Sujet Précédent Sujet Suivant

Infécté, Par Un Virus Indétéctable !!!

Résolu/Fermé
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010 - 8 déc. 2009 à 05:52
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010 - 16 juin 2010 à 13:14
Bonjour,
En allumant mon pc,
* 1, j'ai eu la surprise de trouver, une belle info-bulle m'indiquant un danger, avec fenetre pop-pup qui s'ouvrait tout les 10sec au milieu de l'ecran pour acheter windows security center.
aprés quelque recherche j'ai pu régler ce probleme avec smitfraudfix. Mais....

*2, mon antivirus été désactivé, impossible de le réactivé manuellement, je l'ai désinstalé remis rien n'y fait.

*3, j'ai téléchargé, combofix, Antivir, Malwarebytes sur mon bureau meme en changeant le nom impossible de les installé "petit sablier puis pu rien", j'ai reussi a instalé spyware terminator ouf un qui marche mé qui na rien trouvé non plus et hijackthis et dds qui eux ont été instalé pénard et fonctionne

*4 De sur croi le pc ce mais a freezer, je doi rebooté souvent si c pas reboot sur reboot , j'ai fait d scan en ligne avec panda et autre rien trouvé, et tout ca a été aussi tésté en mode sans echec bien sur.
, Virus intéligent lol alors avec tout ces freez ces reboot tout ces scan avec a la clef rien...! je perd patience lol

Si quelqu'un a des solutions concraitre ce serrais vraiment sympa, merci.

PS: Rapport hijackthis, ci joint.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:15:58, on 08/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\christiane picard\Bureau\coucou.exe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

114 réponses

Précédent
Réponse 81 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 02:53
ouf, j'ai du changé de navigateur, pour posté le log car impossible avec IE8, j'été déconécté tt le temp, il me demandé d'instalé javascript et me disé que je n'été pas connécté ci ki été le cas, alors que je vené juste d'entrée mes identifants, ou que j'avais deja posté ce message "sur fond rouge" mais rien dans la disscussion, mozzila ne fonctionne pas "point d'entré introuvable", je suis avec safari qui marche trés bien,

PS, pour le rapport j'ai du mi prendre a 3 foi car au tt debut du scanne le pc a rebooté tt seul, é aprés tt c bien passé en mode normal voila tt, merci
0
Réponse 82 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 04:22
XP étant stable, j'ai réessayé de réinstalé MBAM, et surprise instalation nikel et trés rapide, j'ai donc fait de suite un scan 7 objet critik trouvé 2 trojan 5 TDSS, je te poste le contenu, je commence a revoir le jour lol tu as mis dans le mil...!!! merci, j'atend la suite de t conseil, je mais tt en quarantaine ce que MBAM a trouvé du fait que je ne vois pas les logiciels que tu mas fait installé qui aurais pu etre pris pour ce qu'il n'été pas.

PS; surement que le dérnier log Gmer é devenu caduk mm si je pense qu'il doit résté pas mal de béstiol

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3383
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/12/2009 04:15:39
mbam-log-2009-12-18 (04-15-35).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 212069
Temps écoulé: 48 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\H8SRTfolscshwdx.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\H8SRToxskvlldyl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\h8srtcfg.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\H8SRTqjoirbubof.dat (Rootkit.TDSS) -> No action taken.
C:\Documents and Settings\christiane picard\Local Settings\Temp\H8SRTffb6.tmp (Rootkit.TDSS) -> No action taken.
0
Réponse 83 / 114
Utilisateur anonyme
18 déc. 2009 à 11:08
Parfait, par contre il va falloir que tu relances Malwarebytes.
En effet, tu as oublié de supprimer les objets détectés (No action taken).
Rappel :

• A la fin du scan, clique sur Afficher les résultats

• Coche tous les éléments détectés puis clique sur Supprimer la sélection

• S'il t'est demandé de redémarrer, clique sur Yes


Et refais un scan gmer après Malwarebytes stp.
0
Réponse 84 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 12:35
oui c"été le 1er log avant action entreprise, g donc mis en quarantaine

voila le new log
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3383
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/12/2009 04:22:24
mbam-log-2009-12-18 (04-22-24).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 212069
Temps écoulé: 48 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\H8SRTfolscshwdx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRToxskvlldyl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtcfg.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\H8SRTqjoirbubof.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\christiane picard\Local Settings\Temp\H8SRTffb6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 85 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 12:38
puis-je les supprimés ? je pense qui doit résté du monde dans le pc, un scan combofix peut etre ou autre, quelle sont t conseil ?
0
Réponse 86 / 114
Utilisateur anonyme
18 déc. 2009 à 13:02
Refais un scan gmer stp, on verra si c'est bien nettoyé.
0
Réponse 87 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 20:04
bla
0
Réponse 88 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 20:08
je n'arrive pas a posté le log je comprend pas il me dit que j'ai deja posté ce message, je v retenté, g écri bla "lol" é c passé pourtant le log né pas trop long
0
Réponse 89 / 114
Utilisateur anonyme
18 déc. 2009 à 20:10
Utilse ci-joint pour le transmettre :

• Va sur le site ci-joint.fr

• Clique sur le bouton parcourir

• Recherche le rapport et clique sur Ouvrir

• Clique sur le bouton "Cliquez ici pour déposer le fichier"

• Copie ensuite le lien qui est affiché dans ta réponse.
0
Réponse 90 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 20:22
il 'mindique que Les fichiers avec l'extension .log ne peuvent pas être déposés !
0
Réponse 91 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 20:24
je vais éssayé en désinstalan mozila é le réienstalan, j'ai deja rédemaré le pc rien ni fé, c un peu comme IE hier
0
Réponse 92 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 20:58
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-18 19:06:48
Windows 5.1.2600 Service Pack 3
Running: 4dtm0otz.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\kgtyiaod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B73360, 0x21DDFD, 0xE8000020]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB955BEBF]
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [32, 5F]
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [35, 5F]
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[260] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\WINDOWS\Explorer.EXE[260] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[260] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[260] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[260] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[260] WS2_32.dll!WSALookupServiceBeginW 719F35EF 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[260] WS2_32.dll!connect 719F4A07 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[260] WS2_32.dll!listen 719F8CD3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [32, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [35, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01670001
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] WS2_32.dll!WSALookupServiceBeginW 719F35EF 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] WS2_32.dll!connect 719F4A07 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[372] WS2_32.dll!listen 719F8CD3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[416] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\TPSMain.exe[416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011C0001
.text C:\WINDOWS\system32\TPSMain.exe[416] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\TPSMain.exe[416] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\a-squared Anti-Malware\a2guard.exe[440] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 004552D1 C:\Program Files\a-squared Anti-Malware\a2guard.exe (a-squared Guard/Emsi Software GmbH)
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014E0001
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[448] shell32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01950001
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[456] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[472] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\TPSBattM.exe[472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\TPSBattM.exe[472] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[480] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\rundll32.exe[480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[480] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[480] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\rundll32.exe[480] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\rundll32.exe[480] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[508] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\ehome\ehtray.exe[508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01D20001
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\ehome\ehtray.exe[508] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[520] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\rundll32.exe[520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[520] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[520] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\rundll32.exe[520] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\rundll32.exe[520] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01040001
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[548] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[564] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\AGRSMMSG.exe[564] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[572] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\Program Files\Winamp\winampa.exe[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D50001
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Program Files\Winamp\winampa.exe[572] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Winamp\winampa.exe[572] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Winamp\winampa.exe[572] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Winamp\winampa.exe[572] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
0
Réponse 93 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 20:59
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01800001
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE[592] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [32, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [35, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02FF0001
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F370F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F190F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F100F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F130F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F220F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F250F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] WS2_32.dll!WSALookupServiceBeginW 719F35EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] WS2_32.dll!connect 719F4A07 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[648] WS2_32.dll!listen 719F8CD3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01540001
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[724] shell32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [32, 5F]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [35, 5F]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 07670001
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] WS2_32.dll!WSALookupServiceBeginW 719F35EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] WS2_32.dll!connect 719F4A07 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[848] WS2_32.dll!listen 719F8CD3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [32, 5F]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [35, 5F]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 07530001
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F220F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F370F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F190F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F130F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F250F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] WS2_32.dll!WSALookupServiceBeginW 719F35EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] WS2_32.dll!connect 719F4A07 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe[868] WS2_32.dll!listen 719F8CD3 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[872] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EF0001
.text C:\WINDOWS\system32\ctfmon.exe[872] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[872] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [32, 5F]
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [35, 5F]
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SFR\Kit\9props.exe[916] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [29, 5F]
.text C:\Program Files\SFR\Kit\9props.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015F0001
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F370F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F190F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F100F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F130F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F220F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F250F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] WS2_32.dll!WSALookupServiceBeginW 719F35EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] WS2_32.dll!connect 719F4A07 6 Bytes JMP 5F070F5A
.text C:\Program Files\SFR\Kit\9props.exe[916] WS2_32.dll!listen 719F8CD3 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CE0001
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1088] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\a-squared Anti-Malware\a2service.exe[1512] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045495D C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [26, 5F]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [29, 5F]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [23, 5F]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [20, 5F]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D50001
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3972] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtDeleteValueKey 7C91D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtDeleteValueKey + 4 7C91D272 2 Bytes [23, 5F]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtOpenProcess 7C91D5FE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtOpenProcess + 4 7C91D602 2 Bytes [26, 5F]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtSetInformationFile 7C91DC5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtSetInformationFile + 4 7C91DC62 2 Bytes [29, 5F]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtSetValueKey 7C91DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtSetValueKey + 4 7C91DDD2 2 Bytes [20, 5F]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtWriteFile 7C91DF7E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ntdll.dll!NtWriteFile + 4 7C91DF82 2 Bytes [1D, 5F]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!SendMessageW 7E3A929A 6 Bytes JMP 5F2B0F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!PostMessageA 7E3AAAFD 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!SendInput 7E3AF140 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!SendInput + 4 7E3AF144 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!SendMessageA 7E3AF3C2 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!mouse_event 7E3E673F 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] USER32.dll!keybd_event 7E3E6783 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\christiane picard\Bureau\4dtm0otz.exe[8548] SHELL32.dll!Shell_NotifyIconW 7CA3A5BF 6 Bytes JMP 5F310F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
0
Réponse 94 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 21:02
enfin lol, j'ai coupé le log en 2, cijoint impossible de l'inseret dans le site aparement voila
0
Réponse 95 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
18 déc. 2009 à 21:12
bon ba éfféctivement le log é long lol je né pas eu le message qui me signalé un rootkit au debut du scan,le scan c fini, j'ai vu qu'il ne travaillé plus, mé ne me la pas signalé, peut etre normal,g donc sauvé le log sur bureau, de la g cliké sur safari pour posté le log tt a l'heur é le pc a rebooté direct, alors je c pas trop, voila, si ca peut aidé
0
Réponse 96 / 114
Utilisateur anonyme
19 déc. 2009 à 00:25
Oui, çà a l'air pas mal, refais un rapport rsit stp.
0
Réponse 97 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
19 déc. 2009 à 03:15
voila le scan

Logfile of random's system information tool 1.06 (written by random/random)
Run by christiane picard at 2009-12-19 03:14:20
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 14 GB (12%) free of 114 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:14:21, on 19/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\christiane picard\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\christiane picard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/...
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://www.ma-config.com/activex/MaConfig_4_0_0_6.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1ca8038db964424) (gupdate1ca8038db964424) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 98 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
19 déc. 2009 à 03:16
le scan a été super rapide 3sec, j'éspére que c bon, merci encor,
0
Réponse 99 / 114
Utilisateur anonyme
19 déc. 2009 à 12:18
Oui, c'est bon.
As-tu encore des problèmes ?
0
Réponse 100 / 114
campello238 Messages postés 70 Date d'inscription mardi 8 décembre 2009 Statut Membre Dernière intervention 16 juin 2010
19 déc. 2009 à 17:24
simplement avec IE, je me conect sur le site des que je clique pour posté ou autre je ne suis plus reconnu, je n'arrive donc plus a posté, le site me dit "Veuillez remplir correctement les champs suivants SVP: Nom ou pseudonyme manquant Corps du message vide"

alors qu'avec opera, je suis reconnu automatiquement juste en ouvran le site pas besoin d'entré mes idendifianf, je n'avais pas ce problém avan
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses