Trojan Win32.Trojandownloader.small - Probleme avec un trojan

Bonjour,

Depuis peu j’ai remarqué que mon pc etait ralenti , que ma connection a internet etait defectueuse , et que le navigateur ainsi que windows ramaient beaucoup.

J’ai donc lancé une multitude de logiciels anti-virus , anti-spyware ect…
Mais rien n’a resolu le probleme , sauf ad-aware qui a detecté un trojan du nom de “win32/trojandownloader.small” , j’ai essayé une dizaine de fois de le supprimer . Mais il revien toujours . J’ai donc fait ma recherche et les symptomes de ce trojan correspondent a ceux que mon ordinateur a.J’ai essayé de trouver un logiciel pouvant le fixer .J’ai lacher prise a cause du ralentissement de IE.

Quelqu’un pourrait m’aider a remedier a ce probleme ?

Merci d’avance

Salut,

va voir ici, tu trouveras sûrement ton bonheur:
http://www.secuser.com/telechargement/index.htm#a2free

A-squared free supprime le trojan que tu as.

http://www.emsisoft.net/fr/software/download/

http://www.secuser.com/telechargement/desi…ion.htm#Welchia

:hello:

Ok merci beaucoup j’essaie et je te fais parvenuir mes resulats ^^

Voila j’ai passé un premier scan et je n’en ressent pas trop les effets :

Version - a-squared Anti-Malware 2.1

Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\, D:\, E:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 13/12/2006 13:31:19

C:\WINDOWS\system32\ifhelper.dll Détecter: Trace.File.SearchCentrix
Value: HKEY_CLASSES_ROOT\AppID\DownloadManager.EXE --> AppID Détecter: Trace.Registry.MediaPipe
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\DownloadManager.EXE --> AppID Détecter: Trace.Registry.MediaPipe
C:\Documents and Settings\Max\Cookies\max@hotlog[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Max\Cookies\max@questionmarket[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Max\Cookies\max@serving-sys[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Max\Cookies\max@spylog[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Max\Cookies\max@tribalfusion[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Max\Cookies\max@weborama[1].txt Détecter: Trace.TrackingCookie
C:\WINDOWS\system32\c3.exe Détecter: Backdoor.Win32.HacDef.gr
C:\WINDOWS\system32\dior4f46967561.exe Détecter: Backdoor.Win32.HacDef.gr
C:\WINDOWS\system32\dllcache\svcshoter.exe Détecter: Backdoor.Win32.VanBot.t

Scanné

Fichiers: 228657
Traces: 87847
Cookies: 54
Processus: 25

Trouver

Fichiers: 3
Traces: 3
Cookies: 6
Processus: 0
Clés de Registre: 0

Fin du Scan: 13/12/2006 14:16:17
Temps du Scan: 00:44:58

Voila j’ai passé aussi un 2nd scan pour voir si il revenait :

Version - a-squared Anti-Malware 2.1

Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 13/12/2006 14:20:23

C:\WINDOWS\system32\ifhelper.dll Détecter: Trace.File.SearchCentrix
C:\WINDOWS\system32\c3.exe Détecter: Backdoor.Win32.HacDef.gr
C:\WINDOWS\system32\dllcache\svcshoter.exe Détecter: Backdoor.Win32.VanBot.t

Scanné

Fichiers: 48895
Traces: 87847
Cookies: 42
Processus: 26

Trouver

Fichiers: 2
Traces: 1
Cookies: 0
Processus: 0
Clés de Registre: 0

Fin du Scan: 13/12/2006 14:34:35
Temps du Scan: 00:14:12

J’ai u qu’il y en a 2 qui revienne mais bon je redemmarre et je verrai si ca va mieu merci ^^

tu es infecté par le rootkit hacker defender , il faut installer un antirootkit gmer ou blacklight devraient en venir a bout facilement , ainsi que la dernier version de nod32 la 2.7 qui supprime les rootkits actif ( du moin ceux en "usermode" comme hacker defender )

1)Ok j’ai gmer comment je dois faire pour le supprimer?

