Sujet Précédent Sujet Suivant

PC infecté

benj.garcia Messages postés 65 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

j'ai récupéré un PC portable et il est d'une extrème lenteur, je pense qu'il est sacrément infecté.

Merci de m'aider...!!!
A voir également:

46 réponses

Précédent
Réponse 21 / 46
benj.garcia Messages postés 65 Statut Membre
 
Bonjour,

Voici le rapport FindyKill :

############################## [ FindyKill V4.729 ]

# User : windows xp (Administrateurs) # ACER-1916361FFD
# Update on 19/05/09 by Chiquitine29
# Start at: 08:37:06 | 22/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Mobile AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

# C:\ # Disque fixe local # 17,46 Go (4,21 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 17,63 Go (14,98 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux ]

################## [ Infected Temp Files ]

################## [ Registre / Clés infectieuses ]

################## [ Recherche dans supports amovibles]

################## [ Registre / Mountpoints2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.729 ! ]
0
Réponse 22 / 46
Utilisateur anonyme
 
• Télécharger sur le bureau . http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
• Double-Click sur le fichier SDFix.EXE et se laisser guider pour l'installation
• Le programme s'installe dans le répertoire C:\SDFix.
• Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec.
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage.
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel.
• Une fois en mode sans échec, cliquer sur le menu Démarrer puis Exécuter et coller la commande suivant : C:\SDFix\RunThis.bat
• Taper Y puis appuyer sur la touche Entrée du clavier, afin de lancer le nettoyage !
• SDFix va procéder au nettoyage, patience...cela peut durer une trentaine de minutes.
• Une fenêtre indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.
• Appuyer sur une touche du clavier pour redémarrer le PC.
• Au redémarrage du PC, SDFix indique que le nettoyage est terminé.
• Appuyer sur une touche du clavier afin d'ouvrir le rapport créé par SDFix.
• Il peut être enregistré si besoin, par exemple si on demande de le
poster sur un forum (menu Edition / Enregistrer sous).De toute facon il
sera quand même sauvegardé dans le fichier suivant :Report.txt dans le dossier SDFix (ex : C:\SDFix\Report.txt).
• Tuto: https://www.malekal.com/slenfbot-still-an-other-irc-bot/
0
Réponse 23 / 46
benj.garcia Messages postés 65 Statut Membre
 
Bonjour,

voici le rapport SDFix, désolé de ne pas avoir pu le poster avant...

[b]SDFix: Version 1.240 [/b]
Run by windows xp on 01/06/2009 at 17:03

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 17:09:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Sat 24 Nov 2007 199,966 A.SH. --- "C:\WINDOWS\system32\ayadd.tmp"
Wed 1 Jan 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Thu 2 Dec 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 2 Dec 2004 1,024 ...HR --- "C:\WINDOWS\system32\ntiembed.dll"
Fri 23 Nov 2007 207,834 ..SH. --- "C:\WINDOWS\system32\ayadd.bak2"
Sun 5 Dec 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 May 2009 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti18.tmp"
Mon 27 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 13 May 2006 2,104,224 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\020d707bac435f3aaf9795e281e492d1\BIT12.tmp"

[b]Finished![/b]

Que faire ensuite ?
Encore merci!
0
Réponse 24 / 46
Utilisateur anonyme
 
bonsoir

• Télécharge : http://images.malwareremoval.com/random/RSIT.exe

/!\ Important (Sous Vista) /!\

Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
• tuto: : https://www.androidworld.fr/
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 46
benj.garcia Messages postés 65 Statut Membre
 
Fichier LOG :

Logfile of random's system information tool 1.06 (written by random/random)
Run by windows xp at 2009-06-02 09:59:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (25%) free of 18 GB
Total RAM: 447 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59:42, on 02/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\windows xp\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\windows xp.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5019b3d965544fa18c2e704a8850158f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5019b3d965544fa18c2e704a8850158f
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101998390555
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0064596.dat
O20 - Winlogon Notify: gebywwx - gebywwx.dll (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 26 / 46
benj.garcia Messages postés 65 Statut Membre
 
info.txt logfile of random's system information tool 1.06 2009-06-02 09:59:45

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
Agere Systems AC'97 Modem-->agrsmdel
Arcade 3.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
FindyKill-->C:\FindyKill\Uninstal.exe
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager V1.0.7.6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe" -l0x40c
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A}
NTI Backup NOW! 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1036 BUNText
NTI CD & DVD-Maker 6.7 Update-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09A6FCEC-83D1-4C92-9F19-AC4828EA1884} /l1036 UpdateText
NTI CD & DVD-Maker Gold -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1036 AnyText
OLYMPUS Master 2-->MsiExec.exe /X{CB49B376-1136-44B4-83FA-036334B59937}
OLYMPUS muvee theaterPack-->MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Photo Service Edition-->"C:\Program Files\Photo Service Edition\unins000.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
S3 S3TrayPlus-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'
ShopperReports-->C:\Program Files\ShopperReports\Uninst.exe
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UniChrome Pro IGP Display Driver and Utilities-->C:\PROGRA~1\S3Inc\S3\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\S3\S3.uns
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VIA Rhine Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex Rhine
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan Enterprise

======System event log======

Computer Name: ACER-1916361FFD
Event Code: 26
Message: Application popup :  : Machine Check: Regs

Record Number: 21540
Source Name: Application Popup
Time Written: 20090112164933.000000+060
Event Type: Informations
User:

Computer Name: ACER-1916361FFD
Event Code: 26
Message: Application popup :  : Machine Check:

Record Number: 21539
Source Name: Application Popup
Time Written: 20090112164933.000000+060
Event Type: Informations
User:

Computer Name: ACER-1916361FFD
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service Fax.

Record Number: 21538
Source Name: Service Control Manager
Time Written: 20090112164931.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ACER-1916361FFD
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 21537
Source Name: EventLog
Time Written: 20090112164908.000000+060
Event Type: Informations
User:

Computer Name: ACER-1916361FFD
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 21536
Source Name: EventLog
Time Written: 20090112164908.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: ACER-1916361FFD
Event Code: 257
Message: Le module d'analyse n'a pas pu analyser le fichier protégé par mot de passe C:\Documents and Settings\windows xp\Local Settings\Temporary Internet Files\Content.IE5\K563ST2Z\InboxLight[4].aspx\InboxLight[4]. Version du moteur d'analyse : 5200.2160 ; version du fichier DAT : 5205.0000.

Record Number: 3833
Source Name: McLogEvent
Time Written: 20080118181526.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ACER-1916361FFD
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 3832
Source Name: SecurityCenter
Time Written: 20080118181228.000000+060
Event Type: Informations
User:

Computer Name: ACER-1916361FFD
Event Code: 5000
Message: Service McShield démarré.

Version du moteur : 5200.2160

Version du fichier DAT : 5205.0000

Nombre de signatures dans le fichier EXTRA.DAT : Aucun

Nom des menaces pouvant être détectées par EXTRA.DAT : Aucun

Record Number: 3831
Source Name: McLogEvent
Time Written: 20080118181222.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ACER-1916361FFD
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur ACER-1916361FFD\windows xp alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 3830
Source Name: Userenv
Time Written: 20080115211911.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: ACER-1916361FFD
Event Code: 257
Message: Le module d'analyse n'a pas pu analyser le fichier protégé par mot de passe C:\Documents and Settings\windows xp\Local Settings\Temporary Internet Files\Content.IE5\KNLNQUJ1\lab-6[1]\lab-6[1]. Version du moteur d'analyse : 5200.2160 ; version du fichier DAT : 5205.0000.

Record Number: 3829
Source Name: McLogEvent
Time Written: 20080115211608.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 8 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0802
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
0
Réponse 27 / 46
Utilisateur anonyme
 
Bonsoir

Depuis la derniere fois tu es vachement infecté.Pour le futur apprends a surfer sur des sites propres.
N°1
Télécharge Usbfix.exe.(de Chiquitine29 et C_XX) sur ton Bureau
• Lance l'installation avec les paramètres par défaut
• Branche tes sources de données externes à ton PC (clé USB, disque dur externe, lecteur mp3 etc...) sans les ouvrir
• Double clique sur le raccourci UsbFix sur ton Bureau
• Au menu principal, choisis l'option 1 (recherche)
• Un rapport USBFix.txt apparaitra à la fin, poste le dans ta prochaine réponse stp.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

n°2
Télécharge GMER :

ouvre ce lien http://www.gmer.net#files

clique sur download EXE et enregistre le fichier sur ton Bureau.

exécute le en faisant un double clic sur le fichier créé

choisis l'Onglet "Rootkit" , vérifie que tous les items à droite sont cochés.

clique sur "SCAN"

clique sur "SAVE" et enregistre sur le Bureau "gmertest.txt"

Double clique sur "gmertest.txt" ; le fichier s'ouvre dans le bloc-notes
.
Copie le contenu et colle le dans ta réponse.
0
Réponse 28 / 46
benj.garcia Messages postés 65 Statut Membre
 
Salut,

Le 1er rapport :

############################## [ UsbFix V3.028 | Scan ]

# User : windows xp (Administrateurs) # ACER-1916361FFD
# Update on 02/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:05:51 | 03/06/2009

# Mobile AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

# C:\ # Disque fixe local # 17,46 Go (4,29 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 17,63 Go (14,98 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 143,59 Mo (87,25 Mo free) [PKBACK# 001] # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="windows xp"
HKLM_logon: "AltDefaultUserName"="windows xp"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: preload=C:\Windows\RUNXMLPL.exe
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: LaunchAp=C:\Program Files\Launch Manager\LaunchAp.exe
HKLM_Run: PowerKey="C:\Program Files\Launch Manager\PowerKey.exe"
HKLM_Run: LManager=C:\Program Files\Launch Manager\HotkeyApp.exe
HKLM_Run: CtrlVol=C:\Program Files\Launch Manager\CtrlVol.exe
HKLM_Run: LMgrOSD=C:\Program Files\Launch Manager\OSDCtrl.exe
HKLM_Run: Wbutton="C:\Program Files\Launch Manager\Wbutton.exe"
HKLM_Run: VTTrayp=VTtrayp.exe
HKLM_Run: VTTimer=VTTimer.exe
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: AGRSMMSG=AGRSMMSG.exe
HKLM_Run: LtMoh=C:\Program Files\ltmoh\Ltmoh.exe
HKLM_Run: PCMService="C:\Program Files\Arcade\PCMService.exe"
HKLM_Run: AudioDeck=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
HKLM_Run: ShStatEXE="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
HKLM_Run: McAfeeUpdaterUI="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: OM2_Monitor="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\tmp.reg

################## [ Registre # Clés Run infectieuses ]

################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{0fcade4e-2846-11de-ad77-000e9b78e1ae}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5cf16212-065d-11dd-acfc-000e9b78e1ae}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{5cf16212-065d-11dd-acfc-000e9b78e1ae}\Shell\AutoRun\Command

################## [ ! Fin du rapport # UsbFix V3.028 ! ]
0
Réponse 29 / 46
benj.garcia Messages postés 65 Statut Membre
 
Désolé mais je n'arrive pas à poster le 2ème rapport?
Est-ce normal?
0
Réponse 30 / 46
Utilisateur anonyme
 
bonsoir

Si le rapport est trop long tu doit le poster en plusieurs fois.Si tu n'y arrive pas dis moi seulement si gmer avait détecter des rootkits et s'il les a supprimé.
n°1
• . Brancher les sources de données externes au PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
• Double-cliquer sur le raccourci UsbFix présent sur le Bureau.

• Choisir l'option 2 (Suppression).
• Le Bureau disparaîtra et le PC redémarrera.
• Au redémarrage, UsbFix scannera le PC, laisser travailler l'outil.
• Ensuite, poster le rapport UsbFix.txt qui apparaîtra avec le Bureau si vous avez créé un sujet.

Note :
Le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
--------------------------------------------------------------------------------------------------------------------
n°2
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
-----------------------------------------------------------------------------------------------------------------------
n°3
Postes un nouveau rapport rsit.

0
Réponse 31 / 46
benj.garcia Messages postés 65 Statut Membre
 
1ere partie :

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-03 18:17:35
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEC22957B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEC2294FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEC2295A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEC22950F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEC22953B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEC2295CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEC2294E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEC22958F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEC229525]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEC229551]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEC229567]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEC2295E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEC2295B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP EC2295BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP EC22957F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP EC2295D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP EC2295E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP EC229593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP EC2295A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP EC22956B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 806188B6 7 Bytes JMP EC229555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80619D52 7 Bytes JMP EC229529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061A330 5 Bytes JMP EC2294FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061A7C0 7 Bytes JMP EC229513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061A990 7 Bytes JMP EC22953F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061B702 5 Bytes JMP EC2294EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F66
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0F77
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F4B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0087
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0F0B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0F26
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC00BF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC006C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC00AE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 006C0022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 006C0069
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 006C0011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 006C0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 006C0058
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 006C0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 006C0FB6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [8F, 88]
0
Réponse 32 / 46
benj.garcia Messages postés 65 Statut Membre
 
2ème partie :

.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 006C0033
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 006A0044
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] msvcrt.dll!system 77BF93C7 5 Bytes JMP 006A0FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 006A0029
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] msvcrt.dll!_open 77BFF566 5 Bytes JMP 006A0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 006A0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 006A000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[204] WS2_32.dll!socket 719F4211 5 Bytes JMP 00690FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250080
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00250F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0025006F
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00250FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00250F69
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00250F7A
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002500E7
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002500D6
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00250F33
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00250FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0025000A
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002500A5
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00250040
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0025001B
.text C:\Program Files\Internet Explorer\iexplore.exe[296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00250F58
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00340025
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00340F72
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00340F83
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 0034000A
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00340F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [57, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00340FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 4437F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 44511777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 445116F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4451173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 44511684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 445116BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 445117B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 443A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[296] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 0035003D
.text C:\Program Files\Internet Explorer\iexplore.exe[296] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00350FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[296] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00350FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[296] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[296] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00350FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[296] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0035000C
.text C:\Program Files\Internet Explorer\iexplore.exe[296] WININET.dll!InternetOpenA 4409C865 5 Bytes JMP 01C40000
.text C:\Program Files\Internet Explorer\iexplore.exe[296] WININET.dll!InternetOpenW 4409CE99 5 Bytes JMP 01C40FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[296] WININET.dll!InternetOpenUrlA 440A0BCA 5 Bytes JMP 01C4001B
.text C:\Program Files\Internet Explorer\iexplore.exe[296] WININET.dll!InternetOpenUrlW 440EAF69 5 Bytes JMP 01C40FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[296] ws2_32.dll!socket 719F4211 5 Bytes JMP 02BA0FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006B000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006B00DA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006B00BF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006B00A4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006B0087
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006B006C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006B0112
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006B00F5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006B0FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006B0152
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006B0163
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!LoadLibraryW 7C80AEEB 1 Byte [E9]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006B0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006B0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006B0FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006B0051
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006B0040
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006B012D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 006A0047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 006A0FAC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 006A0036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 006A001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 006A0069
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 006A0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 006A0058
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 006A0FD1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00690053
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00690FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0069001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00690000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00690038
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00690FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[376] WS2_32.dll!socket 719F4211 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009E0045
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009E0F5A
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009E0F6B
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009E0F86
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009E0FA8
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009E0EFD
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009E0F0E
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E0ECE
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E0067
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009E0078
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009E0F97
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009E0F2B
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009E0014
.text C:\WINDOWS\system32\svchost.exe[724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009E0056
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 009D002C
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 009D007D
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 009D0062
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 009D0047
.text C:\WINDOWS\system32\svchost.exe[724] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 009D0FC0
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 009C004E
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!system 77BF93C7 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 009C0018
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_open 77BFF566 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 009C0029
.text C:\WINDOWS\system32\svchost.exe[724] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 009C0FDE
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710000
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00710F72
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710F8D
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710067
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710F9E
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00710FB9
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007100A9
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00710F61
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007100DF
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00710F3C
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00710F21
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0071004A
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00710082
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00710FD4
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00710025
.text C:\WINDOWS\system32\services.exe[888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007100BA
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00700FD1
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00700073
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 0070002C
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00700011
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00700058
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00700000
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00700047
.text C:\WINDOWS\system32\services.exe[888] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00700FB6
.text C:\WINDOWS\system32\services.exe[888] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 006F0FA6
.text C:\WINDOWS\system32\services.exe[888] msvcrt.dll!system 77BF93C7 5 Bytes JMP 006F0031
.text C:\WINDOWS\system32\services.exe[888] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 006F000C
.text C:\WINDOWS\system32\services.exe[888] msvcrt.dll!_open 77BFF566 5 Bytes JMP 006F0FEF
.text C:\WINDOWS\system32\services.exe[888] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 006F0FB7
.text C:\WINDOWS\system32\services.exe[888] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 006F0FD2
.text C:\WINDOWS\system32\services.exe[888] WS2_32.dll!socket 719F4211 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0062
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC002F
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0FB2
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F2B
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F46
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00A9
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC008E
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC0EF5
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0F97
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC0073
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0FCD
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\lsass.exe[900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F1A
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00BB0065
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [DE, 88]
0
Réponse 33 / 46
benj.garcia Messages postés 65 Statut Membre
 
3 eme partie :

.text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00BB0040
.text C:\WINDOWS\system32\lsass.exe[900] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00BA003D
.text C:\WINDOWS\system32\lsass.exe[900] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00BA0FB2
.text C:\WINDOWS\system32\lsass.exe[900] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00BA0011
.text C:\WINDOWS\system32\lsass.exe[900] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[900] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00BA0022
.text C:\WINDOWS\system32\lsass.exe[900] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[900] WS2_32.dll!socket 719F4211 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F92
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60FAD
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60087
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F6006C
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60036
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F600AC
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F64
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F60F1D
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F60F38
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F0C
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60051
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60F81
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F60F53
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00AB0F91
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00AB000A
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00AB0FCA
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00AB004E
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00AB003D
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00AB002C
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00AA0FA6
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00AA0FB7
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00AA001D
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00AA0FD2
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00AA000C
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 719F4211 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AB0F52
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AB0047
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AB002C
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AB0F6F
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AB001B
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AB0075
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AB0058
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AB00B2
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AB0097
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AB00CD
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AB0F8A
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AB0F37
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AB0FAF
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AB0FCA
.text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AB0086
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00AA0040
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00AA008E
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00AA002F
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00AA007D
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00AA0062
.text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00AA0051
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00A90F92
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00A90027
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00A90FD2
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00A90FB7
.text C:\WINDOWS\system32\svchost.exe[1120] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00A9000C
.text C:\WINDOWS\system32\svchost.exe[1120] WS2_32.dll!socket 719F4211 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03BA000A
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03BA00B3
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03BA00A2
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03BA0087
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03BA0076
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03BA004A
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03BA00F5
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03BA00DA
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03BA0121
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03BA0110
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03BA0F77
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03BA005B
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03BA0FEF
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03BA0FAD
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03BA002F
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03BA0FDE
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03BA0F92
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 03B90036
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 03B90F94
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 03B9001B
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 03B90FE5
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 03B90FA5
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 03B90000
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 03B90047
.text C:\WINDOWS\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 03B90FCA
.text C:\WINDOWS\System32\svchost.exe[1156] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 03B80F97
.text C:\WINDOWS\System32\svchost.exe[1156] msvcrt.dll!system 77BF93C7 5 Bytes JMP 03B8002C
.text C:\WINDOWS\System32\svchost.exe[1156] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 03B80FCD
.text C:\WINDOWS\System32\svchost.exe[1156] msvcrt.dll!_open 77BFF566 5 Bytes JMP 03B80FEF
.text C:\WINDOWS\System32\svchost.exe[1156] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 03B80FBC
.text C:\WINDOWS\System32\svchost.exe[1156] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 03B80FDE
.text C:\WINDOWS\System32\svchost.exe[1156] WS2_32.dll!socket 719F4211 5 Bytes JMP 03B70FEF
.text C:\WINDOWS\System32\svchost.exe[1156] WININET.dll!InternetOpenA 4409C865 5 Bytes JMP 03B60FEF
.text C:\WINDOWS\System32\svchost.exe[1156] WININET.dll!InternetOpenW 4409CE99 5 Bytes JMP 03B6000A
.text C:\WINDOWS\System32\svchost.exe[1156] WININET.dll!InternetOpenUrlA 440A0BCA 5 Bytes JMP 03B60FD4
.text C:\WINDOWS\System32\svchost.exe[1156] WININET.dll!InternetOpenUrlW 440EAF69 5 Bytes JMP 03B60FC3
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008D000A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008D002F
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008D0F44
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008D0F55
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008D0F72
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008D0FA8
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008D0F04
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008D0040
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008D0093
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008D0078
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008D0ED5
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008D0F8D
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008D0F1F
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008D0FB9
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008D0FDE
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008D0067
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 008C0FBC
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 008C0F86
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 008C0FCD
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 008C0FDE
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 008C0FA1
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 008C0FEF
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 008C0043
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 008C0028
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 008B0081
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!system 77BF93C7 5 Bytes JMP 008B0066
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 008B003A
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_open 77BFF566 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 008B004B
.text C:\WINDOWS\system32\svchost.exe[1204] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 008B001D
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 719F4211 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01280000
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01280047
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01280F52
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01280F79
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01280F94
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01280FCA
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01280F0B
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01280F1C
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01280075
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01280EDC
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01280086
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01280FAF
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01280011
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01280F2D
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01280FDB
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01280022
.text C:\WINDOWS\system32\wuauclt.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01280064
.text C:\WINDOWS\system32\wuauclt.exe[1260] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 01260FB9
.text C:\WINDOWS\system32\wuauclt.exe[1260] msvcrt.dll!system 77BF93C7 5 Bytes JMP 01260FD4
.text C:\WINDOWS\system32\wuauclt.exe[1260] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 01260044
.text C:\WINDOWS\system32\wuauclt.exe[1260] msvcrt.dll!_open 77BFF566 5 Bytes JMP 01260000
.text C:\WINDOWS\system32\wuauclt.exe[1260] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 01260FEF
.text C:\WINDOWS\system32\wuauclt.exe[1260] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0126001D
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 01270022
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 01270073
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 01270FDB
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 01270011
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01270062
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01270000
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 01270047
.text C:\WINDOWS\system32\wuauclt.exe[1260] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01270FC0
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F72
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F83
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F94
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0051
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0082
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F46
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00AE
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F15
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0EFA
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0040
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F57
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0093
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00BA0F6F
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00BA0F94
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B90FAB
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B90036
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B90FD7
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B90FBC
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B90011
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 719F4211 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E0000A
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E00089
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E00F94
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E00062
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E00051
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E00FD4
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E000CB
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E00F79
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E00112
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E000F7
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E0012D
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E00FAF
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E0001B
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E0009A
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E00FE5
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E00036
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E000E6
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 02DF0FB9
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 02DF005B
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 02DF0FCA
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 02DF000A
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 02DF004A
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 02DF0FEF
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 02DF0FA8
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [02, 8B]
0
Réponse 34 / 46
benj.garcia Messages postés 65 Statut Membre
 
4eme et dernière partie :

.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 02DF0025
.text C:\WINDOWS\Explorer.EXE[1664] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 02DD0FC8
.text C:\WINDOWS\Explorer.EXE[1664] msvcrt.dll!system 77BF93C7 5 Bytes JMP 02DD0053
.text C:\WINDOWS\Explorer.EXE[1664] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 02DD0FE3
.text C:\WINDOWS\Explorer.EXE[1664] msvcrt.dll!_open 77BFF566 5 Bytes JMP 02DD000C
.text C:\WINDOWS\Explorer.EXE[1664] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 02DD0038
.text C:\WINDOWS\Explorer.EXE[1664] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 02DD001D
.text C:\WINDOWS\Explorer.EXE[1664] WININET.dll!InternetOpenA 4409C865 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\Explorer.EXE[1664] WININET.dll!InternetOpenW 4409CE99 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\Explorer.EXE[1664] WININET.dll!InternetOpenUrlA 440A0BCA 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\Explorer.EXE[1664] WININET.dll!InternetOpenUrlW 440EAF69 5 Bytes JMP 00FE0014
.text C:\WINDOWS\Explorer.EXE[1664] WS2_32.dll!socket 719F4211 5 Bytes JMP 01AD000A
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0089
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0078
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB005B
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F4D
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB0F68
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00DC
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB00C1
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0F1E
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0036
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F79
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FAF
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\svchost.exe[2020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB00B0
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 3 Bytes JMP 0066002F
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExW + 4 77DA6AB3 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExW 77DA776C 3 Bytes JMP 00660F97
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExW + 4 77DA7770 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExA 77DA7852 3 Bytes JMP 00660FDE
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExA + 4 77DA7856 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyW 77DA7946 3 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyW + 4 77DA794A 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 3 Bytes JMP 00660FA8
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExA + 4 77DAE9F8 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 3 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyA + 4 77DAEFCC 1 Byte [88]
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 0066004A
.text C:\WINDOWS\system32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00660FC3
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00650038
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0065001D
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00650FB7
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 0065000C
.text C:\WINDOWS\system32\svchost.exe[2020] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00650FD2
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenA 4409C865 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenW 4409CE99 5 Bytes JMP 00630011
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlA 440A0BCA 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[2020] WININET.dll!InternetOpenUrlW 440EAF69 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[2020] WS2_32.dll!socket 719F4211 5 Bytes JMP 0064000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
0
Réponse 35 / 46
benj.garcia Messages postés 65 Statut Membre
 
############################## [ UsbFix V3.028 | Cleaning ]

# User : windows xp (Administrateurs) # ACER-1916361FFD
# Update on 02/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 10:44:33 | 08/06/2009

# Mobile AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

# C:\ # Disque fixe local # 17,46 Go (4,3 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 17,63 Go (14,98 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible # 143,59 Mo (87,25 Mo free) [PKBACK# 001] # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\WINDOWS\system32\tmp.reg

################## [ Registre # Clés Run infectieuses ]

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\...\Explorer\MountPoints2\{0fcade4e-2846-11de-ad77-000e9b78e1ae}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{5cf16212-065d-11dd-acfc-000e9b78e1ae}\Shell\Auto\Command

################## [ Listing des fichiers présent ]

[13/09/2004 19:07|---hs----|512] - C:\BOOTSECT.DOS
[05/08/2004 05:00|-rahs----|4952] - C:\Bootfont.bin
[10/05/2009 11:09|-rahs----|252240] - C:\ntldr
[05/08/2004 05:00|-rahs----|47564] - C:\NTDETECT.COM
[02/12/2004 21:38|-rahs----|196] - C:\BOOT.INI
[18/09/2004 14:36|-rahs----|69] - C:\PRELOAD.AAA
[01/01/2003 22:06|--a------|171] - C:\iv5setup.log
[18/09/2004 14:36|-rahs----|69] - C:\PRELOAD.REV
[12/10/2004 20:58|--a------|846] - C:\PATCH.REV
[10/01/2009 11:25|--ah-----|268] - C:\sqmdata05.sqm
[02/01/2009 15:34|--ah-----|244] - C:\sqmnoopt03.sqm
[02/12/2004 15:39|-rahs----|0] - C:\MSDOS.SYS
[02/12/2004 15:39|-rahs----|0] - C:\IO.SYS
[?|?|?] - C:\hiberfil.sys
[02/01/2009 15:34|--ah-----|268] - C:\sqmdata03.sqm
[04/01/2009 18:47|--ah-----|244] - C:\sqmnoopt04.sqm
[04/01/2009 18:47|--ah-----|268] - C:\sqmdata04.sqm
[10/01/2009 11:25|--ah-----|244] - C:\sqmnoopt05.sqm
[15/01/2009 17:57|--ah-----|244] - C:\sqmnoopt06.sqm
[15/01/2009 17:57|--ah-----|268] - C:\sqmdata06.sqm
[18/01/2009 15:11|--ah-----|244] - C:\sqmnoopt07.sqm
[18/01/2009 15:11|--ah-----|268] - C:\sqmdata07.sqm
[29/01/2009 15:30|--ah-----|268] - C:\sqmdata09.sqm
[22/01/2009 14:43|--ah-----|244] - C:\sqmnoopt08.sqm
[22/01/2009 14:43|--ah-----|268] - C:\sqmdata08.sqm
[29/01/2009 15:30|--ah-----|244] - C:\sqmnoopt09.sqm
[19/02/2009 19:17|--ah-----|244] - C:\sqmnoopt10.sqm
[19/02/2009 19:17|--ah-----|268] - C:\sqmdata10.sqm
[22/02/2009 15:33|--ah-----|244] - C:\sqmnoopt11.sqm
[22/02/2009 15:33|--ah-----|268] - C:\sqmdata11.sqm
[01/03/2009 15:50|--ah-----|244] - C:\sqmnoopt12.sqm
[01/03/2009 15:50|--ah-----|268] - C:\sqmdata12.sqm
[02/03/2009 19:10|--ah-----|244] - C:\sqmnoopt13.sqm
[02/03/2009 19:10|--ah-----|268] - C:\sqmdata13.sqm
[19/03/2009 17:01|--ah-----|244] - C:\sqmnoopt14.sqm
[19/03/2009 17:01|--ah-----|268] - C:\sqmdata14.sqm
[28/03/2009 13:06|--ah-----|244] - C:\sqmnoopt15.sqm
[28/03/2009 13:06|--ah-----|268] - C:\sqmdata15.sqm
[12/04/2009 11:45|--ah-----|268] - C:\sqmdata16.sqm
[02/12/2004 18:21|--a------|6] - C:\ISACER.ID
[12/04/2009 11:45|--ah-----|244] - C:\sqmnoopt16.sqm
[13/04/2009 18:07|--ah-----|244] - C:\sqmnoopt17.sqm
[13/04/2009 18:07|--ah-----|268] - C:\sqmdata17.sqm
[13/04/2009 18:49|--ah-----|244] - C:\sqmnoopt18.sqm
[13/04/2009 18:49|--ah-----|268] - C:\sqmdata18.sqm
[23/04/2009 17:48|--ah-----|244] - C:\sqmnoopt19.sqm
[23/04/2009 17:48|--ah-----|232] - C:\sqmdata19.sqm
[?|?|?] - C:\pagefile.sys
[06/05/2009 18:46|--a------|2514] - C:\TB.txt
[13/05/2009 17:18|--a------|2336] - C:\rapport.txt
[16/05/2009 11:27|--a------|2995] - C:\Rooter.txt
[22/05/2009 08:37|--a------|3048] - C:\FindyKill.txt
[08/06/2009 10:46|--a------|4944] - C:\UsbFix.txt
[16/09/2005 23:14|--a------|187] - C:\Raccourci vers ACERDATA (D).lnk
[04/05/2009 18:05|--ah-----|244] - C:\sqmnoopt00.sqm
[04/05/2009 18:05|--ah-----|232] - C:\sqmdata00.sqm
[10/05/2009 19:05|--ah-----|244] - C:\sqmnoopt01.sqm
[10/05/2009 19:05|--ah-----|232] - C:\sqmdata01.sqm
[27/12/2008 11:53|--ah-----|244] - C:\sqmnoopt02.sqm
[27/12/2008 11:53|--ah-----|268] - C:\sqmdata02.sqm
[26/12/2004 11:28|--a------|734427136] - D:\les deux tours cd1.avi
[21/02/2005 18:45|--ahs----|3584] - D:\Thumbs.db
[02/04/2009 13:59|--a------|57601752] - F:\compta_expert_515.exe
[10/09/2004 19:34|--a------|778240] - F:\minilock-w32-x86-23633.exe

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.028 ! ]
0
Réponse 36 / 46
benj.garcia Messages postés 65 Statut Membre
 
Rapport ComboFix :

ComboFix 09-06-07.05 - windows xp 08/06/2009 11:01.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.163 [GMT 2:00]
Lancé depuis: c:\documents and settings\windows xp\Bureau\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ayadd.bak2
c:\windows\system32\ayadd.tmp
c:\windows\system32\bvgousgw.ini
c:\windows\system32\eaukxaes.ini
c:\windows\system32\ffntuxbr.ini
c:\windows\system32\idxvycts.ini
c:\windows\system32\isxmoetp.ini
c:\windows\system32\ivrceeib.ini
c:\windows\system32\kcvevicj.ini
c:\windows\system32\kvkogywq.ini
c:\windows\system32\mbqhcbft.ini
c:\windows\system32\qdbbghpd.ini
c:\windows\system32\rurxgaop.ini
c:\windows\system32\stera.log
c:\windows\system32\thnnteel.ini
c:\windows\system32\unneepku.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_vspf
-------\Service_vspf_hk

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-08 au 2009-06-08 ))))))))))))))))))))))))))))))))))))
.

2009-06-03 16:05 . 2009-06-03 16:05 -------- d-----w- C:\UsbFix
2009-06-01 15:02 . 2009-06-01 15:02 579584 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-06-01 15:01 . 2009-06-01 15:01 -------- d-----w- c:\windows\ERUNT
2009-06-01 14:55 . 2008-11-06 00:03 -------- d-----w- C:\SDFix
2009-05-22 06:34 . 2009-05-22 06:34 -------- d-----w- C:\FindyKill
2009-05-16 09:26 . 2009-05-16 09:26 -------- d-----w- C:\Rooter$
2009-05-14 16:18 . 2009-05-14 16:18 -------- d-----w- C:\rsit
2009-05-13 15:27 . 2009-05-13 15:27 -------- d-----w- c:\documents and settings\windows xp\Application Data\Malwarebytes
2009-05-13 15:27 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-13 15:27 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 15:27 . 2009-05-13 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 15:27 . 2009-05-13 15:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 13:23 . 2009-05-10 13:23 -------- d-sh--w- C:\FOUND.002
2009-05-10 09:15 . 2009-05-10 09:15 -------- d-----w- c:\windows\system32\fr
2009-05-10 09:15 . 2009-05-10 09:15 -------- d-----w- c:\windows\l2schemas
2009-05-10 09:15 . 2009-05-10 09:15 -------- d-----w- c:\windows\system32\bits
2009-05-10 09:13 . 2009-05-10 09:13 -------- d-----w- c:\windows\ServicePackFiles
2009-05-10 08:55 . 2009-05-10 08:55 -------- d-----w- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 10:18 . 1979-12-31 22:00 74328 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-10 10:18 . 1979-12-31 22:00 466680 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-10 09:19 . 2004-09-13 17:25 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-27 16:59 . 2004-12-02 19:38 63760 ----a-w- c:\documents and settings\windows xp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 15:59 . 2009-04-27 15:59 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:18 . 2009-04-27 15:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-26 13:04 . 2009-04-26 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-26 12:50 . 2009-04-26 12:50 152576 ----a-w- c:\documents and settings\windows xp\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-26 12:48 . 2009-04-13 16:23 1 ----a-w- c:\documents and settings\windows xp\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-04-13 16:22 . 2009-04-13 16:22 -------- d-----w- c:\documents and settings\windows xp\Application Data\OpenOffice.org
2009-04-13 16:19 . 2009-04-13 16:19 -------- d-----w- c:\program files\JRE
2009-04-13 16:19 . 2009-04-13 16:19 -------- d-----w- c:\program files\OpenOffice.org 3
2009-03-30 15:07 . 2009-03-30 15:07 152576 ----a-w- c:\documents and settings\windows xp\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-07-15 49152]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-09-08 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-08-13 73728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4141056]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2002-11-25 172032]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2004-08-27 81920]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-22 143360]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-09-01 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-07-25 88363]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [16/09/2004 17:09 140288]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [01/01/2003 21:59 2343]
S1 mailKmd;mailKmd; [x]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [01/10/2005 13:53 21344]
.
Contenu du dossier 'Tâches planifiées'

2009-06-08 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-nwiz - nwiz.exe
HKU-Default-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE
Notify-gebywwx - gebywwx.dll
SafeBoot-procexp90.Sys

.
------- Examen supplémentaire -------
.
mWindow Title =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5019b3d965544fa18c2e704a8850158f
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5019b3d965544fa18c2e704a8850158f
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 11:05
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3028)
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\MCAFEE\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXE
c:\program files\MCAFEE\VIRUSSCAN ENTERPRISE\VSTSKMGR.EXE
c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\MCAFEE\COMMON FRAMEWORK\NAPRDMGR.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\program files\MCAFEE\COMMON FRAMEWORK\MCTRAY.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\program files\MCAFEE\VIRUSSCAN ENTERPRISE\MCSHIELD.EXE
.
**************************************************************************
.
Heure de fin: 2009-06-08 11:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-08 09:08

Avant-CF: 4 558 798 848 octets libres
Après-CF: 4 467 900 416 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

182 --- E O F --- 2009-05-13 18:13
0
Réponse 37 / 46
benj.garcia Messages postés 65 Statut Membre
 
Rapport RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by windows xp at 2009-06-08 11:12:19
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (24%) free of 18 GB
Total RAM: 447 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:40, on 08/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\windows xp\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\windows xp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5019b3d965544fa18c2e704a8850158f
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5019b3d965544fa18c2e704a8850158f
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101998390555
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/aurigma/ImageUploader4.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploader4.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 38 / 46
Utilisateur anonyme
 
Bonjour

• Télécharger OTMoveIt3 via un clic droit sur le lien ci-dessous:
http://oldtimer.geekstogo.com/OTMoveIt3.exe
• Copier ce texte en gras
:processes

Explorer.exe

:services
mailKmd

:files
C:\WINDOWS\system32\drivers\mailKmd.sys

:Commands
[emptytemp]

[start explorer]

[Reboot]

• Double-clic sur OTMoveIt.exe
• Dans le cadre de Gauche « Paste Instructions for Items to be Moved » ==> clic-droit ==> coller
• Clic « MoveIt! »
• si redémarrage demandé==> Clic : « YES »
• Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse (format du type => mmjjaaaa_hhmmss.log)
---------------------------------------------------------------------------------------------------------------------------
Télécharge MSNFix
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
------------------------------------------------------------------------------------------------------------------------
Comment se comporte ton pc?

0
Réponse 39 / 46
benj.garcia Messages postés 65 Statut Membre
 
Salut,

je ne peux pas lancer OTMove it, lorsque je doublclic dessus j'ai un message :
" leprocesseur NTVDM a rencontré une instruction non autorisée.
CS:0fc4 IP:0208 OP:63 61 22 20 73 Choisissez 'fermer' pour mettre fin àl'application"

Que faire?
0
Réponse 40 / 46
Utilisateur anonyme
 
Bonsoir

Passe anti spywares et élimines toutes les véroles qu'il te trouveras.Ensuite refait OTMoveIt3.
• Télécharge :https://www.superantispyware.com/
• Choisis "enregistrer" et enregistre-le sur ton bureau.
• Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
• Créé une icône sur le bureau.
• Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
• Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
• Sous Configuration and Preferences, clique sur le bouton "Preferences"
• Clique sur l'onglet "Scanning Control "
• Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
• Close browsers before scanning
• Scan for tracking cookies
• Terminate memory threats before quarantining
• Laisse les autres lignes décochées.
• Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
• Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
• Dans la colonne de gauche, coche C:\Fixed Drive.
• Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
• Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
• A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
• Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
• Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
• Pour recopier les informations sur le forum, fais ceci :
• après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
• Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
• Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
• Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
• Copie son contenu dans ta réponse.
• Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
https://www.malekal.com/?s=SUPERAntiSpyware

0