Sujet Précédent Sujet Suivant

Désinfection TROJAN

Fermé
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011 - 30 mars 2011 à 18:46
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011 - 31 mars 2011 à 16:46
Bonjour,

j'ai fai un scan avec ZHPdiag et voici le lien du rapport

merci par avance de votre aide

http://cjoint.com/data1/1dEsSxdFuyM.htm



A voir également:

6 réponses

Réponse 1 / 6
olivier114 Messages postés 1552 Date d'inscription mercredi 4 mars 2009 Statut Membre Dernière intervention 26 novembre 2013 104
30 mars 2011 à 19:00
il y a une infection usb et des adwares
dans un premier temps faite ceci:
* Télécharge AD-Remover (de C_XX) sur ton Bureau.
/!\ Déconnecte toi et ferme toutes les applications en cours /!\
* Double-clique sur l'icône AD-Remover
* Au menu principal, clique sur "Nettoyer"
* Confirme le lancement de l'analyse et laisse l'outil travailler
* Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report.log )

ensuite ceci:
Il y a une infection de disques amovibles :

* Télécharge USBFix (de El desaparecido et C_XX) sur ton Bureau
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, lecteur mp3 etc...) sans les ouvrir
* Fais un clic droit sur le programme USBFix et choisis 'Exécuter en tant qu'administrateur'.
* Au menu principal, clique sur "Suppression"
* Ton Bureau va disparaitre, puis l'ordinateur va redémarrer : c'est normal
* Laisse travailler l'outil jusqu'au bout
* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse stp
0
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011
30 mars 2011 à 19:46
voici le rapport de AD-remover:


======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 19:25:06 le 30/03/2011, Mode normal

Microsoft Windows 7 Édition Starter (X86)
fabien@FABIEN-PC (ASUSTeK Computer INC. 1001PQ)

============== RECHERCHE ==============


Dossier trouvé: C:\Users\fabien\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Users\fabien\AppData\LocalLow\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Users\fabien\AppData\LocalLow\PriceGong

Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{6C70DAB1-21A5-45AD-A606-68B0D06045AE}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C70DAB1-21A5-45AD-A606-68B0D06045AE}
Clé trouvée: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Clé trouvée: HKLM\Software\Classes\Conduit.Engine
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2542115
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\AppDataLow\Toolbar
Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E3C98AA-4EB4-48C9-8241-4C1EC79B2704}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

**** Google Chrome Version [10.0.648.204] ****


-- C:\Users\fabien\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: true
Plugin - RIM Handheld Application Loader (Activé: true) (C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll)
Plugin - "RIM Handheld Application Loader" (Activé: true)

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://asus.msn.com
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://asus.msn.com
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\ConduitEngine.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{8E3C98AA-4EB4-48C9-8241-4C1EC79B2704} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine" (C:\Program Files\ConduitEngine\ConduitEngine.dll)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 30/03/2011 19:25:18 (5277 Octet(s))

Fin à: 19:26:59, 30/03/2011

============== E.O.F ==============
je fai nettoyer maitenant ?
0
Réponse 2 / 6
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011
30 mars 2011 à 19:07
je sais que apparemment les Trojans vienne de fichiers a but pas très légaux mais étant novice, je pense que je mérite une aide pour cette fois car cela me sert deja bien de leçon donc
SVP aidez moi

merci d'avance
0
Réponse 3 / 6
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011
30 mars 2011 à 19:55
voila le rapport après le nettoyage:


======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 01/03/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:48:49 le 30/03/2011, Mode normal

Microsoft Windows 7 Édition Starter (X86)
fabien@FABIEN-PC (ASUSTeK Computer INC. 1001PQ)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\fabien\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\fabien\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Users\fabien\AppData\LocalLow\PriceGong

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{6C70DAB1-21A5-45AD-A606-68B0D06045AE}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C70DAB1-21A5-45AD-A606-68B0D06045AE}
Clé supprimée: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2542115
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E3C98AA-4EB4-48C9-8241-4C1EC79B2704}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== SCAN ADDITIONNEL ==============

**** Google Chrome Version [10.0.648.204] ****


-- C:\Users\fabien\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Preferences - homepage: hxxp://www.google.com
Preferences - homepage_is_newtabpage: true
Plugin - RIM Handheld Application Loader (Activé: true) (C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll)
Plugin - "RIM Handheld Application Loader" (Activé: true)

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_URLSearchHooks|{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
HKCU_Toolbar\WebBrowser|{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll)
HKLM_Toolbar|{4daac69c-cba7-45e2-9bc8-1044483d3352} (C:\Program Files\Softonic_France\tbSoft.dll)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C} - C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63\OberonBroker.exe (?)
BHO\{4daac69c-cba7-45e2-9bc8-1044483d3352} - "Softonic_France Toolbar" (C:\Program Files\Softonic_France\tbSoft.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 58 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 30/03/2011 19:48:54 (5228 Octet(s))
C:\Ad-Report-SCAN[1].txt - 30/03/2011 19:25:18 (5415 Octet(s))

Fin à: 19:50:34, 30/03/2011

============== E.O.F ==============

ca donne quoi ?
0
Réponse 4 / 6
Utilisateur anonyme
Modifié par 91300 le 30/03/2011 à 20:55
bon ciruisse, ton sujet a été fermer ou je t'aidais non?
sais tu pourquoi la modération (je suppose que c'est eux...) a eu la bonne idée de le supprimer stp?
merci
▶▶▶ CONTRIBUTEUR SÉCURITÉ ◀◀◀

Qualification Helper sur HELPER FORMATION.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011
30 mars 2011 à 21:13
je ne sais pas pourquoi ils ont fermé mon sujet? oui tu m'as donné la marche à suivre mais je ne comprend pas grand chose au rapport des scans !
0
Utilisateur anonyme
30 mars 2011 à 21:15
j'ai vu ton rapport la.
as tu des émulateurs comme alcool 52% ou deamon tool etc...?
0
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011
30 mars 2011 à 21:22
non rien de tout cela
0
Réponse 6 / 6
Utilisateur anonyme
30 mars 2011 à 21:23
ok, vérification importante alors:

Télécharge GMER Scanner de rootkit

http://www2.gmer.net/download.php

[*]télécharge le .exe sur ton Bureau . Retiens son nom car il est aléatoire.

[*]désactives toutes tes protections (antivirus, scans résidents etc...) qui peuvent empêcher le logiciel de démarrer.

[*]exécute le en faisant un double clic sur le fichier créé. Néglige les alertes.

[*]le chargement va prendre une minute.

[*]si des rootkits sont décelés, répond non quand on te demande si tu veux faire un scan complet (Full scan).

[*]règle les paramètres (fenêtre de droite) de la manière suivante :


# seule la partition système (en général C:\ ) doit rester cochée
# Show All : décochée

[*]clique sur "SCAN" puis patiente...

[*]En fin de traitement clique sur "SAVE" et enregistre sur le Bureau "051209.txt"

[*]Double clique sur "051209.txt" ; le fichier s'ouvre dans le Bloc-Notes

[*]Copie le contenu et colle le dans ta réponse.
0
ciruisse Messages postés 13 Date d'inscription dimanche 5 juillet 2009 Statut Membre Dernière intervention 31 mars 2011
31 mars 2011 à 16:46
Bonjour, voici le rapport de GMER:


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-31 16:43:32
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003
Running: hybhekiy.exe; Driver: C:\Users\fabien\AppData\Local\Temp\uxdiipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8639A728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8639A7D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8639A870]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x863AE82E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x863AE652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x863AE78C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81E99589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EBE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 81EC584C 4 Bytes [28, A7, 39, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 81EC5A0C 4 Bytes [D8, A7, 39, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 54C 81EC5B5C 4 Bytes [70, A8, 39, 86]
PAGE ntkrnlpa.exe!ZwLoadDriver 81FF728F 7 Bytes JMP 863AE790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8205F2CB 5 Bytes JMP 863AA1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82079003 5 Bytes JMP 863ABCA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 820871B3 7 Bytes JMP 863AE656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 821312F4 7 Bytes JMP 863AE832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AA522000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AA522123 486 Bytes [D5, 51, AA, FE, 05, 34, D5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 529A AA52230A 142 Bytes [51, AA, 3B, 08, 77, 04, 3B, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AA522399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AA5223FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
.text user32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0
.text user32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0
.text user32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30
.text user32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720
.text user32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0

---- User code sections - GMER 1.0.15 ----

.text C:\windows\System32\svchost.exe[304] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[304] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[304] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[304] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[304] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[304] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[304] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[344] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[424] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[424] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[424] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[424] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[424] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[424] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe[424] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[436] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[436] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[436] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[436] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[436] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[436] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[436] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\wininit.exe[480] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\wininit.exe[480] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\wininit.exe[480] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\wininit.exe[480] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\wininit.exe[480] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\services.exe[536] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\services.exe[536] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\winlogon.exe[568] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\winlogon.exe[568] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\winlogon.exe[568] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\winlogon.exe[568] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\winlogon.exe[568] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\lsass.exe[596] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\lsass.exe[596] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\lsm.exe[604] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\lsm.exe[604] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[704] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[704] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[712] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[712] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[800] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[800] user32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[800] user32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[800] user32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[800] user32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[800] user32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[864] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[864] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[864] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[864] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[864] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[864] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[864] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[928] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[928] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[928] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[928] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[928] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\System32\svchost.exe[928] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[960] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[960] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1108] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1108] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\SearchFilterHost.exe[1140] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\SearchFilterHost.exe[1140] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\SearchFilterHost.exe[1140] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\SearchFilterHost.exe[1140] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\SearchFilterHost.exe[1140] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\SearchFilterHost.exe[1140] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\SearchFilterHost.exe[1140] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1356] kernel32.dll!SetUnhandledExceptionFilter 76BD3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[1444] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[1444] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[1444] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[1444] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[1444] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[1444] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[1444] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\EasyBits For Kids\EEEDockCtl.exe[1456] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\EasyBits For Kids\EEEDockCtl.exe[1456] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\EasyBits For Kids\EEEDockCtl.exe[1456] user32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\EasyBits For Kids\EEEDockCtl.exe[1456] user32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\EasyBits For Kids\EEEDockCtl.exe[1456] user32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\EasyBits For Kids\EEEDockCtl.exe[1456] user32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\EasyBits For Kids\EEEDockCtl.exe[1456] user32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1508] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1508] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1508] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1508] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1508] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1508] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1508] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1648] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1648] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1648] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1648] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1648] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1648] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[1648] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1660] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1660] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1660] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1660] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1660] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1660] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1660] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1728] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1728] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1728] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1728] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1728] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1728] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1728] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\Dwm.exe[1800] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\Dwm.exe[1800] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\Dwm.exe[1800] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\Dwm.exe[1800] USER32.dll!UnhookWinEvent 76A5D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\Dwm.exe[1800] USER32.dll!SetWindowsHookExW 76A6210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\Dwm.exe[1800] USER32.dll!SetWinEventHook 76A6507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\system32\Dwm.exe[1800] USER32.dll!SetWindowsHookExA 76A86DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\Explorer.EXE[1820] ntdll.dll!LdrUnloadDll 77C4BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\Explorer.EXE[1820] ntdll.dll!LdrLoadDll 77C4F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\Explorer.EXE[1820] USER32.dll!UnhookWindowsHookEx 76A5CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\windows\Explorer.EXE[1820] USER32.dll!UnhookWinEvent
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses