A voir également:
- Pop-ups de http://fp.pc-on-internet.com
- Protocole http - Guide
- Serveur pop - Guide
- Pop up mcafee - Accueil - Piratage
- Http //cast2tv.net/ - Forum TV & Vidéo
- Http:/waptrick - Télécharger - Divers TV & Vidéo
3 réponses
eliot34
Messages postés
2232
Date d'inscription
lundi 14 avril 2008
Statut
Membre
Dernière intervention
12 septembre 2023
183
16 avril 2008 à 00:55
16 avril 2008 à 00:55
salut coypu,
j'ai eu le même souci j'ai cherché est fini par installer AVG anti spyware et AVG anti rootkit. fait un scan de chaque et normalement ca te nettoie ton pc.
bonne chance.
j'ai eu le même souci j'ai cherché est fini par installer AVG anti spyware et AVG anti rootkit. fait un scan de chaque et normalement ca te nettoie ton pc.
bonne chance.
Merci bien Eliot34. je viens seulement de prendre connaissance de votre réponse. Il est 22h40. J'installerai AVG demain et vous tiendrai au courant.
Bonne soirée.
Bonne soirée.
eliot34
Messages postés
2232
Date d'inscription
lundi 14 avril 2008
Statut
Membre
Dernière intervention
12 septembre 2023
183
17 avril 2008 à 23:44
17 avril 2008 à 23:44
alors?
coypu
>
eliot34
Messages postés
2232
Date d'inscription
lundi 14 avril 2008
Statut
Membre
Dernière intervention
12 septembre 2023
18 avril 2008 à 13:35
18 avril 2008 à 13:35
J'ai installé hier soir AVG Antispyware et ai fait un sacn complet(il y avait 115 cookies, que j'ai supprimées; en fait j' ai peu navigué depuis , mais je m'aperçois que j'ai toujours des fenêtres de pubs qui s'ouvrent. je vais installer AVG anti rootkit cet après-midi et faire un scan.
Je vous tiebns au courant.
merci bien en tout cas.
coypu
Je vous tiebns au courant.
merci bien en tout cas.
coypu
coypu
>
eliot34
Messages postés
2232
Date d'inscription
lundi 14 avril 2008
Statut
Membre
Dernière intervention
12 septembre 2023
18 avril 2008 à 14:04
18 avril 2008 à 14:04
Je suis en train de faire un 2è scan avec AVG anti Spyware (en fait je l'avais interrompu car il était tard);tous les tracking cookies supprimés hier sont revenus!!!
Je viens de faire un scan avec AVG anti-rootkit; il trouve 6 fichiers suspects comprensnt tous les lettres suivants à la suite: zuybtqyw. ce sont preqsue tous des fichiers exécutables.
J'hésite à les supprimer ne sachant ce qui peut se passer.
merci bien
J'hésite à les supprimer ne sachant ce qui peut se passer.
merci bien
Merci; je viens d'installer et d' utiliser Gmer.
Voici le log ci-dessous; Où est-ce que je vais pour supprimer ce qu'AVG a trouvé? Faut-il refaire un scan avec AVG ?
Les pop-ups adviennent de plus en plus souvent.
D'avance merci bien.
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEEE4D98]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEEE4CB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEEE512A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEEE48AA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEEE4D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEEE47C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEEE483C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEEE4E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEEE4E02]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEEE4F84]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF7E32812]
---- User code sections - GMER 1.0.14 ----
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00B1200E
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00B11DAF
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00B11CF2
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00B1191B
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 009D200E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 009D1DAF
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 009D1CF2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 009D191B
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 02AF200E
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 02AF1DAF
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 02AF1CF2
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 02AF191B
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0409200E
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 04091DAF
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 04091CF2
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0409191B
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E8200E
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E81DAF
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E81CF2
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E8191B
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0181200E
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01811DAF
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01811CF2
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0181191B
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 01FF200E
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01FF1DAF
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01FF1CF2
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 01FF191B
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 007D200E
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 007D1DAF
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 007D1CF2
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 007D191B
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] WS2_32.dll!send 719F428A 5 Bytes JMP 100030E6
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 100032CC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 100035BC
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Processes - GMER 1.0.14 ----
Process C:\windows\system32\ptbnoqbni.exe (*** hidden *** ) 520
Library C:\windows\system32\ptbnoqbni.exe (*** hidden *** ) @ C:\windows\system32\ptbnoqbni.exe [520] 0x00400000
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@ptbnoqbni c:\windows\system32\ptbnoqbni.exe ptbnoqbni
---- Files - GMER 1.0.14 ----
File C:\WINDOWS\Prefetch\PTBNOQBNI.EXE-00E8B3C9.pf 33960 bytes
File C:\WINDOWS\system32\ptbnoqbni.dat 6093 bytes
File C:\WINDOWS\system32\ptbnoqbni.exe 290816 bytes
File C:\WINDOWS\system32\ptbnoqbni_nav.dat 411487 bytes
File C:\WINDOWS\system32\ptbnoqbni_navps.dat 1450 bytes
---- EOF - GMER 1.0.14 ----
Voici le log ci-dessous; Où est-ce que je vais pour supprimer ce qu'AVG a trouvé? Faut-il refaire un scan avec AVG ?
Les pop-ups adviennent de plus en plus souvent.
D'avance merci bien.
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEEE4D98]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEEE4CB8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEEE512A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEEE48AA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEEE4D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEEE47C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEEE483C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEEE4E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEEE4E02]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEEE4F84]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF7E32812]
---- User code sections - GMER 1.0.14 ----
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\WinZip\winzip32.exe[220] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00B1200E
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00B11DAF
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00B11CF2
.text C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe[252] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00B1191B
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[308] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[340] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 009D200E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 009D1DAF
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 009D1CF2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 009D191B
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 02AF200E
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 02AF1DAF
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 02AF1CF2
.text C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe[440] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 02AF191B
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0409200E
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 04091DAF
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 04091CF2
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[448] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0409191B
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\windows\system32\ptbnoqbni.exe[520] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[572] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00E8200E
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00E81DAF
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00E81CF2
.text C:\Program Files\modem ADSL USB\modem ADSL USB\dslmon.exe[604] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00E8191B
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\csrss.exe[624] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[692] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[856] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\PROGRA~1\MICROS~3\rapimgr.exe[864] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\System32\svchost.exe[952] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 0181200E
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01811DAF
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01811CF2
.text K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 0181191B
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1456] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe[1736] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 01FF200E
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 01FF1DAF
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 01FF1CF2
.text C:\Program Files\eMule\emule.exe[1944] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 01FF191B
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\Explorer.EXE[1992] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 007D200E
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 007D1DAF
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 007D1CF2
.text C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe[2628] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 007D191B
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\DOCUME~1\Jocelyne\LOCALS~1\Temp\gmer.exe[2908] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] WS2_32.dll!send 719F428A 5 Bytes JMP 100030E6
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 100032CC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3040] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 100035BC
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\taskmgr.exe[3492] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01F973CC] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
IAT K:\Apps\PortableThunderbird\thunderbird\thunderbird.exe[1200] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01F97376] K:\Apps\PortableThunderbird\thunderbird\extensions\talkback@mozilla.org\components\fullsoft.dll (Talkback Library/Full Circle Software, Inc.)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Processes - GMER 1.0.14 ----
Process C:\windows\system32\ptbnoqbni.exe (*** hidden *** ) 520
Library C:\windows\system32\ptbnoqbni.exe (*** hidden *** ) @ C:\windows\system32\ptbnoqbni.exe [520] 0x00400000
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@ptbnoqbni c:\windows\system32\ptbnoqbni.exe ptbnoqbni
---- Files - GMER 1.0.14 ----
File C:\WINDOWS\Prefetch\PTBNOQBNI.EXE-00E8B3C9.pf 33960 bytes
File C:\WINDOWS\system32\ptbnoqbni.dat 6093 bytes
File C:\WINDOWS\system32\ptbnoqbni.exe 290816 bytes
File C:\WINDOWS\system32\ptbnoqbni_nav.dat 411487 bytes
File C:\WINDOWS\system32\ptbnoqbni_navps.dat 1450 bytes
---- EOF - GMER 1.0.14 ----