1440

Library C:\PROGRA~1\AVG\AVG8\avgnsx.exe (AVG Network scanner Service/AVG Technologies CZ, s.r.o.) 0x00400000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\PROGRA~1\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000

Library C:\PROGRA~1\AVG\AVG8\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x6DB90000

 

Process C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 1620

Library C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 0x00400000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\Program Files\AVG\AVG8\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000

Library C:\Program Files\AVG\AVG8\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000

 

Process C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 1820

Library C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 0x00400000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\PROGRA~1\AVG\AVG8\avgcclix.dll (AVG Scanning Core Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6A870000

 

Process C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 1840

Library C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Scanning Core Module - Server Part/AVG Technologies CZ, s.r.o.) 0x00400000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\Program Files\AVG\AVG8\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x6AB10000

Library C:\Program Files\AVG\AVG8\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x6B1F0000

 

Process C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 1892

Library C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 0x00400000

Library C:\PROGRA~1\AVG\AVG8\libsasl.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DD70000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\Program Files\AVG\AVG8\avgapix.dll (AVG API Module/AVG Technologies CZ, s.r.o.) 0x6A630000

Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000

Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

Library C:\Program Files\AVG\AVG8\avgscanx.dll (AVG Scanning Module/AVG Technologies CZ, s.r.o.) 0x6C1C0000

Library C:\Program Files\AVG\AVG8\avgsrmx.dll (AVG Scan Result Manager Module/AVG Technologies CZ, s.r.o.) 0x6C550000

Library C:\Program Files\AVG\AVG8\avgvvx.dll (AVG Virus Vault Module/AVG Technologies CZ, s.r.o.) 0x6D670000

Library C:\Program Files\AVG\AVG8\avgmvflx.dll (AVG Move File Library/AVG Technologies CZ, s.r.o.) 0x6BD30000

Library C:\Program Files\AVG\AVG8\avgcclix.dll (AVG Scanning Core Module - Client Part/AVG Technologies CZ, s.r.o.) 0x6A870000

Library C:\PROGRA~1\AVG\AVG8\saslcrammd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDB0000

Library C:\PROGRA~1\AVG\AVG8\sasldigestmd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDC0000

Library C:\PROGRA~1\AVG\AVG8\sasllogin.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DDA0000

Library C:\PROGRA~1\AVG\AVG8\saslplain.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x6DD90000

 

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (Internet Explorer/Microsoft Corporation) 2508

Library C:\Program Files\AVG\AVG8\avgssie.dll (Safe Search for Internet Explorer/AVG Technologies CZ, s.r.o.) 0x6C7F0000

Library C:\Program Files\AVG\AVG8\avgapix.dll (AVG API Module/AVG Technologies CZ, s.r.o.) 0x6A630000

Library C:\Program Files\AVG\AVG8\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x6DB90000

Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

 

Process C:\Documents and Settings\laetitia\Bureau\gmer.exe 3048

Library C:\Documents and Settings\laetitia\Bureau\gmer.exe 0x00400000

 

Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 3656

Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000

Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x60490000

Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x60210000

Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft ® C/C++ Runtime Library/Mozilla Foundation) 0x60000000

Library C:\Program Files\Mozilla Firefox\js3250.dll (Netscape 32-bit JavaScript Module/Netscape Communications Corporation) 0x60100000

Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x600B0000

Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x60430000

Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x60340000

Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x603F0000

Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x600F0000

Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x600E0000

Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x60410000

Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000

Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x60DF0000

Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x601B0000

Library C:\Documents and Settings\laetitia\Application Data\Mozilla\Firefox\Profiles\5nlc43df.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll 0x01090000

Library C:\Documents and Settings\laetitia\Application Data\Mozilla\Firefox\Profiles\5nlc43df.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll 0x010B0000

Library C:\Documents and Settings\laetitia\Application Data\Mozilla\Firefox\Profiles\5nlc43df.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 0x01C30000

Library C:\Documents and Settings\laetitia\Application Data\Mozilla\Firefox\Profiles\5nlc43df.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 0x01C50000

Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x602F0000

Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x60320000

Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x60450000

Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x602A0000

Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x601C0000

Library C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll (Safe Search for Firefox/AVG Technologies CZ, s.r.o.) 0x6C660000

Library C:\Program Files\AVG\AVG8\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x6DB90000

Library C:\Program Files\AVG\AVG8\avgapix.dll (AVG API Module/AVG Technologies CZ, s.r.o.) 0x6A630000

Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x6A920000

Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x6BC50000

Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x6BBD0000

Library C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x09200000

 

Process C:\WINDOWS\explorer.exe (Explorateur Windows/Microsoft Corporation) 3896

Library C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll (TuneUp Shredder Shell Extension/TuneUp Software) 0x10000000

Library C:\PROGRA~1\IZArc\IZArcCM.dll 0x03240000

Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x01D90000

Library C:\Program Files\AVG\AVG8\avgse.dll (AVG Shell Extension/AVG Technologies CZ, s.r.o.) 0x6C330000

 

---- Services - GMER 1.0.15 ----

 

Service C:\WINDOWS\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) [MANUAL] AgereSoftModem

Service AVG

Service C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) [AUTO] avg8emc

Service C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) [AUTO] avg8wd

Service C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) [sYSTEM] AvgLdx86

Service C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) [sYSTEM] AvgMfx86

Service C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) [sYSTEM] AvgTdiX

Service C:\WINDOWS\system32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc. ) [MANUAL] FETNDIS

Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) [MANUAL] nv

Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink

Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv

Service C:\WINDOWS\system32\DRIVERS\ssm_bus.sys (SAMSUNG Mobile USB Device II 1.0 Driver/MCCI) [MANUAL] ssm_bus

Service C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys (SAMSUNG Mobile USB Modem II 1.0 Filter Driver/MCCI) [MANUAL] ssm_mdfl

Service C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys (SAMSUNG Mobile USB Modem II 1.0 Driver/MCCI) [MANUAL] ssm_mdm

Service C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20090325.001\symidsco.sys [MANUAL] SYMIDSCO

Service C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Drive Defrag Service/TuneUp Software) [MANUAL] TuneUp.Defrag

Service C:\WINDOWS\System32\TUProgSt.exe (TuneUp Program Statistics Service/TuneUp Software) [AUTO] TuneUp.ProgramStatisticsSvc

Service VIA Codec Default

Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [bOOT] ViaIde

Service C:\WINDOWS\system32\drivers\vinyl97.sys (Vinyl AC'97 Codec Combo WDM Driver/VIA Technologies, Inc.) [MANUAL] VIAudio

Service Wmi

 

---- EOF - GMER 1.0.15 ----

[angelique]

• telecharge zozo.bat sur ton bureau: http://senduit.com/925933

 

double clic dessus , ton pc va redemarrer , reposte un nouveau rapport Gmer comme le 1er

[choucroune]

j'ai cliqué sur zozo.bat mais mon pc n'a pas redémarré je l'ai fait moi même

je suis en train de faire le scan Gmer

[choucroune]

GMER 1.0.15.14966 - http://www.gmer.net

Rootkit scan 2009-04-07 12:58:46

Windows 5.1.2600 Service Pack 3

 

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

[choucroune]

je peux rouvrir malwarebyte's anti-malware

[angelique]

je peux rouvrir malwarebyte's anti-malware

 

Je m'en doute

 

• supprime C:\WINDOWS\system32\gaopdxcounter

 

• tu pourras poster le scan de MBAM si t'as envie

 

• Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner(à utiliser régulièrement!):

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

• naviguer avec FireFox http://www.mozilla-europe.org/fr/firefox/ , JavaScript désactivé quand on sait pas ou on surf, ça peut éviter les IFrames pourries javaScript sur une page web pourries http://www.certa.ssi.gouv.fr/site/CERTA-20...-001/index.html

 

http://imagesup.org/images/1237009714-jsff.jpg

 

• Configurer FireFox pour vider cache, cookies ...... à sa fermeture:

 

http://imagesup.org/images/1237009855-clrff.jpg

 

• Lire sécuriser FireFox:: http://www.malekal.com/securiser_Firefox.php

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

[choucroune]

ok merci j'ai fait tout ca merci beaucoup pour ton aide