2. J’ai vu il y a aussi un nommé “VanBot” comment le supprimer ?

3 Merci de m’aider !

t a un onglet rootkit , tu scan et tu post le rapport ici, attention a ne pas faire n importe quoi avec gmer !! ou alors tu install blacklight de fsecure qui me semble est plus simple .

Aieee c’est grave si j’ai fait “restorer le code” sur “svcshoter” ???
sinon je cherche pour blacklight
Sinon j’ai vu ya aussi un virus “c3” dans mes processus du gestionaire des taches windows voila ^^
A++
Merci

Arfff j’ai la haine j’ai blacklight et il ne reconnais pas les 2 processus malveillants : “c3” et “svcshoter” mais par contre ils sont dans la liste des processus actifs j’ai regardé leur position et j’ai remarqué que leur date de creation etait recente 3/12/06 et 4/12/06 donc ce sont eux pas de doute par contre je ne peux pas les supprimer (normal)
donc je ne sais pas comment faire …

Voila le log comme tu me l’a demandé mais il n’y a pas les 2 processus :??: … bizarre par contre comme je l’ai dit j’ai fait l’action “restore the code” sur “svcshoter” et il a definitivement disparu :whistle: … peut etre que j’ai fait une boullete ??? Mais blacklight le retrouve donc c’est bon :pt1cable: ! ^^

Dsl pour les multi messages ( je suis en train de faire un monologue ^^) voila le log :

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-14 18:58:53
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwFsControlFile
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwReadVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSuspendProcess
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 8 Bytes [ 75, F4, A0, F8, F2, 09, A1, … ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2730 80501434 8 Bytes [ 10, F4, A0, F8, D3, 09, A1, … ]

---- User code sections - GMER 1.0.12 ----

.text D:\Logiciels\Mozilla\mozilla.exe[396] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 17, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] WS2_32.dll!connect 719F406A 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] WS2_32.dll!listen 719F88D3 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 20, 5F ]
.text D:\Logiciels\Mozilla\mozilla.exe[396] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 23, 5F ]
.text C:\WINDOWS\explorer.exe[412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[412] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 20, 5F ]
.text C:\WINDOWS\explorer.exe[412] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[412] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 23, 5F ]
.text C:\WINDOWS\explorer.exe[412] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\explorer.exe[412] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\WINDOWS\explorer.exe[412] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[412] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\explorer.exe[412] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 26, 5F ]
.text C:\WINDOWS\explorer.exe[412] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 29, 5F ]
.text C:\WINDOWS\explorer.exe[412] WS2_32.dll!connect 719F406A 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\WINDOWS\explorer.exe[412] WS2_32.dll!listen 719F88D3 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 20, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 23, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] WS2_32.dll!connect 719F406A 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] WS2_32.dll!listen 719F88D3 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 26, 5F ]
.text C:\PROGRA~1\Wanadoo\ComComp.exe[608] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 29, 5F ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Wanadoo\Inactivity.exe[764] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\PROGRA~1\Wanadoo\Toaster.exe[780] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Wanadoo\PollingModule.exe[936] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[1064] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 16, 5F ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\Max\LOCALS~1\Temp\Rar$EX02.484\gmer.exe[1128] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1176] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1304] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 20, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 23, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 27001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 27001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [ 24, AF, CC, CC ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1D, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!PeekMessageW 77D1929B 5 Bytes JMP 27003760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!CreateWindowExW 77D1FF50 5 Bytes JMP 27003270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!SetWindowRgn 77D202DD 7 Bytes JMP 27004AB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!CreateDialogParamW 77D284EE 5 Bytes JMP 27004E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!SetWindowPlacement 77D2DF46 5 Bytes JMP 270049D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!FlashWindow 77D55C5C 5 Bytes JMP 27004B50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 27004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] USER32.dll!TrackPopupMenuEx 77D6CB1A 5 Bytes JMP 27003F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WS2_32.dll!connect 719F406A 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WS2_32.dll!send 719F428A 5 Bytes JMP 270095A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 27009390 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WS2_32.dll!recv 719F615A 5 Bytes JMP 27009200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 27009720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WS2_32.dll!listen 719F88D3 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 27009930 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 26, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 5 Bytes JMP 27002BA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 27001D30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 27001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WININET.dll!HttpOpenRequestA 771C58EB 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WININET.dll!InternetCloseHandle 771CF56B 5 Bytes JMP 27008460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WININET.dll!HttpSendRequestA 771D38CA 5 Bytes JMP 270083B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1340] WININET.dll!InternetReadFile 771EE795 5 Bytes JMP 270082E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[1360] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text D:\Logiciels\a-squared Anti-Malware\a2guard.exe[1576] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 7B, C1, E6, 83 ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE[1624] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 20, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 23, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] WS2_32.dll!connect 719F406A 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[1856] WS2_32.dll!listen 719F88D3 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Wanadoo\Watch.exe[2072] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes [ FF, 25, 1E, 00, 14, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] kernel32.dll!OpenProcess 7C8309E1 6 Bytes [ FF, 25, 1E, 00, 17, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] kernel32.dll!WinExec 7C86136D 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] ADVAPI32.DLL!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] ADVAPI32.DLL!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] ADVAPI32.DLL!CreateServiceW + 4 77E0720D 2 Bytes [ 11, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] SHELL32.dll!Shell_NotifyIcon 7CA30C69 6 Bytes [ FF, 25, 1E, 00, 1A, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] SHELL32.dll!Shell_NotifyIconW 7CA31B5A 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] WS2_32.dll!connect 719F406A 6 Bytes [ FF, 25, 1E, 00, 26, 5F ]
.text C:\Program Files\WinRAR\WinRAR.exe[2164] WS2_32.dll!listen 719F88D3 6 Bytes [ FF, 25, 1E, 00, 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2736] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]

---- Devices - GMER 1.0.12 ----

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F86A68B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F86A68B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F86A68B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-6 IRP_MJ_INTERNAL_DEVICE_CONTROL [F86A68B4] sfsync02.sys

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1409082233-73586283-725345543-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x32 0xDF 0xED 0x11 …
Reg \Registry\USER\S-1-5-21-1409082233-73586283-725345543-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xF3 0xE1 0x2F 0x2E …

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
ADS C:\Documents and Settings\Max\Favoris\Orange\Orange.url:favicon
ADS C:\Documents and Settings\Max\Favoris\Orange\Portail Orange.url:favicon
ADS C:\Documents and Settings\Max\Favoris\Portail Orange.url:favicon
ADS C:\Documents and Settings\Papa et Maman\Favoris\Disney Channel.url:favicon
ADS C:\Documents and Settings\Papa et Maman\Favoris\patoue\Mes achats Mes objets achetés.url:favicon
ADS C:\Documents and Settings\Papa et Maman\Favoris\patoue\Ouvrir une session.url:favicon
ADS C:\Documents and Settings\Papa et Maman\Favoris\patoue\Portail Orange (2).url:favicon
ADS C:\Documents and Settings\Papa et Maman\Favoris\patoue\Portail Orange.url:favicon
ADS C:\Documents and Settings\Papa et Maman\Favoris\Max\vente-privee.com (2).url:favicon
ADS C:\Documents and Settings\Papa et Maman\Favoris\patoue\vente-privee.com.url:favicon
ADS …

---- EOF - GMER 1.0.12 ----

c’est bon j’ai trouver comment y remedier en tout cas je conseille a tout le monde pour des problemes de trojan : prevx1

Tu as reussi à l’éliminer avec quel logiciel??

salut, j’ai le même trojan… Comme je suis un peu nul dans tout ça, je comprends pas très bien tout ce que vous racontez plus haut. Tout ce que je voudrais savoir, c’est avec quel programme tu as réussi à virer cette saleté?

Pour ma part, j’avais avast qui n’a rien su faire. Je suis passé à nod32 qui n’a pas réussi non plus, et j’essaie actuellement bitdefender, mais je ne suis pas certain qu’il soit à la hauteur…

Merci pour les réponses
A+

Et si IE rame, prend firefox ou opera :super:

Commence par lire ce topic. :jap:

Et n’hésite pas a faire un log avec hijack this et à le coller ici :jap: