Virus empeche acces internet [Résolu/Fermé]

Signaler
Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
-
Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
-
Bonjour,

dans un premier tps je tiens à signaler que je ne m'y connais pas trop en informatique !

j'ai choper un virus hier windows retail
je ne pouvais plus rien faire, ni aller sur internet; ni consulter le moindre de mes fichiers !
je suis allé chez un amis pr consulter des forums sur le sujet et j'ai téléchargé 3, 4 logiciels mentionné dessus !

ensuite avec ces logiciels j'ai fait du grand n'importe quoi mais je suis parvenu par je ne sais quel miracle a retrouver mes fichiers grace à rogue killer je crois !!
probleme internet ne fonctionnais toujours pas !!

j'ai alors désinstalé avira car il me soulait il m'annonçais un virus toutes les 3 secondes pour finalement telecharger sur une clé usb avast !!
j'ai installer avast et une h d'analyse plus tard et malgré la suppression de 120 virus selon lui tjs le meme probleme, impossible d'aller sur internet ! puis avast fait comme avira, n'importe quoi !!

j'ai emprunté un pc pour retourner sur des forum j'ai telechargé ZPHFix et Diag mais maintenant meme ZPHFix refuse de demarer; une erreur d'application selon mon pc !!

je sais plus quoi faire, j'ai voulu jouer au grand mais la je dois bien reconnaitre que je suis totalement dépassé !!

quelqu'un pourrait il m'aider svp
je suis sous windows xp
merci
tony

37 réponses

Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
Salut

on va regarder

* Télécharge sur le bureau RogueKiller (par tigzy)
* Quitte tous tes programmes en cours
* Sous Vista/Seven, => Clique droit, lancer en tant qu'admin
* Lance le.
* Lorsque demandé, tape 1 et valide
* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
* Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois, ou renommer en winlogon.exe
Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
1
voici le rapport :

RogueKiller V4.3.5 par Tigzy
contact sur https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Tony [Droits d'admin]
Mode: Recherche -- Date : 01/04/2011 12:17:22

Processus malicieux: 0

Entrees de registre: 0

Fichier HOSTS:
127.0.0.1 localhost


Termine : << RKreport[1].txt >>
RKreport[1].txt

je te remercie de m'avoir rép
tony
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
Ok, donc pas de proxy visiblement

* Télécharge ZHPDiag
Capture

* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Sous vista/seven, si un message d'erreur apparait , clique droit => exécuter en tant qu'admin
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Heberge le rapport ici: http://pjjoint.malekal.com/ et colle le lien dans la réponse

Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
1
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
Télécharger et dézipper sur le bureau TDSSKiller

= Lancer TDSSKiller en faisant un double clique
= Une fois le scan fini, un rapport s'ouvre
= Copier coller le contenu dans la prochaine réponse
= Le rapport se trouve également dans C:\TDSSKiller.XXXXXX_log.txt.( X correspondant a la version, la date et l'heure )

Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
1
je suis désolé mais mon pc refuse de lancer tdsskiller
que puis-je faire ?
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
il se passe quoi?
Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
1
je le télécharge, puis je le dézipe et TDSSkiller apparait dans un dossier sur mon bureau (un V rouge et une fleche noir) !
je double clique dessus, le sablier apparait puis il disparait et rien ne se passe !
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
...

Télécharger et enregistrer sur le bureau
Combofix

=Desactiver l'antivirus
=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l'outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse
Réactiver l'antivirus
Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
1
c'est bon j'ai pu le faire, toutefois je n'ai pas pu récupérer la mise a jour qu'il m'a demander car je n'ai toujours pas de connexion internet !

voici le rapport de comboFix :

ComboFix 11-03-31.04 - Tony Bazin 01/04/2011 15:18:30.2.2 - x86
Lancé depuis: c:\documents and settings\Tony Bazin\Bureau\ComboFix.exe
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\19980084mgr.exe
c:\documents and settings\All Users\Application Data\21028660mgr.exe
c:\documents and settings\Tony Bazin\Application Data\Local
c:\documents and settings\Tony Bazin\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Tony Bazin\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Tony Bazin\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\x1c9gs.mp4
c:\documents and settings\Tony Bazin\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\xgp1ko.mp4
c:\documents and settings\Tony Bazin\Application Data\Local\Temp\DDM\Settings\x1c9gs.mp4.ddr
c:\documents and settings\Tony Bazin\Application Data\Local\Temp\DDM\Settings\xgp1ko.mp4.ddr
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
Une copie infectée de c:\windows\system32\termsrv.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\termsrv.dll
.
Une copie infectée de c:\windows\system32\srsvc.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\srsvc.dll
.
Une copie infectée de c:\windows\pchealth\helpctr\binaries\pchsvc.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\pchsvc.dll
.
Une copie infectée de c:\windows\system32\drivers\volsnap.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-01 au 2011-04-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-01 00:27 . 2011-04-01 11:56 -------- d-----w- c:\program files\ZHPFix
2011-03-31 22:12 . 2011-03-31 22:12 -------- d-----w- c:\program files\quakaqgu
2011-03-31 19:25 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-31 19:25 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-31 19:25 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-31 19:25 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-31 19:25 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-31 19:25 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-31 19:25 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-31 19:25 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-31 19:25 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-31 19:25 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-31 19:25 . 2011-03-31 19:25 -------- d-----w- c:\program files\AVAST Software
2011-03-31 19:25 . 2011-03-31 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-31 19:17 . 2011-03-31 19:17 -------- d-----w- c:\program files\Protect My Disk
2011-03-31 17:33 . 2011-03-31 17:33 -------- d-----w- c:\program files\Prg Chris
2011-03-31 16:01 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 16:01 . 2011-03-31 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 15:57 . 2011-03-31 20:47 -------- d-----w- C:\ToolBar SD
2011-03-31 12:08 . 2011-03-31 12:33 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-03-31 12:03 . 2011-03-31 12:03 158152 ----a-w- c:\windows\Explorermgr.exe
2011-03-31 11:47 . 2011-03-31 11:47 -------- d-----w- c:\program files\Enigma Software Group
2011-03-31 11:47 . 2011-03-31 12:03 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-03-31 11:46 . 2011-03-31 11:46 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2011-03-31 10:52 . 2011-03-31 10:52 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-03-31 10:51 . 2011-04-01 11:55 -------- d-----w- c:\program files\ZHPDiag
2011-03-31 10:29 . 2011-03-31 10:29 -------- d-----w- c:\documents and settings\Tony Bazin\Application Data\Malwarebytes
2011-03-31 09:05 . 2011-03-31 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-31 08:57 . 2011-03-31 09:47 1104960 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-31 08:53 . 2011-03-31 08:53 -------- d-----w- c:\documents and settings\Administrateur
2011-03-31 00:02 . 2011-03-31 10:29 -------- d-----w- c:\documents and settings\a
2011-03-30 23:24 . 2011-03-30 23:24 -------- d-----w- c:\windows\system32\LogFiles
2011-03-30 22:57 . 2011-03-30 22:57 158108 ------w- c:\program files\Mozilla Firefox\null0.15260373600780486.exe
2011-03-22 16:15 . 2011-03-22 16:15 -------- d--h--w- c:\documents and settings\Tony Bazin\Local Settings\Application Data\Identities
2011-03-12 12:28 . 2011-03-12 12:28 103864 ------w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 12:28 . 2011-03-12 12:28 103864 ------w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:54 . 2008-12-23 17:36 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2008-12-23 17:36 186880 ------w- c:\windows\system32\encdec.dll
2011-01-21 14:44 . 2008-12-23 17:36 441344 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-12-23 17:36 290048 ------w- c:\windows\system32\atmfd.dll
2011-03-18 17:58 . 2011-03-31 11:30 142296 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 409088 . . [------] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[7] 2008-04-14 . 3D3C316BD1E112F3B9C532D8B9939BDC . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ------w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\windows\system32\config\systemprofile\Menu D'marrer\Programmes\D'marrage\
ybrwktml.exe [2011-3-31 158152]
.
c:\documents and settings\Administrateur\Menu D'marrer\Programmes\D'marrage\
ybrwktml.exe [2011-3-31 158152]
.
c:\windows\system32\config\systemprofile\Menu D'marrer\Programmes\D'marrage\
ybrwktml.exe [2011-3-31 158152]
.
c:\documents and settings\Tony Bazin\Menu D'marrer\Programmes\D'marrage\
ybrwktml.exe [2011-4-1 158152]
.
c:\windows\system32\config\systemprofile\Menu D'marrer\Programmes\D'marrage\
ybrwktml.exe [2011-3-31 158152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-31 136176]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\samsung\Samsung Network Manager\SNMWLANService.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hspabus;SAMSUNG HSPA USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\hspabus.sys [2008-09-29 91776]
R3 hspamdfl;SAMSUNG HSPA Modem Filter;c:\windows\system32\DRIVERS\hspamdfl.sys [2008-09-29 14976]
R3 hspamdm;SAMSUNG HSPA Modem Drivers;c:\windows\system32\DRIVERS\hspamdm.sys [2008-09-29 119808]
R3 hspaserd;SAMSUNG HSPA Modem Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\hspaserd.sys [2008-09-29 98560]
R3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\DRIVERS\SUE_PD.sys [2006-10-30 19840]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-19 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2005-10-27 4300]
S3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.sys [2008-01-14 30208]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2008-09-23 238464]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-31 19:25]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-31 19:25]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tony Bazin\Application Data\Mozilla\Firefox\Profiles\ghx43fo4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-Football Manager 2011 - c:\program files\Sports Interactive\Football Manager 2011\Uninstall_Football Manager 2011\Uninstall Football Manager 2011.exe
AddRemove-InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C} - c:\progra~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4} - c:\program files\InstallShield Installation Information\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}\setup.exe
AddRemove-InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D} - c:\progra~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735} - c:\progra~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
AddRemove-OpenMG HotFix4.7-07-13-22-01 - c:\program files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-{145DE957-0679-4A2A-BB5C-1D3E9808FAB2} - c:\program files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe
AddRemove-{17283B95-21A8-4996-97DA-547A48DB266F} - c:\program files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe
AddRemove-{F4F41D14-E0DD-4FB4-AA09-A14225C769BD} - c:\program files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 15:31
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="B74DEA1AC64F02D3803AAB16F143D5B12811680BCCEA1358378798BAFD85D940379E68A680A95EF48A944D3924BDEE871A747980DC89450D45A31479E4D23037348D45E72A908370E758144415A25E95A6AB17B49225BF313608E715F74CEAD0DFA97719B1D51B6ACB05A56A47850BC9A948B171A5B1449929747414C666496C3E836B179C9083E7C19B1904D33D8F7552DC2EA96568CB00112F09A0F35A3F4CA930FEE58099CCD62724F90EE6E4B9CAA200E5F1B04301823800ED863525F516CC4A85AD09103D84AD28C8A5BF5B8DE3F1CF26837D84C321B7B3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6171C11EC38DE3D8EDD5E5BE2F6E66716A4A34FA0122692E4403228A39551DAF02EFACB23938D01F86F3851131BF073AD09AA893FFBE3F3577CABD067075C6859D589EC1B5E6849F8413D79F6DA82117F37E56CA07FBCC6203B9D9C2277B794B92196E58B2D6D6C63E78ED666EAC4BCC2A80D6C7C0C823FC10C74626B4277C30457631487E4141F340764E414D6342125F8ECC543F655143824333F8FA2835E9D68C711594AA89DE1E588E0658DA3E5C567E67817782D02EDDB6D938C3C9750E165ABC07C86CEA251EEDB4D7362B7B938576C45CD2CD448C5B04D029693C18C9C048D46A22AF7F2DDB050EF8C0EEA51845288357394EA2A144410739590E884139E028B2FA6EE51575DEDD3B0A989622883D6144513E270215907952503C13477B2AD3EBAD15088804D4E47963638A691BA06EFB6F102E4AB5A1755141B5995F6E1CA4F92678CE6907BA3DAA817E9DC26EBDB9B6C5EE4D86353396A67ED10AAAD72A7F2B685E83DB005AEE40213E94A3DAFB0ADC266781FED77FAC955F599F7AE4E27245BADFC61822EC781F556D5B122407003C801008F63987E32C88F7C0600843F9DE84737AD985E5A8D8AEE9F61157E9BBA3E839386D1B1F72262FC95611BC479E27D1DD6FDF720E5AAF6D10C25CBEE45B69CAD1D623ADEB1DEF5E2941AEEE5F438E75BF0361EA07C40AA56B5D06C38189E8D1E5A86916087EF0ACBFC475BE2E4262E166E3AF835C6F746B50B3B13A6CD5D6E59DF5C401DEBA0DBA326FEB8D78D7986430D74EA53FE3FA012CCBFD1AB3723D247934FA31CE483D73CBDDDD088C9C5DF3E5C53CB9575C8C16D10BA2A59BAE101B5304E0D0B0969A4CC418660D8095D5AC3C1C666BC8C0B67AFC0119567CE51F3D344CB41BA086E196B859B1A544CDBC8F77545FAAABA4004A39A2800337FEC58B6B2427920A26BBE98324824A8AB9B35DF85C9BA650E65BBF8316BC83C6DF29457B32BE1D32D815734C2B51927CEC0DCE6D14FCC19233E6943E8C844A5CDE7BA9050869C1312955603081706C5F4AEADDA"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Heure de fin: 2011-04-01 15:34:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-04-01 14:34
.
Avant-CF: 46 774 132 736 octets libres
Après-CF: 46 830 247 936 octets libres
.
- - End Of File - - 10372E89FA3160C22F04AF3FEFB799CA
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
Retente TDSSKiller
Messages postés
72
Date d'inscription
vendredi 1 avril 2011
Statut
Membre
Dernière intervention
5 novembre 2014
1
cool là il a bien voulu marcher !

le rapport de TDSSKiller :

2011/04/01 16:27:09.0468 3660 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/01 16:27:09.0500 3660 ================================================================================
2011/04/01 16:27:09.0500 3660 SystemInfo:
2011/04/01 16:27:09.0500 3660
2011/04/01 16:27:09.0500 3660 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/01 16:27:09.0500 3660 Product type: Workstation
2011/04/01 16:27:09.0500 3660 ComputerName: SAMSUNG
2011/04/01 16:27:09.0500 3660 UserName: Tony Bazin
2011/04/01 16:27:09.0500 3660 Windows directory: C:\WINDOWS
2011/04/01 16:27:09.0500 3660 System windows directory: C:\WINDOWS
2011/04/01 16:27:09.0500 3660 Processor architecture: Intel x86
2011/04/01 16:27:09.0500 3660 Number of processors: 2
2011/04/01 16:27:09.0500 3660 Page size: 0x1000
2011/04/01 16:27:09.0500 3660 Boot type: Normal boot
2011/04/01 16:27:09.0500 3660 ================================================================================
2011/04/01 16:27:09.0843 3660 Initialize success
2011/04/01 16:27:56.0140 3908 ================================================================================
2011/04/01 16:27:56.0140 3908 Scan started
2011/04/01 16:27:56.0140 3908 Mode: Manual;
2011/04/01 16:27:56.0140 3908 ================================================================================
2011/04/01 16:27:56.0625 3908 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/01 16:27:56.0718 3908 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/01 16:27:56.0765 3908 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/01 16:27:56.0843 3908 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/01 16:27:56.0906 3908 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/01 16:27:57.0187 3908 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/04/01 16:27:57.0328 3908 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/04/01 16:27:57.0343 3908 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/01 16:27:57.0390 3908 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/01 16:27:57.0437 3908 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/04/01 16:27:57.0468 3908 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/04/01 16:27:57.0500 3908 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/01 16:27:57.0546 3908 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/01 16:27:57.0609 3908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/01 16:27:57.0671 3908 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/01 16:27:57.0734 3908 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/01 16:27:57.0796 3908 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/01 16:27:57.0968 3908 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/01 16:27:58.0000 3908 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/01 16:27:58.0062 3908 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/01 16:27:58.0093 3908 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/01 16:27:58.0140 3908 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/01 16:27:58.0234 3908 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/01 16:27:58.0281 3908 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/01 16:27:58.0421 3908 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/01 16:27:58.0500 3908 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/01 16:27:58.0562 3908 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/01 16:27:58.0609 3908 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/01 16:27:58.0656 3908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/01 16:27:58.0703 3908 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys
2011/04/01 16:27:58.0750 3908 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
2011/04/01 16:27:58.0812 3908 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/01 16:27:58.0953 3908 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/01 16:27:58.0984 3908 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/01 16:27:59.0031 3908 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/01 16:27:59.0078 3908 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/01 16:27:59.0125 3908 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/01 16:27:59.0171 3908 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/01 16:27:59.0218 3908 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/01 16:27:59.0250 3908 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/01 16:27:59.0296 3908 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/01 16:27:59.0359 3908 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/01 16:27:59.0453 3908 hspabus (54bfa8f9e08aaeaa0d1d19a704bf7aaf) C:\WINDOWS\system32\DRIVERS\hspabus.sys
2011/04/01 16:27:59.0484 3908 hspamdfl (b7c4e2ee7bc688c13a8d47f59f59b23c) C:\WINDOWS\system32\DRIVERS\hspamdfl.sys
2011/04/01 16:27:59.0515 3908 hspamdm (7ff9f5651e776386dd719fef4bf3038c) C:\WINDOWS\system32\DRIVERS\hspamdm.sys
2011/04/01 16:27:59.0546 3908 hspaserd (5d6b358d35f36f1b941f6c08eb9c3472) C:\WINDOWS\system32\DRIVERS\hspaserd.sys
2011/04/01 16:27:59.0609 3908 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/01 16:27:59.0703 3908 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/01 16:27:59.0890 3908 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/01 16:28:00.0109 3908 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/01 16:28:00.0343 3908 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/01 16:28:00.0468 3908 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/01 16:28:00.0500 3908 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/01 16:28:00.0531 3908 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/01 16:28:00.0546 3908 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/01 16:28:00.0593 3908 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/01 16:28:00.0625 3908 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/01 16:28:00.0671 3908 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/01 16:28:00.0718 3908 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/01 16:28:00.0765 3908 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/01 16:28:00.0796 3908 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/01 16:28:00.0843 3908 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/01 16:28:00.0937 3908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/01 16:28:01.0000 3908 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/01 16:28:01.0015 3908 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/01 16:28:01.0062 3908 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/01 16:28:01.0078 3908 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/01 16:28:01.0140 3908 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/01 16:28:01.0203 3908 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/01 16:28:01.0281 3908 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/01 16:28:01.0312 3908 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/01 16:28:01.0343 3908 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/01 16:28:01.0375 3908 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/01 16:28:01.0406 3908 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/01 16:28:01.0453 3908 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/01 16:28:01.0468 3908 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/01 16:28:01.0515 3908 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/01 16:28:01.0593 3908 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/01 16:28:01.0625 3908 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/01 16:28:01.0671 3908 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/01 16:28:01.0687 3908 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/01 16:28:01.0718 3908 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/01 16:28:01.0750 3908 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/01 16:28:01.0781 3908 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/01 16:28:01.0828 3908 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/01 16:28:01.0890 3908 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/01 16:28:01.0937 3908 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/01 16:28:02.0015 3908 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/01 16:28:02.0046 3908 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/01 16:28:02.0062 3908 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/01 16:28:02.0140 3908 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/01 16:28:02.0187 3908 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/01 16:28:02.0218 3908 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/01 16:28:02.0250 3908 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/01 16:28:02.0296 3908 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/01 16:28:02.0359 3908 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/01 16:28:02.0578 3908 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/01 16:28:02.0609 3908 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/01 16:28:02.0640 3908 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/01 16:28:02.0687 3908 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/01 16:28:02.0828 3908 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/01 16:28:02.0859 3908 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/01 16:28:02.0906 3908 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/01 16:28:02.0921 3908 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/01 16:28:02.0968 3908 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/01 16:28:03.0031 3908 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/01 16:28:03.0078 3908 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/01 16:28:03.0140 3908 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/01 16:28:03.0234 3908 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/01 16:28:03.0281 3908 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/01 16:28:03.0328 3908 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/01 16:28:03.0421 3908 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/01 16:28:03.0484 3908 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/01 16:28:03.0578 3908 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/01 16:28:03.0656 3908 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/01 16:28:03.0656 3908 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/01 16:28:03.0671 3908 sptd - detected Locked file (1)
2011/04/01 16:28:03.0718 3908 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/01 16:28:03.0765 3908 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/01 16:28:03.0828 3908 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/01 16:28:03.0890 3908 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
2011/04/01 16:28:03.0937 3908 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/01 16:28:03.0968 3908 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/01 16:28:04.0140 3908 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/01 16:28:04.0203 3908 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/01 16:28:04.0296 3908 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/01 16:28:04.0343 3908 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/01 16:28:04.0375 3908 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/01 16:28:04.0421 3908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/01 16:28:04.0531 3908 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/01 16:28:04.0625 3908 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/01 16:28:04.0687 3908 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/01 16:28:04.0734 3908 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/01 16:28:04.0781 3908 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/01 16:28:04.0843 3908 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/01 16:28:04.0906 3908 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/01 16:28:04.0937 3908 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/01 16:28:05.0000 3908 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/01 16:28:05.0062 3908 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/01 16:28:05.0140 3908 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys
2011/04/01 16:28:05.0250 3908 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/01 16:28:05.0359 3908 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/01 16:28:05.0437 3908 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/01 16:28:05.0593 3908 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/01 16:28:05.0656 3908 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/04/01 16:28:06.0046 3908 ================================================================================
2011/04/01 16:28:06.0046 3908 Scan finished
2011/04/01 16:28:06.0046 3908 ================================================================================
2011/04/01 16:28:06.0062 3888 Detected object count: 1
2011/04/01 16:28:21.0171 3888 Locked file(sptd) - User select action: Skip
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
ça avance

Télécharger sur le bureau Malwarebyte's Anti-Malware

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Ne pas décocher "Faire la mise à jour"
= si la mise à jour a échoué, la faire après execution du logiciel => onglet "Mise à jour"
= Quand le programme lancé ==> cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan ( 1h environ), si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse
j'ai déjà une très bonne nouvelle pour moi j'ai de nouveau accès à internet depuis mon pc !! donc un grand merci à toi !! c'est vraiment génial !!

Malwarebytes vient de finir voici son rapport :


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6239

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

01/04/2011 19:23:00
mbam-log-2011-04-01 (19-23-00).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 200173
Temps écoulé: 23 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
oui, combofix à fait du ménage.
Refait un ZHPDiag et dit moi si tu as encore des soucis
desole de rep que maintenant mais je travaille le WE

j'ai pu lancer WHPDiag et voici son rapport :
http://www.cijoint.fr/cjlink.php?file=cj201104/cijekvrHi0.txt

malheureusement oui j'ai tjs des pbs, je ne peut plus de nouveau acceder a internet mozilla m'envoie un rapport de plantage !

sinon par quand je fais démarrer accesoires-outils systeme si je clique sur restauration systeme j'ai un message qui me dit :

C:\WINDOWS\system32\Restore\rstrui.exe
Windows ne parvient pas à acceder au peripherique, au chemin d'acces ou au fichier specifie. Vous ne disposew peut etre pas des autorisations appropriees pour avoir acces à l'element.

j'ai le meme probleme avec le controle du volume, la calculatrice ou paint etc ...

merci
tony
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
Télécharger sur le bureau
Gmer
= Clic sur ==> GMER Application: Gmer.zip
= Clic-droit sur l'archive Gmer
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= Double-clic sur Gmer qui vient de se créer
= Une fenêtre s'ouvre, clic Scan
Patienter jusqu'à la fin du scan
= Clic Save
= Choisir => bureau => nommer : rapport
voici le lien du rapport gmer :

http://www.cijoint.fr/cjlink.php?file=cj201104/cijlG1TEXi.rtf

merci
Tony
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
Tu veux pas le mettre au format txt pluôt?
si bien sûr !


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-03 21:03:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\DOCUME~1\TONYBA~1\LOCALS~1\Temp\pxddypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9F959CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9FEAA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9FB5AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9F97EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9F97F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9F9801A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9FB54A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9F97E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9F97F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9F97E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9F97FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9F959EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9FB61BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9FB6471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9F9829E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9FB6026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9FB5E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9FEAB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9F957B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9F95A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9F98412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9F964AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9F97EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9F97F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9F98044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9FB5805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9F97E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9F980D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9F97F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9F97E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9F981BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9F97FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9FEABB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9FB5D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9F96370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9FB5B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9FF2E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9FB4B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9F95A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9F95A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9F95812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9F9594E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9FB62C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9F9592A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9F95972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9F95A7E]

INT 0x62 ? 863D7BF8
INT 0x63 ? 861FBBF8
INT 0x73 ? 861FBBF8
INT 0x94 ? 861FBBF8
INT 0xB4 ? 861FBBF8

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL A9F96E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? speg.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F6BCE8AC 5 Bytes JMP 861FB1D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000D006C
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0030006C
? C:\WINDOWS\System32\smss.exe[508] time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[560] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\csrss.exe[560] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
? C:\WINDOWS\system32\winlogon.exe[584] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\services.exe[628] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\svchost.exe[804] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\svchost.exe[852] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\System32\svchost.exe[932] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpOpenRequestA 77AB2B11 5 Bytes JMP 2004EB92
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetCloseHandle 77AB4DA4 5 Bytes JMP 2004E132
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetOpenUrlA 77AB5A72 5 Bytes JMP 2004EBEC
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestA 77AB60B9 5 Bytes JMP 2004E09E
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFile 77AB8302 5 Bytes JMP 2004EAD7
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestExW 77ABEA11 5 Bytes JMP 2004E012
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpOpenRequestW 77ABF45A 5 Bytes JMP 2004EBBF
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 2004EC13
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetQueryDataAvailable 77AC8A77 5 Bytes JMP 2004E7B8
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFileExW 77AE8679 5 Bytes JMP 2004E9BC
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetWriteFile 77AE8E39 5 Bytes JMP 2004E105
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFileExA 77AE9380 2 Bytes JMP 2004E915
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFileExA + 3 77AE9383 2 Bytes [56, A8]
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestW 77B03254 5 Bytes JMP 2004E0D3
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestExA 77B03359 5 Bytes JMP 2004E058
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0019006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2001D423
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2001D74D
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2001DA66
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!send 719F4C27 5 Bytes JMP 2001D3D5
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2001D8AA
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!recv 719F676F 5 Bytes JMP 2001D6DE
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2001D7C2
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2001D985
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2001D833
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003D01D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003D00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003D0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003D015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003D0198
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003D0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003D006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003D00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E006C
? C:\WINDOWS\system32\svchost.exe[1000] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\svchost.exe[1064] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1256] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
? C:\WINDOWS\system32\svchost.exe[1352] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000D006C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000C006C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0031006C
? C:\WINDOWS\Explorer.EXE[1504] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0198
.text C:\WINDOWS\Explorer.E
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
il manque un bout, heberge le, mais dans un .txt (bloc note)
j'avoue que je comprend pas ce que tu dit par heberge le, donc j'ai refait un copié collé ! dsl !
Tony

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-03 21:03:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\DOCUME~1\TONYBA~1\LOCALS~1\Temp\pxddypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9F959CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9FEAA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9FB5AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9F97EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9F97F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9F9801A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9FB54A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9F97E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9F97F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9F97E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9F97FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9F959EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9FB61BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9FB6471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9F9829E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9FB6026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9FB5E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9FEAB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9F957B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9F95A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9F98412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9F964AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9F97EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9F97F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9F98044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9FB5805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9F97E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9F980D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9F97F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9F97E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9F981BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9F97FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9FEABB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9FB5D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9F96370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9FB5B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9FF2E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9FB4B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9F95A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9F95A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9F95812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9F9594E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9FB62C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9F9592A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9F95972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9F95A7E]

INT 0x62 ? 863D7BF8
INT 0x63 ? 861FBBF8
INT 0x73 ? 861FBBF8
INT 0x94 ? 861FBBF8
INT 0xB4 ? 861FBBF8

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL A9F96E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? speg.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F6BCE8AC 5 Bytes JMP 861FB1D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\spoolsv.exe[440] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000D006C
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\spoolsv.exe[440] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\spoolsv.exe[440] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0030006C
? C:\WINDOWS\System32\smss.exe[508] time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[560] time/date stamp mismatch; unknown module: CSRSRV.dll
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\csrss.exe[560] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\csrss.exe[560] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
? C:\WINDOWS\system32\winlogon.exe[584] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\winlogon.exe[584] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[584] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\winlogon.exe[584] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\services.exe[628] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\services.exe[628] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\svchost.exe[804] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[804] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\svchost.exe[852] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[852] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\System32\svchost.exe[932] time/date stamp mismatch;
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\System32\svchost.exe[932] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpOpenRequestA 77AB2B11 5 Bytes JMP 2004EB92
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetCloseHandle 77AB4DA4 5 Bytes JMP 2004E132
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetOpenUrlA 77AB5A72 5 Bytes JMP 2004EBEC
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestA 77AB60B9 5 Bytes JMP 2004E09E
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFile 77AB8302 5 Bytes JMP 2004EAD7
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestExW 77ABEA11 5 Bytes JMP 2004E012
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpOpenRequestW 77ABF45A 5 Bytes JMP 2004EBBF
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 2004EC13
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetQueryDataAvailable 77AC8A77 5 Bytes JMP 2004E7B8
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFileExW 77AE8679 5 Bytes JMP 2004E9BC
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetWriteFile 77AE8E39 5 Bytes JMP 2004E105
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFileExA 77AE9380 2 Bytes JMP 2004E915
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!InternetReadFileExA + 3 77AE9383 2 Bytes [56, A8]
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestW 77B03254 5 Bytes JMP 2004E0D3
.text C:\WINDOWS\System32\svchost.exe[932] WININET.dll!HttpSendRequestExA 77B03359 5 Bytes JMP 2004E058
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0019006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2001D423
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2001D74D
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2001DA66
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!send 719F4C27 5 Bytes JMP 2001D3D5
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2001D8AA
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!recv 719F676F 5 Bytes JMP 2001D6DE
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2001D7C2
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2001D985
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2001D833
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003D01D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003D00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003D0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003D015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003D0198
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003D0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003D006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003D00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E006C
? C:\WINDOWS\system32\svchost.exe[1000] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
? C:\WINDOWS\system32\svchost.exe[1064] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2004C9AD
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!sendto 719F2F51 5 Bytes JMP 2004D423
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!recvfrom 719F2FF7 5 Bytes JMP 2004D74D
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 2004DA66
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!send 719F4C27 5 Bytes JMP 2004D3D5
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 2004D8AA
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!recv 719F676F 5 Bytes JMP 2004D6DE
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 2004D7C2
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSARecvFrom 719FF66A 5 Bytes JMP 2004D985
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!WSASendTo 71A00AAD 5 Bytes JMP 2004D833
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1256] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
? C:\WINDOWS\system32\svchost.exe[1352] time/date stamp mismatch;
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000D006C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2001FF3F
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20017A40
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2001FDBB
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000C006C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\wdfmgr.exe[1440] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!TranslateMessage 7E398BF6 5 Bytes JMP 2001C9AD
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\wdfmgr.exe[1440] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0031006C
? C:\WINDOWS\Explorer.EXE[1504] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: BROWSEUI.dllunknown module: OLEAUT32.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!NtQueryDirectoryFile 7C91D76E 5 Bytes JMP 2004FF3F
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!NtResumeThread 7C91DB3E 5 Bytes JMP 20047A40
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 2004FDBB
.text C:\WINDOWS\Explorer.EXE[1504] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0120
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C015C
.text C:\WINDOWS\Explorer.EXE[1504] ADVAPI32.dll!ChangeServiceConfig2W
ok ca va pas en fait !!
j'ai tapé sur internet héberger un fichier et je suis tomber sur trokus !
voici le lien !

http://www.trokus.fr/files/get/92o7hwLjy5/rapport.log

merci Tony
Messages postés
7493
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 décembre 2020
564
ya trop de pubs, le flemme d'attendre
mets le ici plutôt : http://pjjoint.malekal.com/