PC infecté par virus ou malwares ?

[Sophie123]

Bonjour,

 

Divers symptômes (publicités bizarres clignotantes, disque dur bruyant), "Microsoft security essential" installé sur l'ordinateur qui me signale un virus "grave".

 

Par sécurité, je préfère m'adresser à vous pour voir ensemble ce qui pourrait bien clocher avec ce PC.

 

Merci par avance pour votre aide.

[Florinator]

Bonjour Sophie

 

On va regarder cela d'un peu plus prés.

N'hesites pas à me demander si tu ne comprends pas quelque chose:

 

1)

Télécharge MBAM

 

• Installe le
  
• Lance l'outil
  
• Coche "Executer un examen complet"
  
• Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
  
• Clique sur Supprimer la sélection
  
• Pour poster le rapport clique sur l'onglet Rapports/Log et
  
• Sélectionne celui t'intéresse et clique sur Ouvrir
  
• Fait copier coller et poste le rapport stp
  

 

 

2)

Télécharge RSIT crée par Random/random

 

• Enregistre le sur ton bureau
  
• Double-clique dessus
  
• Clique sur Continue à l'écran Disclaimer.

 

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

• 
   
  
• Poste le contenu de log.txt qui sera affiché
  
• Poste le contenu de info.txt qui sera réduit dans la Barre des Tâches.

 

Remarque: Les 2 rapports se situent aussi dans C:/Rsit

 

A++

[Sophie123]

Merci Florinator pour ta réponse

 

Voici les rapports demandés.

 

MBAM-Log :

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4321

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

17/07/2010 16:32:24

mbam-log-2010-07-17 (16-32-24).txt

 

Type d'examen: Examen complet (C:\|D:\|E:\|)

Elément(s) analysé(s): 234102

Temps écoulé: 2 heure(s), 40 minute(s), 40 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

2) RSIT

 

a) log :

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Sophie at 2010-07-17 18:25:06

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 4 GB (9%) free of 40 GB

Total RAM: 1014 MB (25% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:25:57, on 17/07/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Tall Emu\Online Armor\OAhlp.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sophie\Bureau\RSIT.exe

C:\Program Files\trend micro\Sophie.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll

O3 - Toolbar: CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [browserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270404491546

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 11325 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Analyse rapide des disques durs.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\OGALogon.job

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{72D175D7-C656-4237-B71C-8C637504E842}.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-04-15 1375624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll [2004-12-02 1066968]

{D4027C7F-154A-4066-A1AD-4243D8127440} - CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-04-15 1375624]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-04-17 141848]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-04-17 166424]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-04-17 137752]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-17 16859648]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]

"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

"Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]

"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]

"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"BrowserChoice"=C:\WINDOWS\system32\browserchoice.exe [2010-02-12 293376]

 

C:\Documents and Settings\Sophie\Menu Démarrer\Programmes\Démarrage

Outil de détection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-04-17 208896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2010-07-17 18:25:06 ----D---- C:\rsit

2010-07-14 21:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

2010-07-14 21:02:00 ----SHD---- C:\Config.Msi

2010-07-03 11:11:00 ----D---- C:\Documents and Settings\Sophie\Application Data\vlc

2010-06-20 14:01:31 ----D---- C:\FreudUsers

 

======List of files/folders modified in the last 1 months======

 

2010-07-17 18:25:56 ----D---- C:\Program Files\trend micro

2010-07-17 18:25:25 ----D---- C:\WINDOWS\Temp

2010-07-17 18:24:42 ----D---- C:\WINDOWS\Prefetch

2010-07-17 13:50:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-07-17 13:50:13 ----D---- C:\WINDOWS\system32\drivers

2010-07-17 08:26:09 ----SD---- C:\WINDOWS\Tasks

2010-07-17 08:22:36 ----D---- C:\WINDOWS\system32\CatRoot2

2010-07-16 22:56:40 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-07-14 21:39:47 ----D---- C:\WINDOWS

2010-07-14 21:12:09 ----HD---- C:\WINDOWS\inf

2010-07-14 21:11:58 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-07-14 21:11:56 ----D---- C:\WINDOWS\system32

2010-07-14 21:11:13 ----HD---- C:\WINDOWS\$hf_mig$

2010-07-14 21:06:28 ----SHD---- C:\WINDOWS\Installer

2010-07-14 21:06:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2010-07-11 11:19:56 ----D---- C:\Documents and Settings\All Users\Application Data\DivX

