Bonjour, Pour cause de Firewall mal paramétré au départ, je me suis pris un cheval de Troie: Win32 injecté. Au démarrage de l'ordi une fenêtre de l'anti-virus m'indique: "le virus n'a pas pu être supprimer, impossible de désincfecter l'objet". Impossible non plus d'ouvrir la quarantaine "erreur 1392" Besoin d'aide, pouvez-vous m'aider s'il vous plait? Merci. Configuration: Windows Vista / Internet Explorer 8.0

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\ __________________________________________________________ >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.< >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<< ===================================================== &#9654 Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur Telecharge ici : Combofix Avant d'utiliser ComboFix : Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système. La simple désactivation du résident n'est pas suffisante. Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover Choisis la version adéquate (32 ou 64 bits)/!\ Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement : &#9654 Télécharge Defogger (de jpshortstuff) sur ton Bureau &#9654 Lance le Une fenêtre apparait : clique sur "Disable" &#9654 Fais redémarrer l'ordinateur si l'outil te le demande Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable" _________________________________________________________ >> referme les fenêtres de tous les programmes en cours. >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, >>la protection en temps réel de ton Antivirus et de tes Antispywares, >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° si tu as XP => double clique si tu as Vista ou windows 7 => clic droit "executer en tant que...." sur combofix renommé ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤ &#9654 !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!! &#9654 n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. &#9654&#9654 Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Win32 injecté: besoin d'aide svp

Réponse 21 / 91

Utilisateur anonyme
30 mars 2011 à 09:26

ok toute facon le scan dure une heure en gros

Réponse 22 / 91

Grumman
30 mars 2011 à 21:49

La rédaction du rapport ne se lance pas car il y a une fenêtre qui apparaît:
"Windows ne trouve pas C:\Scan\CLRAV.txt. Vérifiez que vous avez rentré le nom correct, puis recommencez."

Pourtant "C:\Scan" existe alors j'ai créé le sous dossier "CLRAV.txt" mais cela ne marche pas non plu.

Réponse 23 / 91

Utilisateur anonyme
30 mars 2011 à 22:57

Rhôôoô chez moi ca marche nickel , comprends pas.....

Réponse 24 / 91

Grumman
31 mars 2011 à 08:29

J'ai réessayé plusieurs fois ce matin, ça ne marche toujours pas!

Il est compatible Vista ?

Réponse 25 / 91

Utilisateur anonyme
31 mars 2011 à 08:45

supprime-le , retelecharge-le et reessaie en mode sans echec

Réponse 26 / 91

Grumman
31 mars 2011 à 08:48

Je fait ça tout de suite.

Réponse 27 / 91

Grumman
31 mars 2011 à 11:36

En mode sans échec ça n'a pas fonctionné, suis revenu en mode normal ça ne va pas non plus.
Dès que je lance le logiciel, en tant qu'adm... "pour les 2 essais" il y a une fenêtre qui tente de s'ouvrir pendant 1/10 de seconde et il n'y a rien qui ce passe.

Désolé.

Réponse 28 / 91

Utilisateur anonyme
31 mars 2011 à 15:00

/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

Telecharge ici : Combofix

Avant d'utiliser ComboFix :

Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

▶ Lance le

Une fenêtre apparait : clique sur "Disable"

▶ Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Réponse 29 / 91

Grumman
31 mars 2011 à 20:51

OK je fait ça "au calme" dès demain matin.

Bonne soirée.

Réponse 30 / 91

Utilisateur anonyme
31 mars 2011 à 21:32

lol ok suis bien les instructions :)

Réponse 31 / 91

Grumman
1 avril 2011 à 07:53

En lançant ComboFix, il y a eu un message d'erreur, j'ai cliqué sur OK et il s'est lancé sans que je puisse le renommé "je n'est pas osé tout arrêté".
C'est grave ?

Voilà le rapport que tu m'a demander:

ComboFix 11-03-31.02 - yves 01/04/2011 7:18.1.4 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2129 [GMT 2:00]
Lancé depuis: c:\users\yves\Desktop\ComboFix.exe
AV: Anti-virus firewall 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Anti-virus firewall 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Anti-virus firewall 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{7B86AFD3-FDEA-4F50-8898-784CEEDC11C0}\_Setup.dll
c:\programdata\Tarma Installer\{7B86AFD3-FDEA-4F50-8898-784CEEDC11C0}\20100629204837.log
c:\programdata\Tarma Installer\{7B86AFD3-FDEA-4F50-8898-784CEEDC11C0}\Setup.dat
c:\programdata\Tarma Installer\{7B86AFD3-FDEA-4F50-8898-784CEEDC11C0}\Setup.exe
c:\programdata\Tarma Installer\{7B86AFD3-FDEA-4F50-8898-784CEEDC11C0}\Setup.ico
c:\tdsskiller\tdsskiller.exe
c:\users\yves\AppData\Roaming\Icones\icones_pa.ico
c:\users\yves\AppData\Roaming\Microsoft\Windows\Recent\Essentiel de la charte de confidentialite Microsoft en ligne.url
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-01 au 2011-04-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-01 05:23 . 2011-04-01 05:23 -------- d-----w- c:\users\yves\AppData\Local\temp
2011-04-01 05:23 . 2011-04-01 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 21:05 . 2011-04-01 05:23 -------- d-----w- C:\tdsskiller
2011-03-29 06:23 . 2011-03-29 06:25 251807 ----a-w- c:\program files\Microsoft Games\Microsoft Flight Simulator X\uninstal_af1x.exe
2011-03-29 05:46 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{659DE9D9-B37B-424B-9F7A-76D03A332D55}\mpengine.dll
2011-03-27 10:10 . 2011-03-27 10:24 -------- d-----w- C:\UsbFix
2011-03-26 07:59 . 2011-03-27 04:45 -------- d-----w- c:\users\yves\DoctorWeb
2011-03-26 05:38 . 2011-03-26 05:38 512 ------w- C:\PhysicalDisk0_MBR.bin
2011-03-26 05:36 . 2011-03-26 06:43 -------- d-----w- c:\program files\ZHPDiag
2011-03-23 15:16 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 15:16 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:16 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-20 06:34 . 2011-03-20 06:34 -------- d-----w- c:\program files\Ad-Remover
2011-03-15 16:01 . 2010-07-01 16:53 77824 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Games\AI Formation V2\AI Formation.exe
2011-03-15 16:00 . 2010-07-01 16:53 77824 ----a-w- c:\program files\Microsoft Games\AI Formation V2\AI Formation.exe
2011-03-13 18:08 . 2011-03-23 15:52 -------- d-----w- c:\program files\FS Recorder for FSX
2011-03-12 17:53 . 2011-03-12 17:53 -------- d-----w- C:\MSFS
2011-03-11 15:51 . 2011-03-11 15:51 -------- d-----w- c:\users\yves\AppData\Roaming\Jürgen Treml
2011-03-10 15:53 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 15:53 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 15:53 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 15:53 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 15:53 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 15:53 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 18:07 . 2001-05-21 10:46 198656 ----a-w- c:\windows\system32\Comdlg32.ocx
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 10:24 . 2011-03-27 10:15 4992 ----a-w- C:\UsbFix_Upload_Me_PC-DE-YVES.zip
2011-03-12 07:15 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-12 16:18 . 2011-02-12 16:06 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-02-02 20:40 . 2010-05-02 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-03 04:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 17:12 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 17:12 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 17:12 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 17:12 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 17:12 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 17:12 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 17:12 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 17:12 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 17:12 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 17:12 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 17:12 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 17:12 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 17:12 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 17:12 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 17:12 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 17:12 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 17:12 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 17:12 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 17:12 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 17:12 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 17:12 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 17:12 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 17:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 17:12 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 17:12 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-09 17:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 17:11 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27 . 2011-02-22 17:38 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-22 17:38 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-22 17:38 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-22 17:38 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-22 17:38 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-22 17:38 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-22 17:38 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-22 17:38 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-22 17:38 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-22 17:38 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-22 17:38 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-07-10 03:37 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2007-12-11 16:06 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
1998-04-26 22:00 . 1998-04-26 22:00 570128 ----a-w- c:\program files\Common Files\DAO350.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-20 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\yves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"ORAHSSSessionManager"=c:\program files\Orange\SessionManager\SessionManager.exe
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database_e189e\bin\fbserver.exe [2008-08-07 3276800]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [2011-02-12 63992]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 136832]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-09-14 135168]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-02-12 42664]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [2009-11-18 69928]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-11-18 37544]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 72904]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe [2009-08-27 1253376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 147456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [2011-02-12 130728]
S3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2007-07-18 135680]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:30]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
Toolbar-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
Toolbar-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - (no file)
WebBrowser-{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - (no file)
WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 07:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!!*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!&*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!'*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!**]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\
* "*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\+* '*]
@Allowed: (Read) (RestrictedCode)
.
Heure de fin: 2011-04-01 07:24:52
ComboFix-quarantined-files.txt 2011-04-01 05:24
.
Avant-CF: 332 654 796 800 octets libres
Après-CF: 332 590 112 768 octets libres
.
- - End Of File - - A2B1912C1B92A5617C6ED60F03E06B1E

Réponse 32 / 91

Grumman
Modifié par Grumman le 1/04/2011 à 08:41

Pour renommé Combofix je n'avais pas compris ton explication.

En cherchant sur internet, j'ai compris la manoeuvre.

Suis trop nul!!!

Faut-il recommencé un scan ?

Réponse 33 / 91

Utilisateur anonyme
1 avril 2011 à 14:55

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

RegLoclDel::
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!*]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!!*]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!&*]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!'*]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!**]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!"*]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\+*!'*]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\* "*]
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\+* '*]

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Réponse 34 / 91

Grumman
1 avril 2011 à 21:37

Cette fois ci, c'est ok. Encore mille excuses.

ComboFix (2):

ComboFix 11-03-31.02 - yves 01/04/2011 21:10:06.2.4 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2006 [GMT 2:00]
Lancé depuis: c:\users\yves\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\yves\Desktop\CFScript.txt
AV: Anti-virus firewall 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Anti-virus firewall 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Anti-virus firewall 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-01 au 2011-04-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-01 19:16 . 2011-04-01 19:19 -------- d-----w- c:\users\yves\AppData\Local\temp
2011-04-01 19:16 . 2011-04-01 19:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-29 21:05 . 2011-04-01 05:23 -------- d-----w- C:\tdsskiller
2011-03-29 06:23 . 2011-03-29 06:25 251807 ----a-w- c:\program files\Microsoft Games\Microsoft Flight Simulator X\uninstal_af1x.exe
2011-03-29 05:46 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{659DE9D9-B37B-424B-9F7A-76D03A332D55}\mpengine.dll
2011-03-27 10:10 . 2011-03-27 10:24 -------- d-----w- C:\UsbFix
2011-03-26 07:59 . 2011-03-27 04:45 -------- d-----w- c:\users\yves\DoctorWeb
2011-03-26 05:38 . 2011-03-26 05:38 512 ------w- C:\PhysicalDisk0_MBR.bin
2011-03-26 05:36 . 2011-03-26 06:43 -------- d-----w- c:\program files\ZHPDiag
2011-03-23 15:16 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 15:16 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 15:16 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-20 06:34 . 2011-03-20 06:34 -------- d-----w- c:\program files\Ad-Remover
2011-03-15 16:01 . 2010-07-01 16:53 77824 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Games\AI Formation V2\AI Formation.exe
2011-03-15 16:00 . 2010-07-01 16:53 77824 ----a-w- c:\program files\Microsoft Games\AI Formation V2\AI Formation.exe
2011-03-13 18:08 . 2011-03-23 15:52 -------- d-----w- c:\program files\FS Recorder for FSX
2011-03-12 17:53 . 2011-03-12 17:53 -------- d-----w- C:\MSFS
2011-03-11 15:51 . 2011-03-11 15:51 -------- d-----w- c:\users\yves\AppData\Roaming\Jürgen Treml
2011-03-10 15:53 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 15:53 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 15:53 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 15:53 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 15:53 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 15:53 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 18:07 . 2001-05-21 10:46 198656 ----a-w- c:\windows\system32\Comdlg32.ocx
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 10:24 . 2011-03-27 10:15 4992 ----a-w- C:\UsbFix_Upload_Me_PC-DE-YVES.zip
2011-03-12 07:15 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-12 16:18 . 2011-02-12 16:06 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
2011-02-02 20:40 . 2010-05-02 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-03 04:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 17:12 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 17:12 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 17:12 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 17:12 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 17:12 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 17:12 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 17:12 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 17:12 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 17:12 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 17:12 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 17:12 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 17:12 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 17:12 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 17:12 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 17:12 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 17:12 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 17:12 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 17:12 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 17:12 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 17:12 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 17:12 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 17:12 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 17:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 17:12 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 17:12 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-09 17:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 17:11 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27 . 2011-02-22 17:38 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-22 17:38 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-22 17:38 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-22 17:38 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-22 17:38 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-22 17:38 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-22 17:38 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-22 17:38 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-22 17:38 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-22 17:38 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-22 17:38 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-07-10 03:37 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2007-12-11 16:06 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
1998-04-26 22:00 . 1998-04-26 22:00 570128 ----a-w- c:\program files\Common Files\DAO350.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-20 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"F-Secure Manager"="c:\program files\Orange\Antivirus Firewall\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\yves\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"ORAHSSSessionManager"=c:\program files\Orange\SessionManager\SessionManager.exe
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database_e189e\bin\fbserver.exe [2008-08-07 3276800]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 136832]
R3 SaiH0BAC;SaiH0BAC;c:\windows\system32\DRIVERS\SaiH0BAC.sys [2007-09-14 135168]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\Antivirus Firewall\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-02-12 42664]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys [2009-11-18 69928]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-11-18 37544]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 72904]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe [2009-08-27 1253376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 147456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\Antivirus Firewall\Anti-Virus\minifilter\fsgk.sys [2011-02-12 130728]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [2011-02-12 63992]
S3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2007-07-18 135680]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:30]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 21:19
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!!*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!&*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!'*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\*"!**]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\
* "*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-432480864-1858704682-312830756-1000\+* '*]
@Allowed: (Read) (RestrictedCode)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe
c:\program files\Orange\Antivirus Firewall\Anti-Virus\FSGK32.EXE
c:\program files\Orange\Antivirus Firewall\Common\FSMA32.EXE
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Orange\Antivirus Firewall\Common\FSHDLL32.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe
c:\program files\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe
c:\windows\system32\conime.exe
c:\program files\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2011-04-01 21:26:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-04-01 19:26
ComboFix2.txt 2011-04-01 05:24
.
Avant-CF: 330 155 331 584 octets libres
Après-CF: 329 974 464 512 octets libres
.
- - End Of File - - 15B9825229CEC434AD633649A7A576A1

Réponse 35 / 91

Utilisateur anonyme
1 avril 2011 à 21:44

telecharge ceci , desactive tes protections , puis clic sur :

télécharger la derniere version

ensuite relance-le puis clique sur lancer un scan

tu posteras CLRAV.txt qui apparaitra sur ton bureau en fin de scan

http://dl.dropbox.com/u/21363431/CLRAV.exe

Réponse 36 / 91

Grumman
1 avril 2011 à 21:58

Ca ne marche toujours pas.
Au moment de lancer le scan, une fenêtre fait pour apparaître et disparait aussitôt
et après plus rien!
Merci pour ta patience.

Réponse 37 / 91

Utilisateur anonyme
1 avril 2011 à 22:17

▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

Desactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."

▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Réponse 38 / 91

Grumman
Modifié par Grumman le 1/04/2011 à 22:47

A la fin du scan une fenêtre s'ouvre:

Le titre de cette fenêtre_ "gmer.exe acessé de fonctionner"

le libellé: Un problème fait que le programme a cessé de fonctionner correctement. Windows va fermer ce programme et vous indiquez si une solution est disponible.

PS: J'ai fait plusieurs essais mais toujours pareil.

Pendant le scan, pas vu de lignes rouges.

Réponse 39 / 91

grumman
1 avril 2011 à 23:09

Le scan de gmer est entrain de ce faire sans accroc: Pourvu que ça dure.

Réponse 40 / 91

Grumman
1 avril 2011 à 23:29

Voilà le rapprot gmer:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-01 23:23:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD501LJ rev.CR100-11
Running: gmer.exe; Driver: C:\Users\yves\AppData\Local\Temp\ugtiyfob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwCreateThread [0x94AF6E7C]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwLoadDriver [0x94AF71AC]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x94AF6BBC]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwOpenSection [0x94AF75DE]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwRenameKey [0x94AF887C]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x94AF742E]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwSuspendProcess [0x94AF6A3C]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwSuspendThread [0x94AF6EB0]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x94AF7032]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwTerminateProcess [0x94AF6996]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwTerminateThread [0x94AF6AF6]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x94AF6F76]
SSDT \??\C:\Program Files\Orange\Antivirus Firewall\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x94AF6E96]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 82AFC9A4 4 Bytes [7C, 6E, AF, 94] {JL 0x70; SCASD ; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 37D 82AFCB00 4 Bytes [AC, 71, AF, 94] {LODSB ; JNO 0xffffffffffffffb2; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3AD 82AFCB30 4 Bytes [BC, 6B, AF, 94]
.text ntkrnlpa.exe!KeSetEvent + 3FD 82AFCB80 4 Bytes [DE, 75, AF, 94] {FIDIV WORD [EBP-0x51]; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 515 82AFCC98 4 Bytes [7C, 88, AF, 94] {JL 0xffffffffffffff8a; SCASD ; XCHG ESP, EAX}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 009D000C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 009D100C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 009D200C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 009D300C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 009D400C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 009D500C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 009DB00C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009D800C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009D600C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009D900C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009D700C
.text C:\Program Files\Common Files\MAGIX Services\Database_e189e\bin\FABS.exe[468] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 009DA00C
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0032000C
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0032100C
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0032200C
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0032300C
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0032400C
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0032800C
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0032600C
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0032900C
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0032700C
.text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0032500C
.text C:\Windows\system32\wininit.exe[572] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0032A00C
.text C:\Windows\system32\conime.exe[624] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 001A000C
.text C:\Windows\system32\conime.exe[624] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 001A100C
.text C:\Windows\system32\conime.exe[624] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 001A200C
.text C:\Windows\system32\conime.exe[624] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 001A300C
.text C:\Windows\system32\conime.exe[624] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 001A400C
.text C:\Windows\system32\conime.exe[624] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001A800C
.text C:\Windows\system32\conime.exe[624] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001A600C
.text C:\Windows\system32\conime.exe[624] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001A900C
.text C:\Windows\system32\conime.exe[624] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001A700C
.text C:\Windows\system32\conime.exe[624] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 001A500C
.text C:\Windows\system32\conime.exe[624] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 001AB00C
.text C:\Windows\system32\conime.exe[624] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 001AA00C
.text C:\Windows\system32\lsass.exe[632] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0008000C
.text C:\Windows\system32\lsass.exe[632] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0008100C
.text C:\Windows\system32\lsass.exe[632] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0008200C
.text C:\Windows\system32\lsass.exe[632] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0008300C
.text C:\Windows\system32\lsass.exe[632] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0008400C
.text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0008800C
.text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0008600C
.text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0008900C
.text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0008700C
.text C:\Windows\system32\lsass.exe[632] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0008500C
.text C:\Windows\system32\lsass.exe[632] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0008B00C
.text C:\Windows\system32\lsass.exe[632] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0008A00C
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0010000C
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0010100C
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0010200C
.text C:\Windows\system32\lsm.exe[640] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0010300C
.text C:\Windows\system32\lsm.exe[640] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0010400C
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0010800C
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0010600C
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0010900C
.text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0010700C
.text C:\Windows\system32\lsm.exe[640] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0010500C
.text C:\Windows\system32\lsm.exe[640] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0010A00C
.text C:\Windows\system32\winlogon.exe[724] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0032000C
.text C:\Windows\system32\winlogon.exe[724] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0032100C
.text C:\Windows\system32\winlogon.exe[724] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0032200C
.text C:\Windows\system32\winlogon.exe[724] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0032300C
.text C:\Windows\system32\winlogon.exe[724] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0032400C
.text C:\Windows\system32\winlogon.exe[724] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0032800C
.text C:\Windows\system32\winlogon.exe[724] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0032600C
.text C:\Windows\system32\winlogon.exe[724] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0032900C
.text C:\Windows\system32\winlogon.exe[724] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0032700C
.text C:\Windows\system32\winlogon.exe[724] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0032500C
.text C:\Windows\system32\winlogon.exe[724] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0032B00C
.text C:\Windows\system32\winlogon.exe[724] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0032A00C
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 001A000C
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 001A100C
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 001A200C
.text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00A7000C
.text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00A7100C
.text C:\Windows\system32\nvvsvc.exe[872] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00A7200C
.text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 00A7300C
.text C:\Windows\system32\nvvsvc.exe[872] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 00A7400C
.text C:\Windows\system32\nvvsvc.exe[872] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 00A7800C
.text C:\Windows\system32\nvvsvc.exe[872] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 00A7600C
.text C:\Windows\system32\nvvsvc.exe[872] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 00A7900C
.text C:\Windows\system32\nvvsvc.exe[872] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 00A7700C
.text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 00A7500C
.text C:\Windows\system32\nvvsvc.exe[872] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 00A7B00C
.text C:\Windows\system32\nvvsvc.exe[872] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 00A7A00C
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0010000C
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0010100C
.text C:\Windows\system32\svchost.exe[904] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0010200C
.text C:\Windows\System32\svchost.exe[940] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0088000C
.text C:\Windows\System32\svchost.exe[940] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0088100C
.text C:\Windows\System32\svchost.exe[940] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0088200C
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0073000C
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0073100C
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0073200C
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0090000C
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0090100C
.text C:\Windows\System32\svchost.exe[1016] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0090200C
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00E8000C
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00E8100C
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00E8200C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 003C000C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 003C100C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 003C200C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 003C300C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 003C400C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003C800C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003C600C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003C900C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003C700C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 003C500C
.text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1048] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 003CA00C
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0007000C
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0007100C
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0007200C
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0097000C
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0097100C
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0097200C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00C2000C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00C2100C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00C2200C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 00C2300C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 00C2400C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 00C2500C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 00C2A00C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 00C2800C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 00C2600C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 00C2900C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1260] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 00C2700C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 01F1000C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 01F1100C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 01F1200C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 01F1300C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 01F1400C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 01F1500C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 01F1B00C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01F1800C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01F1600C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01F1900C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01F1700C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1280] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 01F1A00C
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 008E000C
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 008E100C
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 008E200C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 021E000C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 021E100C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 021E200C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 021E300C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 021E400C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 021E500C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 021EB00C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 021E800C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 021E600C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 021E900C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 021E700C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[1416] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 021EA00C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 009A000C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 009A100C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 009A200C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 009A300C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 009A400C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009A800C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009A600C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009A900C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009A700C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 009A500C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 009AB00C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1488] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 009AA00C
.text C:\Windows\system32\nvvsvc.exe[1500] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0140000C
.text C:\Windows\system32\nvvsvc.exe[1500] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0140100C
.text C:\Windows\system32\nvvsvc.exe[1500] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0140200C
.text C:\Windows\system32\nvvsvc.exe[1500] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0140300C
.text C:\Windows\system32\nvvsvc.exe[1500] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0140400C
.text C:\Windows\system32\nvvsvc.exe[1500] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0140800C
.text C:\Windows\system32\nvvsvc.exe[1500] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0140600C
.text C:\Windows\system32\nvvsvc.exe[1500] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0140900C
.text C:\Windows\system32\nvvsvc.exe[1500] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0140700C
.text C:\Windows\system32\nvvsvc.exe[1500] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0140500C
.text C:\Windows\system32\nvvsvc.exe[1500] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0140B00C
.text C:\Windows\system32\nvvsvc.exe[1500] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0140A00C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0029000C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0029100C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0029200C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0029300C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0029400C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0029A00C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0029500C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0029B00C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0029800C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0029600C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0029900C
.text C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe[1540] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0029700C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00DB000C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00DB100C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00DB200C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 00DB300C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 00DB400C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 00DB800C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 00DB600C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 00DB900C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 00DB700C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 00DB500C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 00DBB00C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1656] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 00DBA00C
.text C:\Windows\system32\svchost.exe[1764] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00D5000C
.text C:\Windows\system32\svchost.exe[1764] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00D5100C
.text C:\Windows\system32\svchost.exe[1764] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00D5200C
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0007000C
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0007100C
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0007200C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0021000C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0021100C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0021200C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0021300C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0021400C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0021800C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0021600C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0021900C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0021700C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0021500C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0021B00C
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[2040] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0021A00C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0091000C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0091100C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0091200C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0091300C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0091400C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0091800C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0091600C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0091900C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0091700C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0091500C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0091B00C
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2072] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0091A00C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0024000C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0024100C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0024200C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0024300C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0024400C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ADVAPI32.dll!CloseServiceHandle 771B82A5 3 Bytes JMP 0024800C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ADVAPI32.dll!CloseServiceHandle + 4 771B82A9 1 Byte [89]
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0024600C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0024900C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0024700C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0024500C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0024B00C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2156] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0024A00C
.text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00C3000C
.text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00C3100C
.text C:\Windows\system32\svchost.exe[2192] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00C3200C
.text C:\Windows\System32\svchost.exe[2224] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 001C000C
.text C:\Windows\System32\svchost.exe[2224] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 001C100C
.text C:\Windows\System32\svchost.exe[2224] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 001C200C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 001C000C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 001C100C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 001C200C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 001C300C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 001C400C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 001CA00C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 001C500C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 001CB00C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001C800C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001C600C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001C900C
.text C:\Program Files\Saitek\SD6\Software\SaiMfd.exe[2252] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001C700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00D4000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00D4100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00D4200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 00D4300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 00D4400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 00D4800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 00D4600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 00D4900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 00D4700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 00D4A00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 00D4500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2264] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 00D4B00C
.text C:\Windows\system32\SearchIndexer.exe[2312] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0579000C
.text C:\Windows\system32\SearchIndexer.exe[2312] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0579100C
.text C:\Windows\system32\SearchIndexer.exe[2312] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0579200C
.text C:\Windows\system32\SearchIndexer.exe[2312] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0579300C
.text C:\Windows\system32\SearchIndexer.exe[2312] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0579400C
.text C:\Windows\system32\SearchIndexer.exe[2312] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0579800C
.text C:\Windows\system32\SearchIndexer.exe[2312] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0579600C
.text C:\Windows\system32\SearchIndexer.exe[2312] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0579900C
.text C:\Windows\system32\SearchIndexer.exe[2312] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0579700C
.text C:\Windows\system32\SearchIndexer.exe[2312] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0579500C
.text C:\Windows\system32\SearchIndexer.exe[2312] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0579B00C
.text C:\Windows\system32\SearchIndexer.exe[2312] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0579A00C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0029000C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0029100C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0029200C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0029300C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0029400C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0029800C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0029600C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0029900C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0029700C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0029500C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0029B00C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2332] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0029A00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 007B000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 007B100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 007B200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 007B300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 007B400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 007B800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 007B600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 007B900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 007B700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 007B500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2480] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 007BA00C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 01D4000C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 01D4100C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 01D4200C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 01D4300C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 01D4400C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 01D4500C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 01D4B00C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01D4800C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01D4600C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01D4900C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01D4700C
.text C:\Program Files\Logitech\Gaming Software\LWEMon.exe[2784] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 01D4A00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0038000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0038100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0038200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0038300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0038400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0038800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0038600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0038900C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0038700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0038500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0038B00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2804] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0038A00C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 0298000C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 0298100C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 0298200C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 0298300C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] kernel32.dll!TerminateThread 762F41F7 5 Bytes JMP 0298400C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0298800C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0298600C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0298900C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0298700C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] USER32.dll!SetWindowsHookExW 765D87AD 5 Bytes JMP 0298500C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] USER32.dll!DdeConnect 76619A1F 5 Bytes JMP 0298B00C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2948] ole32.dll!CoCreateInstanceEx 772B9F81 5 Bytes JMP 0298A00C
.text C:\Windows\system32\taskeng.exe[2960] ntdll.dll!NtCreateProcess 778642E4 5 Bytes JMP 00A3000C
.text C:\Windows\system32\taskeng.exe[2960] ntdll.dll!NtCreateProcessEx 778642F4 5 Bytes JMP 00A3100C
.text C:\Windows\system32\taskeng.exe[2960] ntdll.dll!NtCreateUserProcess 77865654 5 Bytes JMP 00A3200C
.text C:\Windows\system32\taskeng.exe[2960] kernel32.dll!LoadLibraryExW 762D9109 5 Bytes JMP 00A3300C
.text C:\Windows\system32\taskeng.exe[2960] kernel32.dll!TerminateThread 762F41F7 5

Win32 injecté: besoin d'aide svp

91 réponses

Discussions similaires