Bonjour, ça fait deux jours que à l'ouverture de mon ordi mon antivirus (bdefender internet security 2009) me trouve des trojan generic (suivi de plusieurs chiffres ) ... aujourd'hui 6 quand même ! c'est quand même bizzare ! sont ils dangereux ? je pose la question car depuis mon pc j'accede à mes comptes bancaires etc...

Trojan generic multiples

Réponse 1 / 6

KasDef32
23 janv. 2009 à 16:24

Bonjour,
installe MBAM http://www.malwarebytes.org/mbam/program/mbam-setup.exe
fais un skan rapid et poste le rapport.
quant t'auras terminé tu enverras aussi un rapport HijackThis
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
il faudra cliquer sur "Do a system scan and save a logfile" pour
produire le log.

stef46
23 janv. 2009 à 17:51

Bonjour et merci de ton aide
Pour le contexte je te signale que je sors d'une infection winupgro(bagle)
les fichiers infectés étaient hier sur combofix ( comme par hasard) et aujourd'hui 6 trojan generic sur les fichiers uninstall de divx...

voici les rapports demandés :

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1683
Windows 5.1.2600 Service Pack 3

23/01/2009 17:45:38
mbam-log-2009-01-23 (17-45-38).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 121208
Temps écoulé: 1 hour(s), 0 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:38, on 23/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Réponse 2 / 6

KasDef32
23 janv. 2009 à 19:18

rien sur les deux rapports.telecharge,installe Rsit http://images.malwareremoval.com/random/RSIT.exe
lance-le,accepte le Disclaimer.à la fin poste les deux rapports log.txt / info.txt

stef46
23 janv. 2009 à 19:31

voici les 2 rapports demandés:

info.txt logfile of random's system information tool 1.05 2009-01-23 19:29:15

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assist TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{06C71F80-0E30-4E2C-878F-8502AB5AE3BE}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barre de confiance CM-CIC-->"C:\Program Files\BarreConfCMCIC\Setup.exe" -u
BitDefender Internet Security 2009-->MsiExec.exe /X{961CE74B-30C0-47D6-ACD9-0C887A5E23F5}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Commandes TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESDX5000_CX4900 Guide d’utilisation-->C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G\DOCUNINS.EXE
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Formatage de carte mémoire SD TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" -l0x40c
Gestion d'énergie TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manuels TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x40c -removeonly
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A1040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MotoGP URT 3-->"C:\Program Files\THQ\MotoGP URT 3\unins000.exe"
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Outil de diagnostic PC TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RadLight MPC DirectShow Filter (remove only)-->"C:\WINDOWS\system32\RadLightMPCUninstall.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c
Samsung USB Driver-->"C:\Program Files\InstallShield Installation Information\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}\Setup.exe" -runfromtemp -l0x040c anything -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Son virtuel TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Ericsson PC Suite-->MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1036
Tomb Raider Chronicles-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Core Design\Tomb Raider Chronicles\Uninst.isu"
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x40c UNINSTALL
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x40c
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x40c
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x40c
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
USB Game Controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}\setup.exe" -l0x9
USB2.0 PC Camera (SN9C201&202)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9
Utilitaire de zoom TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe" -l0x40c
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoCap 1.0-->"C:\Program Files\VideoCap\unins000.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: BitDefender Antivirus
FW: Pare-feu BitDefender

System event log

Computer Name: YOUR-01199F19B2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service bdfsfltr.

Record Number: 118504
Source Name: Service Control Manager
Time Written: 20090113201413.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: YOUR-01199F19B2
Event Code: 7036
Message: Le service Configuration automatique sans fil est entré dans l'état : arrêté.

Record Number: 118503
Source Name: Service Control Manager
Time Written: 20090113201402.000000+060
Event Type: Informations
User:

Computer Name: YOUR-01199F19B2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service PCANDIS5 NDIS Protocol Driver.

Record Number: 118502
Source Name: Service Control Manager
Time Written: 20090113201401.000000+060
Event Type: Informations
User: YOUR-01199F19B2\utilisateur

Computer Name: YOUR-01199F19B2
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service Configuration automatique sans fil.

Record Number: 118501
Source Name: Service Control Manager
Time Written: 20090113201332.000000+060
Event Type: Informations
User: YOUR-01199F19B2\utilisateur

Computer Name: YOUR-01199F19B2
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 118500
Source Name: Service Control Manager
Time Written: 20090113201327.000000+060
Event Type: Informations
User:

Application event log

Computer Name: YOUR-01199F19B2
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Record Number: 22654
Source Name: .NET Runtime Optimization Service
Time Written: 20081102100132.000000+060
Event Type: Informations
User:

Computer Name: YOUR-01199F19B2
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Record Number: 22653
Source Name: .NET Runtime Optimization Service
Time Written: 20081102100114.000000+060
Event Type:
User:

Computer Name: YOUR-01199F19B2
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Record Number: 22652
Source Name: .NET Runtime Optimization Service
Time Written: 20081102100114.000000+060
Event Type: Informations
User:

Computer Name: YOUR-01199F19B2
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Record Number: 22651
Source Name: .NET Runtime Optimization Service
Time Written: 20081102100113.000000+060
Event Type:
User:

Computer Name: YOUR-01199F19B2
Event Code: 1100
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Record Number: 22650
Source Name: .NET Runtime Optimization Service
Time Written: 20081102100113.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

le 2EME

Logfile of random's system information tool 1.05 (written by random/random)
Run by utilisateur at 2009-01-23 19:29:09
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 79 GB (69%) free of 114 GB
Total RAM: 1022 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:12, on 23/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\utilisateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Réponse 3 / 6

KasDef32
23 janv. 2009 à 20:44

il y a encore tous les fichiers-dossiers de ta precedente infection.supprime tout ca.
télécharge ToolsCleaner http://pc-system.fr/
clique sur Recherche et laisse le skan se finir.clique sur Suppression pour finaliser.

télécharge ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
dont tu connais l'utilisation.lance et laisse finir le skan sans toucher à rien.à la fin poste le rapport.

stef46
23 janv. 2009 à 21:19

voila :

ComboFix 09-01-21.04 - utilisateur 2009-01-23 21:08:36.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.475 [GMT 1:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *enabled*
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\leaktests.m32

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
.

2009-01-18 16:48 . 2009-01-18 16:49 <REP> d-------- c:\program files\CCleaner
2009-01-18 15:34 . 2009-01-18 15:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 15:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 15:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 21:38 . 2009-01-17 21:38 <REP> d-------- c:\documents and settings\utilisateur\Application Data\BitDefender
2009-01-17 21:37 . 2009-01-17 21:42 <REP> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-01-17 21:36 . 2009-01-17 21:37 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2009-01-17 07:15 . 2009-01-17 07:15 <REP> d-------- C:\Nouveau dossier 1
2009-01-16 17:42 . 2004-08-05 12:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2009-01-16 17:41 . 2004-08-05 12:00 195,618 --a--c--- c:\windows\system32\dllcache\c_10002.nls
2009-01-16 17:40 . 2001-08-17 21:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-01-16 17:39 . 2001-08-17 21:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-01-16 17:38 . 2001-08-23 17:46 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-01-15 21:24 . 2009-01-15 21:24 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Windows Search
2009-01-15 18:06 . 2009-01-15 18:06 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Windows Desktop Search
2009-01-14 19:54 . 2009-01-14 19:54 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-14 19:52 . 2009-01-14 19:52 <REP> d-------- c:\program files\Apple Software Update
2009-01-14 19:52 . 2009-01-14 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-14 19:39 . 2009-01-14 22:39 <REP> d-------- c:\program files\filehippo.com
2009-01-14 19:35 . 2009-01-14 19:35 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-14 19:35 . 2009-01-14 19:35 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-14 16:10 . 2009-01-23 19:26 7,680 --ahs---- c:\windows\Thumbs.db
2009-01-14 16:09 . 2009-01-14 16:09 5,120 --ahs---- C:\Thumbs.db
2009-01-12 17:55 . 2009-01-23 21:12 121 --a------ c:\windows\bdagent.INI
2009-01-12 17:54 . 2009-01-12 17:54 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-12 17:50 . 2009-01-12 17:50 <REP> d-------- c:\windows\system32\GroupPolicy
2009-01-12 17:50 . 2009-01-15 18:06 <REP> d-------- c:\program files\Windows Desktop Search
2009-01-12 17:47 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-01-12 17:47 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-01-12 17:47 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-01-08 14:26 . 2009-01-18 16:46 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-08 14:26 . 2009-01-22 21:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 20:16 . 2009-01-07 20:16 <REP> d-------- c:\program files\Alwil Software
2009-01-05 17:30 . 2009-01-14 19:53 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-05 17:30 . 2009-01-05 17:30 1,409 --a------ c:\windows\QTFont.for
2009-01-02 16:05 . 2007-07-02 15:02 3,073,320 --a------ c:\windows\system32\AdvrCntr2D6E0B790.dll
2009-01-02 16:03 . 2007-07-02 15:02 996,648 --a------ c:\windows\system32\ShellManager10E2D762.dll
2009-01-02 16:03 . 2007-07-02 14:19 638,976 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-12-28 20:10 . 2009-01-07 16:08 69 --a------ c:\windows\NeroDigital.ini
2008-12-28 19:44 . 2009-01-22 17:29 <REP> d-------- c:\documents and settings\utilisateur\Application Data\DVD Flick
2008-12-28 19:43 . 2008-12-28 19:43 <REP> d-------- c:\program files\DVD Flick
2008-12-28 19:43 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2008-12-28 19:43 . 1998-06-24 00:00 164,144 --a------ c:\windows\system32\comct232.ocx
2008-12-28 19:43 . 2003-01-26 13:41 40,960 --a------ c:\windows\system32\ssubtmr6.dll
2008-12-28 19:43 . 2007-08-31 18:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2008-12-28 19:43 . 2008-08-31 13:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2008-12-28 19:14 . 2008-12-29 17:50 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Ahead
2008-12-28 19:07 . 2008-12-28 19:07 <REP> d-------- c:\program files\Nero
2008-12-28 09:49 . 2008-12-28 09:49 <REP> d-------- c:\program files\nerovision
2008-12-27 08:59 . 2008-12-27 09:00 <REP> d-------- C:\VideoToDVD
2008-12-27 08:28 . 2008-12-27 08:28 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Canneverbe_Limited
2008-12-27 08:27 . 2008-12-29 15:11 <REP> d-------- c:\program files\CDBurnerXP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 20:11 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-23 20:04 --------- d-----w c:\program files\Wanadoo
2009-01-23 19:52 --------- d-----w c:\program files\Trend Micro
2009-01-23 14:46 --------- d-----w c:\program files\DivX
2009-01-22 19:59 --------- d-----w c:\program files\eMule
2009-01-19 15:08 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-01-18 17:03 --------- d-----w c:\program files\Yahoo!
2009-01-18 16:29 --------- d-----w c:\program files\BarreConfCMCIC
2009-01-17 20:37 --------- d-----w c:\program files\BitDefender
2009-01-16 14:32 --------- d---a-w c:\program files\Offre Wanadoo
2009-01-16 14:32 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-16 14:32 --------- d-----w c:\program files\Microsoft Works
2009-01-16 14:32 --------- d-----w c:\program files\JPrintCover
2009-01-14 18:54 --------- d-----w c:\program files\QuickTime
2009-01-14 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-14 18:34 --------- d-----w c:\program files\Java
2009-01-07 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-31 14:11 3,838 ----a-w c:\documents and settings\utilisateur\Application Data\wklnhst.dat
2008-12-12 20:15 --------- d-----w c:\program files\Unity
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-24 16:36 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-05 15:56 51,600 ----a-w c:\windows\system32\RadLightMPCUninstall.exe
2008-10-30 18:28 47,360 ----a-w c:\documents and settings\utilisateur\Application Data\pcouffin.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-08-24 12:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082420080825\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"FixCamera"="c:\windows\FixCamera.exe" [2006-10-09 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-19 741376]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-09-15 c:\windows\system32\TDispVol.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
R4 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-09-04 82696]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-23 33752]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-10-17 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-10-18 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-10-18 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2007-10-18 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2007-10-18 86368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.orange.fr/
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: { - c:\program files\Messenger\msmsgs.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 21:12:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-01-23 21:15:32
ComboFix-quarantined-files.txt 2009-01-23 20:15:27

Avant-CF: 82,917,761,024 octets libres
Après-CF: 82,922,721,280 octets libres

220 --- E O F --- 2008-12-18 02:02:07

stef46
23 janv. 2009 à 22:07

A NOTER :

au lancement de combofix j'ai eu plusieurs fenetres dont une qui disait " combofix a detecté une activité de rootkit..."
ça me fait peur !! au secours !

Réponse 4 / 6

KasDef32
23 janv. 2009 à 22:41

là non plus rien à se mettre sous la dent.on va vérifier autrement
Télécharge gmer :
http://www.gmer.net

Déconnecte toi d'internet si possible et ferme tous les programmes.
Décompresse le fichier zip et double-clic sur gmer.exe
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clic sur l'onglet "rootkit"
A droite, coche "Files" et "Services"
Clic sur Scan
Lorsque le scan est terminé, clic sur "copy"

Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

stef46
24 janv. 2009 à 08:40

Bonjour,
je ne dois cocher QUE files et services ou tous ?
après le scan , je n'arrive pas a trouver le rapport , ou est le bloc notes ???

Réponse 5 / 6

KasDef32
24 janv. 2009 à 16:36

clique seulement sur Files et Services dans l'onglet rootkits.une fois le scan fini tu cliques sur Copy
le rapport sera dans ton presse papier tu n'auras plus qu'à ouvrir le bloc notes par clic-droit sur le
bureau/nouveau/document texte/coller.tu le colleras ici.

stef46
24 janv. 2009 à 19:08

voila le rapport:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-24 19:05:33
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xEB57ABCE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xEB57ACBC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xEB57AB32]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtCreateFile + 5 7C91D095 10 Bytes [ 68, 28, 30, 40, 60, E9, E1, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtCreateKey + 5 7C91D0D5 10 Bytes [ 68, D0, 7E, 41, 60, E9, A1, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtCreateSection + 5 7C91D165 10 Bytes [ 68, 50, 13, 41, 60, E9, 11, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtDeleteValueKey + 5 7C91D255 10 Bytes [ 68, D8, 39, 42, 60, E9, 21, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtLoadDriver + 5 7C91D455 10 Bytes [ 68, 10, 82, 40, 60, E9, 21, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtMapViewOfSection + 5 7C91D505 10 Bytes [ 68, 30, 74, 41, 60, E9, 71, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtOpenFile + 5 7C91D585 10 Bytes [ 68, 70, 08, 41, 60, E9, F1, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtOpenKey + 5 7C91D5B5 10 Bytes [ 68, 40, 84, 41, 60, E9, C1, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtOpenProcess + 5 7C91D5E5 10 Bytes [ 68, 50, 69, 41, 60, E9, 91, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtQueueApcThread + 5 7C91D985 10 Bytes [ 68, C0, 6E, 41, 60, E9, F1, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtSetValueKey + 5 7C91DDB5 1 Byte [ 68 ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtSetValueKey + 7 7C91DDB7 8 Bytes JMP 6000C57D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!NtWriteFile + 5 7C91DF65 10 Bytes [ 68, E0, 0D, 41, 60, E9, 11, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!LdrLoadDll + 1 7C9263A4 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ntdll.dll!RtlCreateProcessParameters 7C932E79 10 Bytes [ 68, 40, C4, 40, 60, E9, FD, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 48, 3F, 42, 60, E9, 81, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 20, A1, 41, 60, E9, 22, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, B0, 9B, 41, 60, E9, 84, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 70, 5E, 41, 60, E9, 63, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 08, 3B, 40, 60, E9, 9F, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!SetEvent 7C80A0A7 2 Bytes [ 68, 08 ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!SetEvent + 3 7C80A0AA 7 Bytes JMP 6000C57E C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 60, 90, 40, 60, E9, 3D, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, 98, 4F, 42, 60, E9, 08, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 98, 35, 40, 60, E9, 38, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 80, 99, 40, 60, E9, 2F, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 48, 8C, 41, 60, E9, 69, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 90, A6, 41, 60, E9, AF, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 08, 7A, 40, 60, E9, 86, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 28, 4A, 42, 60, E9, 7C, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 78, 40, 40, 60, E9, 5C, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 78, 5A, 42, 60, E9, 20, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, A0, B9, 40, 60, E9, 54, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, E0, 63, 41, 60, E9, CD, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 30, F3, 40, 60, E9, 39, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, A0, F8, 40, 60, E9, EA, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes CALL 0070A538
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, C0, ED, 40, 60, E9, 60, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] USER32.dll!GetMessageW 7E3991C6 10 Bytes [ 68, 00, D8, 40, 60, E9, B0, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] USER32.dll!PeekMessageW 7E39929B 10 Bytes [ 68, E0, E2, 40, 60, E9, DB, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] USER32.dll!GetMessageA 7E3A772B 10 Bytes [ 68, 90, D2, 40, 60, E9, 4B, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] USER32.dll!SetWindowsHookExW 7E3A820F 10 Bytes [ 68, B0, 48, 41, 60, E9, 67, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] USER32.dll!PeekMessageA 7E3AA340 10 Bytes [ 68, 70, DD, 40, 60, E9, 36, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] USER32.dll!SetWindowsHookExA 7E3B1211 10 Bytes [ 68, 20, 4E, 41, 60, E9, 65, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!RegQueryValueExW + 10C 77DA70FB 10 Bytes [ 68, 20, A4, 40, 60, E9, 7B, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!OpenServiceW 77DB6FDD 10 Bytes [ 68, 58, 1B, 41, 60, E9, 99, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!ControlService 77DC49DD 10 Bytes [ 68, D0, 28, 41, 60, E9, 99, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!OpenServiceA 77DC4C36 10 Bytes [ 68, C8, 20, 41, 60, E9, 40, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 10 Bytes [ 68, B0, 33, 41, 60, E9, 35, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 10 Bytes [ 68, 40, 2E, 41, 60, E9, 9D, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!CreateServiceA 77E071E9 10 Bytes [ 68, 90, A9, 40, 60, E9, 8D, ... ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[204] ADVAPI32.dll!CreateServiceW 77E07381 10 Bytes [ 68, 00, AF, 40, 60, E9, F5, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtCreateFile + 5 7C91D095 10 Bytes [ 68, 28, 30, 40, 60, E9, E1, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtCreateKey + 5 7C91D0D5 10 Bytes [ 68, 20, 7F, 41, 60, E9, A1, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtCreateSection + 5 7C91D165 10 Bytes [ 68, A0, 13, 41, 60, E9, 11, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtDeleteValueKey + 5 7C91D255 10 Bytes [ 68, 28, 3A, 42, 60, E9, 21, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtLoadDriver + 5 7C91D455 10 Bytes [ 68, 10, 82, 40, 60, E9, 21, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtMapViewOfSection + 5 7C91D505 10 Bytes [ 68, 80, 74, 41, 60, E9, 71, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtOpenFile + 5 7C91D585 10 Bytes [ 68, C0, 08, 41, 60, E9, F1, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtOpenKey + 5 7C91D5B5 10 Bytes [ 68, 90, 84, 41, 60, E9, C1, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtOpenProcess + 5 7C91D5E5 10 Bytes [ 68, A0, 69, 41, 60, E9, 91, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtQueueApcThread + 5 7C91D985 10 Bytes [ 68, 10, 6F, 41, 60, E9, F1, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtSetValueKey + 5 7C91DDB5 1 Byte [ 68 ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtSetValueKey + 7 7C91DDB7 8 Bytes JMP 6000C57D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!NtWriteFile + 5 7C91DF65 10 Bytes [ 68, 30, 0E, 41, 60, E9, 11, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!LdrLoadDll + 1 7C9263A4 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ntdll.dll!RtlCreateProcessParameters 7C932E79 10 Bytes [ 68, 50, C4, 40, 60, E9, FD, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 98, 3F, 42, 60, E9, 81, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 70, A1, 41, 60, E9, 22, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 00, 9C, 41, 60, E9, 84, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, C0, 5E, 41, 60, E9, 63, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 08, 3B, 40, 60, E9, 9F, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!SetEvent 7C80A0A7 2 Bytes [ 68, 58 ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!SetEvent + 3 7C80A0AA 7 Bytes JMP 6000C57E C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 60, 90, 40, 60, E9, 3D, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes CALL 65E0EEC2
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 98, 35, 40, 60, E9, 38, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 90, 99, 40, 60, E9, 2F, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 98, 8C, 41, 60, E9, 69, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, E0, A6, 41, 60, E9, AF, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 08, 7A, 40, 60, E9, 86, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 78, 4A, 42, 60, E9, 7C, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 78, 40, 40, 60, E9, 5C, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, C8, 5A, 42, 60, E9, 20, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, B0, B9, 40, 60, E9, 54, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 30, 64, 41, 60, E9, CD, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 80, F3, 40, 60, E9, 39, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, F0, F8, 40, 60, E9, EA, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes CALL 0070A538
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 10, EE, 40, 60, E9, 60, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] USER32.dll!GetMessageW 7E3991C6 10 Bytes [ 68, 50, D8, 40, 60, E9, B0, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] USER32.dll!PeekMessageW 7E39929B 10 Bytes [ 68, 30, E3, 40, 60, E9, DB, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] USER32.dll!GetMessageA 7E3A772B 10 Bytes [ 68, E0, D2, 40, 60, E9, 4B, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] USER32.dll!SetWindowsHookExW 7E3A820F 10 Bytes [ 68, 00, 49, 41, 60, E9, 67, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] USER32.dll!PeekMessageA 7E3AA340 10 Bytes [ 68, C0, DD, 40, 60, E9, 36, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] USER32.dll!SetWindowsHookExA 7E3B1211 10 Bytes [ 68, 70, 4E, 41, 60, E9, 65, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!RegQueryValueExW + 10C 77DA70FB 10 Bytes [ 68, 30, A4, 40, 60, E9, 7B, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!OpenServiceW 77DB6FDD 10 Bytes [ 68, A8, 1B, 41, 60, E9, 99, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!ControlService 77DC49DD 10 Bytes [ 68, 20, 29, 41, 60, E9, 99, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!OpenServiceA 77DC4C36 10 Bytes [ 68, 18, 21, 41, 60, E9, 40, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 10 Bytes [ 68, 00, 34, 41, 60, E9, 35, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 10 Bytes [ 68, 90, 2E, 41, 60, E9, 9D, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!CreateServiceA 77E071E9 10 Bytes [ 68, A0, A9, 40, 60, E9, 8D, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ADVAPI32.dll!CreateServiceW 77E07381 10 Bytes [ 68, 10, AF, 40, 60, E9, F5, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ws2_32.dll!WEP + FFFEF156 719F1273 10 Bytes [ 68, A0, 94, 41, 60, E9, 03, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ws2_32.dll!connect 719F4A07 10 Bytes [ 68, C0, C1, 41, 60, E9, 6F, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ws2_32.dll!send 719F4C27 10 Bytes [ 68, 78, BB, 41, 60, E9, 4F, ... ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[264] ws2_32.dll!WSAStartup 719F6A55 10 Bytes [ 68, 50, 98, 41, 60, E9, 21, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtCreateFile + 5 7C91D095 10 Bytes [ 68, E0, 2E, 40, 60, E9, E1, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtCreateKey + 5 7C91D0D5 10 Bytes [ 68, D8, 7D, 41, 60, E9, A1, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtCreateSection + 5 7C91D165 10 Bytes [ 68, 58, 12, 41, 60, E9, 11, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtDeleteValueKey + 5 7C91D255 10 Bytes [ 68, E0, 38, 42, 60, E9, 21, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtLoadDriver + 5 7C91D455 10 Bytes [ 68, C8, 80, 40, 60, E9, 21, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtMapViewOfSection + 5 7C91D505 10 Bytes [ 68, 38, 73, 41, 60, E9, 71, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtOpenFile + 5 7C91D585 10 Bytes [ 68, 78, 07, 41, 60, E9, F1, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtOpenKey + 5 7C91D5B5 10 Bytes [ 68, 48, 83, 41, 60, E9, C1, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtOpenProcess + 5 7C91D5E5 10 Bytes [ 68, 58, 68, 41, 60, E9, 91, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtQueueApcThread + 5 7C91D985 10 Bytes [ 68, C8, 6D, 41, 60, E9, F1, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtSetValueKey + 5 7C91DDB5 10 Bytes [ 68, B8, 70, 40, 60, E9, C1, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!NtWriteFile + 5 7C91DF65 10 Bytes CALL 65F22076
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!LdrLoadDll + 1 7C9263A4 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\Explorer.EXE[720] ntdll.dll!RtlCreateProcessParameters 7C932E79 10 Bytes [ 68, 08, C3, 40, 60, E9, FD, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 50, 3E, 42, 60, E9, 81, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 28, A0, 41, 60, E9, 22, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, B8, 9A, 41, 60, E9, 84, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 78, 5D, 41, 60, E9, 63, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C0, 39, 40, 60, E9, 9F, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 10, 54, 42, 60, E9, CF, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 18, 8F, 40, 60, E9, 3D, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, A0, 4E, 42, 60, E9, 08, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 50, 34, 40, 60, E9, 38, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 48, 98, 40, 60, E9, 2F, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 50, 8B, 41, 60, E9, 69, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 98, A5, 41, 60, E9, AF, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, C0, 78, 40, 60, E9, 86, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CreateProcessInternalW + 2 7C81979E 8 Bytes JMP 6000C57D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 30, 49, 42, 60, E9, 7C, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 30, 3F, 40, 60, E9, 5C, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 80, 59, 42, 60, E9, 20, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 68, B8, 40, 60, E9, 54, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes CALL 65E67C10
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 38, F2, 40, 60, E9, 39, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, A8, F7, 40, 60, E9, EA, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 58, E7, 40, 60, E9, 83, ... ]
.text C:\WINDOWS\Explorer.EXE[720] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, C8, EC, 40, 60, E9, 60, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!RegQueryValueExW + 10C 77DA70FB 10 Bytes CALL 613AB1A2
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!OpenServiceW 77DB6FDD 10 Bytes [ 68, 60, 1A, 41, 60, E9, 99, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!ControlService 77DC49DD 10 Bytes [ 68, D8, 27, 41, 60, E9, 99, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!OpenServiceA 77DC4C36 10 Bytes [ 68, D0, 1F, 41, 60, E9, 40, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 10 Bytes [ 68, B8, 32, 41, 60, E9, 35, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 10 Bytes [ 68, 48, 2D, 41, 60, E9, 9D, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!CreateServiceA 77E071E9 10 Bytes [ 68, 58, A8, 40, 60, E9, 8D, ... ]
.text C:\WINDOWS\Explorer.EXE[720] ADVAPI32.dll!CreateServiceW 77E07381 10 Bytes [ 68, C8, AD, 40, 60, E9, F5, ... ]
.text C:\WINDOWS\Explorer.EXE[720] USER32.dll!GetMessageW 7E3991C6 10 Bytes [ 68, 08, D7, 40, 60, E9, B0, ... ]
.text C:\WINDOWS\Explorer.EXE[720] USER32.dll!PeekMessageW 7E39929B 10 Bytes CALL 6799D381
.text C:\WINDOWS\Explorer.EXE[720] USER32.dll!GetMessageA 7E3A772B 10 Bytes [ 68, 98, D1, 40, 60, E9, 4B, ... ]
.text C:\WINDOWS\Explorer.EXE[720] USER32.dll!SetWindowsHookExW 7E3A820F 10 Bytes [ 68, B8, 47, 41, 60, E9, 67, ... ]
.text C:\WINDOWS\Explorer.EXE[720] USER32.dll!PeekMessageA 7E3AA340 10 Bytes [ 68, 78, DC, 40, 60, E9, 36, ... ]
.text C:\WINDOWS\Explorer.EXE[720] USER32.dll!SetWindowsHookExA 7E3B1211 10 Bytes [ 68, 28, 4D, 41, 60, E9, 65, ... ]
.text C:\WINDOWS\Explorer.EXE[720] WS2_32.dll!WEP + FFFEF156 719F1273 10 Bytes [ 68, 58, 93, 41, 60, E9, 03, ... ]
.text C:\WINDOWS\Explorer.EXE[720] WS2_32.dll!connect 719F4A07 10 Bytes [ 68, 78, C0, 41, 60, E9, 6F, ... ]
.text C:\WINDOWS\Explorer.EXE[720] WS2_32.dll!send 719F4C27 10 Bytes [ 68, 30, BA, 41, 60, E9, 4F, ... ]
.text C:\WINDOWS\Explorer.EXE[720] WS2_32.dll!WSAStartup 719F6A55 10 Bytes [ 68, 08, 97, 41, 60, E9, 21, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtCreateFile + 5 7C91D095 10 Bytes CALL 65F210C8
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtCreateKey + 5 7C91D0D5 10 Bytes [ 68, E0, 7D, 41, 60, E9, A1, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtCreateSection + 5 7C91D165 10 Bytes [ 68, 60, 12, 41, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtDeleteValueKey + 5 7C91D255 10 Bytes CALL 65F21492
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtLoadDriver + 5 7C91D455 10 Bytes [ 68, D0, 80, 40, 60, E9, 21, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtMapViewOfSection + 5 7C91D505 10 Bytes [ 68, 40, 73, 41, 60, E9, 71, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtOpenFile + 5 7C91D585 10 Bytes [ 68, 80, 07, 41, 60, E9, F1, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtOpenKey + 5 7C91D5B5 10 Bytes [ 68, 50, 83, 41, 60, E9, C1, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtOpenProcess + 5 7C91D5E5 10 Bytes [ 68, 60, 68, 41, 60, E9, 91, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtQueueApcThread + 5 7C91D985 10 Bytes [ 68, D0, 6D, 41, 60, E9, F1, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtSetValueKey + 5 7C91DDB5 10 Bytes [ 68, C0, 70, 40, 60, E9, C1, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!NtWriteFile + 5 7C91DF65 10 Bytes [ 68, F0, 0C, 41, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!LdrLoadDll + 1 7C9263A4 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ntdll.dll!RtlCreateProcessParameters 7C932E79 10 Bytes [ 68, 10, C3, 40, 60, E9, FD, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 58, 3E, 42, 60, E9, 81, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 30, A0, 41, 60, E9, 22, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, C0, 9A, 41, 60, E9, 84, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 80, 5D, 41, 60, E9, 63, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C8, 39, 40, 60, E9, 9F, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 18, 54, 42, 60, E9, CF, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 20, 8F, 40, 60, E9, 3D, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, A8, 4E, 42, 60, E9, 08, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 58, 34, 40, 60, E9, 38, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 50, 98, 40, 60, E9, 2F, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 58, 8B, 41, 60, E9, 69, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, A0, A5, 41, 60, E9, AF, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, C8, 78, 40, 60, E9, 86, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 38, 49, 42, 60, E9, 7C, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 38, 3F, 40, 60, E9, 5C, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 88, 59, 42, 60, E9, 20, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 70, B8, 40, 60, E9, 54, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, F0, 62, 41, 60, E9, CD, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 40, F2, 40, 60, E9, 39, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, B0, F7, 40, 60, E9, EA, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 60, E7, 40, 60, E9, 83, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, D0, EC, 40, 60, E9, 60, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] USER32.dll!GetMessageW 7E3991C6 10 Bytes [ 68, 10, D7, 40, 60, E9, B0, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] USER32.dll!PeekMessageW 7E39929B 10 Bytes [ 68, F0, E1, 40, 60, E9, DB, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] USER32.dll!GetMessageA 7E3A772B 10 Bytes [ 68, A0, D1, 40, 60, E9, 4B, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] USER32.dll!SetWindowsHookExW 7E3A820F 10 Bytes [ 68, C0, 47, 41, 60, E9, 67, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] USER32.dll!PeekMessageA 7E3AA340 10 Bytes [ 68, 80, DC, 40, 60, E9, 36, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] USER32.dll!SetWindowsHookExA 7E3B1211 10 Bytes [ 68, 30, 4D, 41, 60, E9, 65, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!RegQueryValueExW + 10C 77DA70FB 10 Bytes [ 68, F0, A2, 40, 60, E9, 7B, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!OpenServiceW 77DB6FDD 10 Bytes [ 68, 68, 1A, 41, 60, E9, 99, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!ControlService 77DC49DD 10 Bytes [ 68, E0, 27, 41, 60, E9, 99, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!OpenServiceA 77DC4C36 10 Bytes [ 68, D8, 1F, 41, 60, E9, 40, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 10 Bytes [ 68, C0, 32, 41, 60, E9, 35, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 10 Bytes [ 68, 50, 2D, 41, 60, E9, 9D, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!CreateServiceA 77E071E9 10 Bytes [ 68, 60, A8, 40, 60, E9, 8D, ... ]
.text C:\WINDOWS\system32\igfxsrvc.exe[740] ADVAPI32.dll!CreateServiceW 77E07381 10 Bytes [ 68, D0, AD, 40, 60, E9, F5, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtCreateFile + 5 7C91D095 10 Bytes [ 68, 28, 30, 40, 60, E9, E1, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtCreateKey + 5 7C91D0D5 10 Bytes [ 68, D0, 7E, 41, 60, E9, A1, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtCreateSection + 5 7C91D165 10 Bytes [ 68, 50, 13, 41, 60, E9, 11, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtDeleteValueKey + 5 7C91D255 10 Bytes [ 68, D8, 39, 42, 60, E9, 21, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtLoadDriver + 5 7C91D455 10 Bytes [ 68, 10, 82, 40, 60, E9, 21, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtMapViewOfSection + 5 7C91D505 10 Bytes [ 68, 30, 74, 41, 60, E9, 71, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtOpenFile + 5 7C91D585 10 Bytes [ 68, 70, 08, 41, 60, E9, F1, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtOpenKey + 5 7C91D5B5 10 Bytes [ 68, 40, 84, 41, 60, E9, C1, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtOpenProcess + 5 7C91D5E5 10 Bytes [ 68, 50, 69, 41, 60, E9, 91, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtQueueApcThread + 5 7C91D985 10 Bytes [ 68, C0, 6E, 41, 60, E9, F1, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtSetValueKey + 5 7C91DDB5 1 Byte [ 68 ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtSetValueKey + 7 7C91DDB7 8 Bytes JMP 6000C57D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!NtWriteFile + 5 7C91DF65 10 Bytes [ 68, E0, 0D, 41, 60, E9, 11, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!LdrLoadDll + 1 7C9263A4 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ntdll.dll!RtlCreateProcessParameters 7C932E79 10 Bytes [ 68, 40, C4, 40, 60, E9, FD, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 48, 3F, 42, 60, E9, 81, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 20, A1, 41, 60, E9, 22, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, B0, 9B, 41, 60, E9, 84, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 70, 5E, 41, 60, E9, 63, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 08, 3B, 40, 60, E9, 9F, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!SetEvent 7C80A0A7 2 Bytes [ 68, 08 ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!SetEvent + 3 7C80A0AA 7 Bytes JMP 6000C57E C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 60, 90, 40, 60, E9, 3D, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, 98, 4F, 42, 60, E9, 08, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 98, 35, 40, 60, E9, 38, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 80, 99, 40, 60, E9, 2F, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 48, 8C, 41, 60, E9, 69, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 90, A6, 41, 60, E9, AF, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 08, 7A, 40, 60, E9, 86, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 28, 4A, 42, 60, E9, 7C, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 78, 40, 40, 60, E9, 5C, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 78, 5A, 42, 60, E9, 20, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, A0, B9, 40, 60, E9, 54, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, E0, 63, 41, 60, E9, CD, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 30, F3, 40, 60, E9, 39, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, A0, F8, 40, 60, E9, EA, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes CALL 0070A538
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, C0, ED, 40, 60, E9, 60, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] USER32.dll!GetMessageW 7E3991C6 10 Bytes [ 68, 00, D8, 40, 60, E9, B0, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] USER32.dll!PeekMessageW 7E39929B 10 Bytes [ 68, E0, E2, 40, 60, E9, DB, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] USER32.dll!GetMessageA 7E3A772B 10 Bytes [ 68, 90, D2, 40, 60, E9, 4B, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] USER32.dll!SetWindowsHookExW 7E3A820F 10 Bytes [ 68, B0, 48, 41, 60, E9, 67, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] USER32.dll!PeekMessageA 7E3AA340 10 Bytes [ 68, 70, DD, 40, 60, E9, 36, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] USER32.dll!SetWindowsHookExA 7E3B1211 10 Bytes [ 68, 20, 4E, 41, 60, E9, 65, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!RegQueryValueExW + 10C 77DA70FB 10 Bytes [ 68, 20, A4, 40, 60, E9, 7B, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!OpenServiceW 77DB6FDD 10 Bytes [ 68, 58, 1B, 41, 60, E9, 99, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!ControlService 77DC49DD 10 Bytes [ 68, D0, 28, 41, 60, E9, 99, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!OpenServiceA 77DC4C36 10 Bytes [ 68, C8, 20, 41, 60, E9, 40, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 10 Bytes [ 68, B0, 33, 41, 60, E9, 35, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 10 Bytes [ 68, 40, 2E, 41, 60, E9, 9D, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!CreateServiceA 77E071E9 10 Bytes [ 68, 90, A9, 40, 60, E9, 8D, ... ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[868] ADVAPI32.dll!CreateServiceW 77E07381 10 Bytes [ 68, 00, AF, 40, 60, E9, F5, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[880] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtCreateFile + 5 7C91D095 10 Bytes [ 68, 28, 30, 40, 60, E9, E1, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtCreateKey + 5 7C91D0D5 10 Bytes [ 68, D0, 7E, 41, 60, E9, A1, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtCreateSection + 5 7C91D165 10 Bytes [ 68, 50, 13, 41, 60, E9, 11, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtDeleteValueKey + 5 7C91D255 10 Bytes [ 68, D8, 39, 42, 60, E9, 21, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtLoadDriver + 5 7C91D455 10 Bytes [ 68, 10, 82, 40, 60, E9, 21, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtMapViewOfSection + 5 7C91D505 10 Bytes [ 68, 30, 74, 41, 60, E9, 71, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtOpenFile + 5 7C91D585 10 Bytes [ 68, 70, 08, 41, 60, E9, F1, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtOpenKey + 5 7C91D5B5 10 Bytes [ 68, 40, 84, 41, 60, E9, C1, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtOpenProcess + 5 7C91D5E5 10 Bytes [ 68, 50, 69, 41, 60, E9, 91, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtQueueApcThread + 5 7C91D985 10 Bytes [ 68, C0, 6E, 41, 60, E9, F1, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtSetValueKey + 5 7C91DDB5 1 Byte [ 68 ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtSetValueKey + 7 7C91DDB7 8 Bytes JMP 6000C57D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!NtWriteFile + 5 7C91DF65 10 Bytes [ 68, E0, 0D, 41, 60, E9, 11, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!LdrLoadDll + 1 7C9263A4 9 Bytes JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_7\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] ntdll.dll!RtlCreateProcessParameters 7C932E79 10 Bytes [ 68, 40, C4, 40, 60, E9, FD, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 48, 3F, 42, 60, E9, 81, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 20, A1, 41, 60, E9, 22, ... ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[944]

Réponse 6 / 6

KasDef32
25 janv. 2009 à 09:12

il n'y a rien de suspect dans le rapport.si tu as encore des détections par Bitdefender poste son rapport.

Trojan generic multiples

6 réponses

Discussions similaires