2010-07-11 11:12:31 ----D---- C:\Program Files\DivX

2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

2010-06-29 18:22:10 ----D---- C:\Program Files\Microsoft Security Essentials

2010-06-28 21:54:35 ----D---- C:\Program Files\Mozilla Firefox

2010-06-23 17:46:02 ----D---- C:\WINDOWS\Debug

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-11-15 43488]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 58048]

R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []

R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []

R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-04-17 5854752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4652544]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-28 12288]

R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-09-22 108256]

R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-04-17 105856]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []

S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Sophie\LOCALS~1\Temp\catchme.sys []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]

R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]

R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]

R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]

R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]

S3 usnsvc;Service Messenger Sharing USN Journal Reader; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

 

-----------------EOF-----------------

 

 

 

b) info :

 

 

info.txt logfile of random's system information tool 1.08 2010-07-17 18:26:01

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c -removeonly

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c -removeonly

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c -removeonly

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"

Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"

Configuration DivX-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com

Copernic Agent Basic-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"

Correctif pour Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

Foxit Reader-->MsiExec.exe /I{00422D27-AAF5-493F-8232-EA1D1D920025}

GrabIt 1.7.2 Beta 4 (build 997)-->"C:\Program Files\GrabIt\unins000.exe"

HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat

HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}

Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}

Microsoft Antimalware-->MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x

Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mise à jour de sécurité pour Lecteur Windows Media (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"

MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}

Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

Nero 7 Premium-->MsiExec.exe /I{9DAA3F6E-0B56-A762-02CF-F9D80D8F1036}

Object Fix Zip 1.5-->C:\Program Files\Object Fix Zip\uninst.exe

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"

Photo et imagerie HP 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x040c -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly

Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}

Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office Outlook 2007 (KB980376)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {48113C06-9BA2-4D54-A731-D1D2C5B3144A}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}

Sony Picture Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x40c /removeonly uninstall -removeonly

Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Outlook 2007 Junk Email Filter (kb2202131)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A67392E8-282B-4BEF-8020-EF3DD664DE7B}

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Messenger-->MsiExec.exe /I{E22885AB-B503-46E2-8437-73BBC6BC5487}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

 

======Security center information======

 

AV: AntiVir Desktop

AV: Microsoft Security Essentials

FW: Pare-feu Online Armor

 

======System event log======

 

Computer Name:

Event Code: 7036

Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

 

Record Number: 17101

Source Name: Service Control Manager

Time Written: 20100601173910.000000+120

Event Type: Informations

User:

 

Computer Name:

Event Code: 18

Message: TIMEOUT<VsTskMgr.exe> C:\...irusScan\nailite.dll

 

Record Number: 17100

Source Name: avgntflt

Time Written: 20100601173831.000000+120

Event Type: Avertissement

User:

 

Computer Name:

Event Code: 17

Message: AVGNTFLT successfully loaded

 

Record Number: 17099

Source Name: avgntflt

Time Written: 20100601173751.000000+120

Event Type: Informations

User:

 

Computer Name:

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 17098

Source Name: EventLog

Time Written: 20100601173721.000000+120

Event Type: Informations

User:

 

Computer Name:

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

 

Record Number: 17097

Source Name: EventLog

Time Written: 20100601173721.000000+120

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name:

Event Code: 4113

Message: AntiVir a détecté dans le fichier

C:\WINDOWS\system32\ansig.exe

un code suspect avec la désignation 'TR/PSW.ZGQ.8'!

 

Record Number: 3813

Source Name: Avira AntiVir

Time Written: 20100409183107.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name:

Event Code: 4113

Message: AntiVir a détecté dans le fichier

C:\WINDOWS\system32\ansig.exe

un code suspect avec la désignation 'TR/PSW.ZGQ.8'!

 

Record Number: 3812

Source Name: Avira AntiVir

Time Written: 20100409183103.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name:

Event Code: 4113

Message: AntiVir a détecté dans le fichier

C:\WINDOWS\system32\ansig.exe

un code suspect avec la désignation 'TR/PSW.ZGQ.8'!

 

Record Number: 3811

Source Name: Avira AntiVir

Time Written: 20100409183059.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name:

Event Code: 4113

Message: AntiVir a détecté dans le fichier

C:\WINDOWS\system32\ansig.exe

un code suspect avec la désignation 'TR/PSW.ZGQ.8'!

 

Record Number: 3810

Source Name: Avira AntiVir

Time Written: 20100409183055.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name:

Event Code: 4113

Message: AntiVir a détecté dans le fichier

C:\WINDOWS\system32\ansig.exe

un code suspect avec la désignation 'TR/PSW.ZGQ.8'!

 

Record Number: 3809

Source Name: Avira AntiVir

Time Written: 20100409183051.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=1c02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

Tu en penses quoi ?

 

Merci.

[Florinator]

Bonjour Sophie

 

Tu as une toolbar infectieuse qu'on prendra le soin de supprimer un peu plus tard.

Pour les pages de pub, rien sur le log n'apparait pouvant être responsable de cela, on va quand même prendre le soin de vérifier une chose:

 

Télécharge GMer

 

• Clique sur "Download EXE"
  
• Sauvegarde-le sur ton Bureau (le nom est aléatoire)

 

NB:Sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

 

• Fais un clique droit dessus (le nom comporte 8 chiffres/lettres aléatoires) et "Exécuter en tant qu'administrateur"
  
• Déconnecte toi d'Internet puis ferme tous les programmes.

 

NB:Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan , clique "NO"

 

• Dans la section de droite de la fenêtre de l'outil, décoche l'option suivante IAT/EAT
  
• Assure-toi que "Show All" est décoché
  
• Clique sur "Scan" et patiente (cela peut prendre 10 minutes ou +)
  
• Une fois fini, clique sur le bouton "Save..." (au bas à droite) ;
  
• Nomme le fichier "Florinator" et sauvegarde-le sur le Bureau ;
  
• Copie/colle le contenu de ce rapport dans ta réponse.

 

A++

[Sophie123]

Bonjour Florinator,

 

Merci pour ton message.

 

Après téléchargement de GMer sur mon bureau, pas possible "d'exécuter en tant qu'administrateur".

 

J'ai donc essayé sur mon compte d'utilisateur-administrateur.

 

Voici les réponses qui m'ont été données. Je te précise que j'ai "Online Armor".

 

"CreateFile "C/DOCUME~1\Sophie\LOCALS~1\Temp\axtiapog.sys": Accès refusé.

 

J'ai cliqué sur OK à chaque message.

 

"CreateFile "C:\axtiapog.sys" : Accès refusé."

 

"LoadDriver ("C:\axtiapog.sys") error 0XC0000061 : Accès refusé."

 

"C:\WINDOWS\system32\config\system : Accès refusé."

 

 

Que faire ? Est-ce Online Armor qui bloque ?

 

Merci pour tes conseils.

[Florinator]

Bonjour sophie

 

Tu es sûr d'être logé en administrateur?

Désactive temporairement avant le scan toutes les protections présentes (Antivirus/Parefeu)

Puis retente le scan de Gmer.

 

Donnes moi aussi un peu plus de détails sur les pages intempestives que tu reçois.(Genre/Fréquence etc...)

 

A++

[Sophie123]

Bonjour Florinator,

 

Pour répondre à ta question sur les pages intempestives que je reçois : plusieurs fois par jour, des publicités souvent clignotantes apparaissent pour me dire que j'ai reçu un message, que j'ai gagné telle chose, d'autres de type Green Card, etc. Elles ne sont pas toujours en français, peuvent aussi l'être en néerlandais.

 

Après avoir temporairement désactivé les diverses protections du PC, voici les rapports pour les disques C et D que j'ai pu enregistrer aujourd'hui. Les autres fois, pas moyen.

 

Merci pour tes observations.

 

 

 

C:

 

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-21 16:47:40

Windows 5.1.2600 Service Pack 3

Running: weus82qh.exe; Driver: C:\DOCUME~1\Sophie\LOCALS~1\Temp\axtiapog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xAA074420]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xAA074C60]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xAA072A90]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xAA081CB0]

SSDT F7CB031E ZwCreateKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xAA072740]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xAA06F320]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xAA06F710]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xAA06EDE0]

SSDT F7CB0314 ZwCreateThread

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xAA071900]

SSDT F7CB0323 ZwDeleteKey

SSDT F7CB032D ZwDeleteValueKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xAA072410]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xAA073B40]

SSDT F7CB0332 ZwLoadKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xAA082420]

SSDT F7CB0300 ZwOpenProcess

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xAA06F080]

SSDT F7CB0305 ZwOpenThread

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xAA0748A0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xAA073FB0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xAA074E00]

SSDT F7CB033C ZwReplaceKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xAA073690]

SSDT F7CB0337 ZwRestoreKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xAA072060]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xAA072E80]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xAA0716E0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xAA071AA0]

SSDT F7CB0328 ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xAA073A10]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xAA072240]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xAA071E60]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xAA071C90]

SSDT F7CB030F ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xAA0714B0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xAA073D70]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xAA074A70]

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 12 Bytes [40, 27, 07, AA, 20, F3, 06, ...] {INC EAX; DAA ; POP ES; STOSB ; AND BL, DH; PUSH ES; STOSB ; ADC BH, DH; PUSH ES; STOSB }

.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [40, 22, 07, AA, 60, 1E, 07, ...] {INC EAX; AND AL, [EDI]; STOSB ; PUSHA ; PUSH DS; POP ES; STOSB ; NOP ; SBB AL, 0x7; STOSB }

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Java\jre6\bin\jqs.exe[208] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[360] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\csrss.exe[496] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\system32\winlogon.exe[520] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Secunia\PSI\psi.exe[556] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[556] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 027D0F5A

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[920] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\System32\svchost.exe[960] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[980] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text ...

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\ctfmon.exe[1472] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01860001

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\Explorer.EXE[1484] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\Explorer.EXE[1484] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 01430F5A

.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1688] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1824] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\spoolsv.exe[1960] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E20001

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01590001

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 004E12D0 C:\PROGRA~1\MSNMES~1\msnmsgr.exe (Messenger/Microsoft Corporation)

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F160F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F130F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\igfxtray.exe[2316] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\hkcmd.exe[2632] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\igfxpers.exe[2724] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C80001

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01DB0001

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\RTHDCPL.EXE[2928] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01080001

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F100F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Messenger\msmsgs.exe[3580] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\System32\alg.exe[3624] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

 

---- EOF - GMER 1.0.15 ----

 

 

D:

 

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-21 17:12:50

Windows 5.1.2600 Service Pack 3

Running: weus82qh.exe; Driver: C:\DOCUME~1\Sophie\LOCALS~1\Temp\axtiapog.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xAA074420]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xAA074C60]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xAA072A90]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xAA081CB0]

SSDT F7CB031E ZwCreateKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xAA072740]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xAA06F320]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xAA06F710]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xAA06EDE0]

SSDT F7CB0314 ZwCreateThread

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xAA071900]

SSDT F7CB0323 ZwDeleteKey

SSDT F7CB032D ZwDeleteValueKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xAA072410]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xAA073B40]

SSDT F7CB0332 ZwLoadKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xAA082420]

SSDT F7CB0300 ZwOpenProcess

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xAA06F080]

SSDT F7CB0305 ZwOpenThread

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xAA0748A0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xAA073FB0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xAA074E00]

SSDT F7CB033C ZwReplaceKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xAA073690]

SSDT F7CB0337 ZwRestoreKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xAA072060]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xAA072E80]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xAA0716E0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xAA071AA0]

SSDT F7CB0328 ZwSetValueKey

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xAA073A10]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xAA072240]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xAA071E60]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xAA071C90]

SSDT F7CB030F ZwTerminateProcess

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xAA0714B0]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xAA073D70]

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xAA074A70]

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 12 Bytes [40, 27, 07, AA, 20, F3, 06, ...] {INC EAX; DAA ; POP ES; STOSB ; AND BL, DH; PUSH ES; STOSB ; ADC BH, DH; PUSH ES; STOSB }

.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [40, 22, 07, AA, 60, 1E, 07, ...] {INC EAX; AND AL, [EDI]; STOSB ; PUSHA ; PUSH DS; POP ES; STOSB ; NOP ; SBB AL, 0x7; STOSB }

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Java\jre6\bin\jqs.exe[208] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[360] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\csrss.exe[496] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\system32\winlogon.exe[520] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Secunia\PSI\psi.exe[556] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Secunia\PSI\psi.exe[556] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Secunia\PSI\psi.exe[556] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 027D0F5A

.text C:\WINDOWS\system32\services.exe[580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\system32\lsass.exe[592] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[744] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Microsoft Security Essentials\MsMpEng.exe[920] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\System32\svchost.exe[960] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Network Associates\VirusScan\Mcshield.exe[980] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text ...

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1408] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\ctfmon.exe[1472] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\ctfmon.exe[1472] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01860001

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\WINDOWS\Explorer.EXE[1484] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\Explorer.EXE[1484] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 01430F5A

.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[1688] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1824] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE[1924] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe[1944] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\spoolsv.exe[1960] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E20001

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2060] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01590001

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 004E12D0 C:\PROGRA~1\MSNMES~1\msnmsgr.exe (Messenger/Microsoft Corporation)

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F160F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F130F5A

.text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[2088] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\igfxtray.exe[2316] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\igfxtray.exe[2316] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\hkcmd.exe[2632] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\hkcmd.exe[2632] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\igfxpers.exe[2724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\igfxpers.exe[2724] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C80001

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\system32\igfxsrvc.exe[2856] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01DB0001

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\RTHDCPL.EXE[2928] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\WINDOWS\RTHDCPL.EXE[2928] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[3164] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01080001

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3340] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F100F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Messenger\msmsgs.exe[3580] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Messenger\msmsgs.exe[3580] iphlpapi.dll!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\System32\alg.exe[3624] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[3900] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] ole32.dll!CoCreateInstanceEx 774C0526 6 Bytes JMP 5F130F5A

.text C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe[3956] ole32.dll!CoCreateInstance 774C057E 6 Bytes JMP 5F100F5A

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F040F5A

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D

.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[3964] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F0D0F5A

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

 

Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

 

---- EOF - GMER 1.0.15 ----

[Florinator]

Bonsoir Sophie

 

On va tenter une chose, prends bien le temps de lire toutes les recommandations et n'hesites pas si tu as des questions:

 

Attention:Combofix est un outil que vous ne devez utiliser seulement si une personne formée à l'outil vous demande de le passer, à ne pas reproduire sans avis.

 

Nous allons utiliser un outil puissant, rends toi sur cette page web pour éxécuter l'outil dans les meilleures recommandations:

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

 

Penses à bien vérifier que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

 

Poste moi le rapport C:\ComboFix.txt

 

A++

[Sophie123]

Bonjour Florinator,

 

Voici le rapport de Combofix.

 

Merci pour ton interprétation et bonne journée.

 

Sophie

 

 

 

ComboFix 10-07-22.01 - Sophie 22/07/2010 20:48:01.1.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.502 [GMT 2:00]

Lancé depuis: c:\documents and settings\Sophie\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Pare-feu Online Armor *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Sophie\Mes documents\DPE.DUS

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-22 au 2010-07-22 ))))))))))))))))))))))))))))))))))))

.

 

2010-07-17 16:25 . 2010-07-17 16:26 -------- d-----w- C:\rsit

2010-07-14 15:25 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-11 09:12 . 2010-07-11 09:12 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-07-11 09:12 . 2010-07-11 09:12 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-07-11 09:10 . 2010-07-11 09:10 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-07-03 09:11 . 2010-07-03 11:34 -------- d-----w- c:\documents and settings\Sophie\Application Data\vlc

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-17 16:25 . 2010-03-28 11:55 -------- d-----w- c:\program files\trend micro

2010-07-17 11:50 . 2009-11-28 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-14 19:06 . 2009-11-12 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-11 09:19 . 2010-05-02 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-07-11 09:19 . 2010-05-02 10:17 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-11 09:12 . 2010-05-02 10:08 -------- d-----w- c:\program files\DivX

2010-07-11 09:02 . 2010-05-02 10:14 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-07-11 09:02 . 2010-05-02 10:14 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-06-29 16:22 . 2010-04-09 14:32 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-16 19:22 . 2010-05-11 18:55 -------- d-----w- c:\program files\TuneUp Utilities 2010

2010-06-15 18:26 . 2009-11-13 20:18 -------- d-----w- c:\documents and settings\Sophie\Application Data\GrabIt

2010-06-14 14:31 . 2009-11-04 17:22 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 19:53 . 2010-06-05 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-06-10 19:53 . 2010-06-05 08:54 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2010-06-05 19:00 . 2010-01-24 10:33 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-05 08:51 . 2010-06-05 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-06-05 08:51 . 2010-06-05 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-06-05 08:02 . 2010-06-05 08:02 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-06-05 08:02 . 2010-06-05 08:02 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-05 08:01 . 2010-06-05 08:01 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-05 08:01 . 2010-06-05 08:01 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-06-05 08:00 . 2010-06-05 08:00 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-06-01 17:37 . 2010-04-09 14:35 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-30 08:00 . 2010-05-30 08:00 -------- d-----w- c:\program files\Secunia

2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-25 18:43 . 2010-05-25 18:43 503808 ----a-w- c:\documents and settings\Sophie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47b4126d-n\msvcp71.dll

2010-05-25 18:43 . 2010-05-25 18:43 499712 ----a-w- c:\documents and settings\Sophie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47b4126d-n\jmc.dll

2010-05-25 18:43 . 2010-05-25 18:43 348160 ----a-w- c:\documents and settings\Sophie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47b4126d-n\msvcr71.dll

2010-05-25 18:43 . 2010-05-25 18:43 61440 ----a-w- c:\documents and settings\Sophie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-51188a4b-n\decora-sse.dll

2010-05-25 18:43 . 2010-05-25 18:43 12800 ----a-w- c:\documents and settings\Sophie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-51188a4b-n\decora-d3d.dll

2010-05-25 16:25 . 2010-05-25 16:25 -------- d-----w- c:\program files\Ask.com

2010-05-06 19:10 . 2010-05-06 19:10 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-05-06 19:10 . 2010-05-06 19:10 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-06 19:10 . 2010-05-06 19:10 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-05-06 19:09 . 2010-05-06 19:09 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

2010-05-06 10:33 . 2004-08-03 22:54 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 10:12 . 2010-05-02 10:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-05-02 10:12 . 2010-05-02 10:12 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-05-02 10:12 . 2010-05-02 10:12 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-05-02 10:11 . 2010-05-02 10:11 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-05-02 10:11 . 2010-05-02 10:11 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

2010-05-02 10:11 . 2010-05-02 10:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-05-02 08:08 . 2004-08-03 22:45 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-04-29 13:39 . 2009-11-28 12:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2009-11-28 12:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-04-15 08:50 1375624 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-04-15 1375624]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-04-15 1375624]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]

"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 137752]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-17 16859648]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\Sophie\Menu D‚marrer\Programmes\D‚marrage\

Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-3-6 155648]

Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\msncall.exe"=

 

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [12/11/2009 23:04 58048]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [29/01/2010 09:21 223312]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [29/01/2010 09:21 24656]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [29/01/2010 09:21 29776]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [06/04/2010 17:15 108289]

R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [29/01/2010 09:21 1282248]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [28/05/2010 13:04 14896]

S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [29/01/2010 09:21 3291336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contenu du dossier 'Tâches planifiées'

 

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-07-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]

 

2010-07-22 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

 

2010-07-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-04-15 08:50]

 

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{72D175D7-C656-4237-B71C-8C637504E842}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

 

2010-07-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-12-04 21:18]

.

.

------- Examen supplémentaire -------

.

IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL

Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL

FF - ProfilePath - c:\documents and settings\Sophie\Application Data\Mozilla\Firefox\Profiles\j4u8uowq.default\

FF - plugin: c:\documents and settings\Sophie\Application Data\Mozilla\Firefox\Profiles\j4u8uowq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-22 21:02

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(520)

c:\windows\system32\igfxdev.dll

.

Heure de fin: 2010-07-22 21:06:52

ComboFix-quarantined-files.txt 2010-07-22 19:06

 

Avant-CF: 5 409 251 328 octets libres

Après-CF: 5 757 607 936 octets libres

 

- - End Of File - - B7A727877A94320029B031714A60B4E2

[Florinator]

Bonjour sophie

 

Ok, on continu:

 

Télécharge Ad-Remover

 

Déconnectes toi et fermes toutes applications en cours

 

• Double clique sur le programme, et valide le message d'avertissement
  
• Double clique sur l'icône située sur ton bureau
  
• Choisi l'option "scanner"
  
• Poste le rapport qui apparait à la fin .

 

Remarque: Le rapport est sauvegardé sous C:\Ad-report SCAN.log. Il est possible que ton antivirus se mette en alerte, ignore la.

 

A++