Cheval de troie

Résolu/Fermé
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014 - 5 avril 2011 à 16:50
 Utilisateur anonyme - 14 avril 2011 à 16:23
Bonjour,

Aprés l'analyse de mon Pc avec mon anti-virus (AVG internet security) il me detecte un cheval de troie dans 3 fichiers qu'il ne peut pas supprimer car objets inaccéssibles.

Cheval de toie: Agent_r.XJ dans fichiers:
- C:\ windows\system32\svchost.exe (1980):\memory_001a0000
- C:\ windows\system32\wuauclt.exe (2952):\memory_002c0000
- C:\ windows\explorer.exe (1360):\memory_001a0000

J'espere avoir fourni assez de renseignements, merci par avance pour votre aide.


A voir également:

77 réponses

lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
7 avril 2011 à 14:26
ComboFix 11-04-06.02 - Foot 07/04/2011 14:07:38.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.518 [GMT 2:00]
Lancé depuis: c:\documents and settings\Foot\Bureau\laurent.exe
Commutateurs utilisés :: c:\documents and settings\Foot\Bureau\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\1st_Quarantine_L_K
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCall.dll
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla.dll
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla17.dll
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla18.exe
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla19.dll
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla2.dll
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla20.dll
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.dll
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.exe
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseData.ini
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SJYPKT
-------\Service_SjyPkt
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-07 au 2011-04-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-07 04:40 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-07 04:39 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-07 04:39 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-07 04:39 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-07 04:39 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-07 04:39 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-07 04:39 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-07 04:39 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-07 04:39 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-07 04:39 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-07 04:39 . 2011-04-07 04:39 -------- d-----w- c:\program files\AVAST Software
2011-04-07 04:39 . 2011-04-07 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-06 11:42 . 2011-04-06 11:42 -------- d-----w- c:\program files\Ad-Remover
2011-04-04 19:17 . 2011-04-04 19:17 -------- d-----w- C:\$AVG
2011-04-04 18:39 . 2011-04-04 18:39 -------- d-----w- c:\documents and settings\Foot\Application Data\AVG10
2011-04-04 18:38 . 2011-04-04 18:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-04-04 18:34 . 2011-04-07 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-04 18:32 . 2011-04-04 18:32 -------- d-----w- c:\program files\AVG
2011-04-04 18:24 . 2011-04-04 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-04 17:53 . 2010-11-23 15:25 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-04-04 17:53 . 2010-11-23 15:21 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-04 17:52 . 2011-04-04 17:52 -------- d-----w- c:\documents and settings\Foot\Application Data\TuneUp Software
2011-04-04 17:52 . 2011-04-04 17:53 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-04-04 17:52 . 2011-04-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-04-04 17:35 . 2011-04-04 17:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-04 17:03 . 2011-04-04 17:03 -------- d-----w- c:\program files\Enigma Software Group
2011-04-04 16:38 . 2011-04-04 16:38 -------- d-----w- c:\documents and settings\andrea et lorenzo\Local Settings\Application Data\KalityWeb
2011-04-04 02:21 . 2011-04-04 02:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-02 08:44 . 2011-04-02 08:44 -------- d-----w- c:\documents and settings\NetworkService\Bureau
2011-04-01 13:32 . 2011-04-01 13:32 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-03-31 19:08 . 2011-03-31 19:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-31 15:59 . 2011-03-31 15:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 17:09 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 17:09 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 13:04 . 2011-03-23 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-03-18 14:34 . 2011-03-18 14:34 -------- d-----w- c:\program files\Winamax Poker
2011-03-17 17:05 . 2011-03-17 17:06 -------- d-----w- c:\documents and settings\Foot\Local Settings\Application Data\FullTiltPoker.fr
2011-03-17 17:04 . 2011-03-18 20:00 -------- d-----w- c:\program files\Full Tilt Poker.Fr
2011-03-16 22:22 . 2011-03-16 22:22 -------- d-----w- c:\program files\WebAdSystem
2011-03-16 22:22 . 2011-03-16 22:22 -------- d-----w- c:\documents and settings\Foot\Local Settings\Application Data\KalityWeb
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-10 20:47 . 2011-03-10 20:55 -------- d-----w- c:\windows\system32\NtmsData
2011-03-10 11:44 . 2011-03-10 11:44 -------- d-----w- c:\program files\iPod
2011-03-10 11:44 . 2011-03-10 11:45 -------- d-----w- c:\program files\iTunes
2011-03-10 11:31 . 2011-03-10 11:31 -------- d-----w- c:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2009-11-20 16:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2009-11-20 16:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:54 . 2004-08-05 05:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2004-08-05 05:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:59 . 2004-08-05 05:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-05 05:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-05 05:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-05 05:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC8FCB46-9F27-476E-B26A-93989316D2FB}]
2011-03-13 21:40 90624 ----a-w- c:\program files\WebAdSystem\BrowserExtensions\internetexplorer\WebAdSystemBho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-21 1192336]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-21 1966128]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Seagate\Schedule2\schedhlp.exe" [2007-08-20 148760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-27 137752]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"CTCheck"="c:\program files\ComPlus Applications\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
"WebAdSystem"=c:\program files\WebAdSystem\WebAdSystem.exe
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/04/2011 06:39 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/04/2011 06:39 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2011 06:40 19544]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23/11/2010 17:23 1483072]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/10/2009 15:39 194304]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [19/11/2009 23:19 13532]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 12:34 10064]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2010 19:58 136176]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ASWSNX
*NewlyCreated* - SJYPKT
*Deregistered* - uphcleanhlp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 17:58]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 17:58]
.
2011-04-07 c:\windows\Tasks\User_Feed_Synchronization-{23D50707-F413-4485-BDF2-A648EBA7D2B0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: everestpoker.com
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
TCP: {CA495168-0DDD-444B-938F-B1585933031D} = 192.168.1.1
TCP: {CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7} = 194.2.0.20,194.2.0.50
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100811034846
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://www.bobtv.fr/download/v2/cfweb_www.bobtv.fr-download-v2_instmodule.exe
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h-€|ÿÿÿÿ¤*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1460)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2504)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\KMPJLMN.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2011-04-07 14:24:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-04-07 12:24
ComboFix2.txt 2011-04-07 04:34
.
Avant-CF: 26 961 068 032 octets libres
Après-CF: 27 001 933 824 octets libres
.
- - End Of File - - F10B7ADE7E1AE892EA107C86C42CD7B2
0
Utilisateur anonyme
7 avril 2011 à 14:49

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------


Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

Rootkit::
c:\windows\system32\drivers\SjyPkt.sys

Driver::
SJYPKT
uphcleanhlp

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
7 avril 2011 à 15:47
ComboFix 11-04-06.02 - Foot 07/04/2011 15:25:46.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.476 [GMT 2:00]
Lancé depuis: c:\documents and settings\Foot\Bureau\laurent.exe
Commutateurs utilisés :: c:\documents and settings\Foot\Bureau\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SJYPKT
-------\Legacy_UPHCLEANHLP
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-07 au 2011-04-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-07 04:40 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-07 04:39 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-07 04:39 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-07 04:39 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-07 04:39 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-07 04:39 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-07 04:39 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-07 04:39 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-07 04:39 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-07 04:39 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-07 04:39 . 2011-04-07 04:39 -------- d-----w- c:\program files\AVAST Software
2011-04-07 04:39 . 2011-04-07 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-06 11:42 . 2011-04-06 11:42 -------- d-----w- c:\program files\Ad-Remover
2011-04-04 19:17 . 2011-04-04 19:17 -------- d-----w- C:\$AVG
2011-04-04 18:39 . 2011-04-04 18:39 -------- d-----w- c:\documents and settings\Foot\Application Data\AVG10
2011-04-04 18:38 . 2011-04-04 18:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-04-04 18:34 . 2011-04-07 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-04 18:32 . 2011-04-04 18:32 -------- d-----w- c:\program files\AVG
2011-04-04 18:24 . 2011-04-04 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-04 17:53 . 2010-11-23 15:25 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-04-04 17:53 . 2010-11-23 15:21 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-04 17:52 . 2011-04-04 17:52 -------- d-----w- c:\documents and settings\Foot\Application Data\TuneUp Software
2011-04-04 17:52 . 2011-04-04 17:53 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-04-04 17:52 . 2011-04-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-04-04 17:35 . 2011-04-04 17:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-04 17:03 . 2011-04-04 17:03 -------- d-----w- c:\program files\Enigma Software Group
2011-04-04 16:38 . 2011-04-04 16:38 -------- d-----w- c:\documents and settings\andrea et lorenzo\Local Settings\Application Data\KalityWeb
2011-04-04 02:21 . 2011-04-04 02:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-02 08:44 . 2011-04-02 08:44 -------- d-----w- c:\documents and settings\NetworkService\Bureau
2011-04-01 13:32 . 2011-04-01 13:32 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-03-31 19:08 . 2011-03-31 19:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-31 15:59 . 2011-03-31 15:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 17:09 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 17:09 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 13:04 . 2011-03-23 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-03-18 14:34 . 2011-03-18 14:34 -------- d-----w- c:\program files\Winamax Poker
2011-03-17 17:05 . 2011-03-17 17:06 -------- d-----w- c:\documents and settings\Foot\Local Settings\Application Data\FullTiltPoker.fr
2011-03-17 17:04 . 2011-03-18 20:00 -------- d-----w- c:\program files\Full Tilt Poker.Fr
2011-03-16 22:22 . 2011-03-16 22:22 -------- d-----w- c:\program files\WebAdSystem
2011-03-16 22:22 . 2011-03-16 22:22 -------- d-----w- c:\documents and settings\Foot\Local Settings\Application Data\KalityWeb
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-10 20:47 . 2011-03-10 20:55 -------- d-----w- c:\windows\system32\NtmsData
2011-03-10 11:44 . 2011-03-10 11:44 -------- d-----w- c:\program files\iPod
2011-03-10 11:44 . 2011-03-10 11:45 -------- d-----w- c:\program files\iTunes
2011-03-10 11:31 . 2011-03-10 11:31 -------- d-----w- c:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2009-11-20 16:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2009-11-20 16:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:54 . 2004-08-05 05:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2004-08-05 05:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:59 . 2004-08-05 05:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-05 05:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-05 05:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-05 05:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC8FCB46-9F27-476E-B26A-93989316D2FB}]
2011-03-13 21:40 90624 ----a-w- c:\program files\WebAdSystem\BrowserExtensions\internetexplorer\WebAdSystemBho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-21 1192336]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-21 1966128]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Seagate\Schedule2\schedhlp.exe" [2007-08-20 148760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-27 137752]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"CTCheck"="c:\program files\ComPlus Applications\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2009-11-19 737280]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
"WebAdSystem"=c:\program files\WebAdSystem\WebAdSystem.exe
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/04/2011 06:39 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/04/2011 06:39 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2011 06:40 19544]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23/11/2010 17:23 1483072]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/10/2009 15:39 194304]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [19/11/2009 23:19 13532]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 12:34 10064]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2010 19:58 136176]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SJYPKT
*NewlyCreated* - UPHCLEANHLP
*Deregistered* - uphcleanhlp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 17:58]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 17:58]
.
2011-04-07 c:\windows\Tasks\User_Feed_Synchronization-{23D50707-F413-4485-BDF2-A648EBA7D2B0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: everestpoker.com
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
TCP: {CA495168-0DDD-444B-938F-B1585933031D} = 192.168.1.1
TCP: {CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7} = 194.2.0.20,194.2.0.50
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100811034846
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://www.bobtv.fr/download/v2/cfweb_www.bobtv.fr-download-v2_instmodule.exe
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 15:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h-€|ÿÿÿÿ¤*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1448)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6736)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\KMPJLMN.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2011-04-07 15:45:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-04-07 13:45
ComboFix2.txt 2011-04-07 12:24
ComboFix3.txt 2011-04-07 04:34
.
Avant-CF: 27 006 611 456 octets libres
Après-CF: 26 931 900 416 octets libres
.
- - End Of File - - 3C2750AAAAB975B712DBB2F20B2B20EE
0
Utilisateur anonyme
7 avril 2011 à 17:58
Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :

c:\program files\WebAdSystem\BrowserExtensions\internetexplorer\WebAdSystemBho.dll

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
7 avril 2011 à 18:04
http://www.virustotal.com/file-scan/report.html?id=a8519bd0bbf4f232a43d2e258ea2bd6a1d1ba2a644027d4f81cd66ab968c0ea3-1302192180
0
Utilisateur anonyme
7 avril 2011 à 18:58
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

Desactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."

▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
8 avril 2011 à 13:20
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-08 13:19:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10 WDC_WD800JD-22MSA1 rev.10.01E01
Running: gmer (3).exe; Driver: C:\DOCUME~1\Foot\LOCALS~1\Temp\uwtyrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9FE29CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA037A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA002AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9FE4EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9FE4F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9FE501A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA0024A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9FE4E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9FE4F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9FE4E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9FE4FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9FE29EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA0031BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA003471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9FE529E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA003026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA002E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA037B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9FE27B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9FE2A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9FE5412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9FE34AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9FE4EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9FE4F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9FE5044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA002805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9FE4E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9FE50D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9FE4F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9FE4E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9FE51BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9FE4FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA037BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA002D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9FE3370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA002B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA03FE26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA001B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9FE2A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9FE2A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9FE2812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9FE294E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA0032C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9FE292A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9FE2972]
SSDT \??\C:\windows\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA94DB6D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9FE2A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA04C8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A9FE3E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP AA04829E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP AA049D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP AA04C8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\windows\system32\Drivers\uphcleanhlp.sys Le fichier spécifié est introuvable. !
? C:\laurent\catchme.sys Le chemin d'accès spécifié est introuvable. !
? C:\windows\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A00A8
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A0030
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[208] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A006C
.text C:\windows\system32\svchost.exe[288] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[288] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[288] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[288] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\windows\system32\svchost.exe[288] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\windows\system32\svchost.exe[288] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\windows\system32\svchost.exe[288] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\windows\system32\svchost.exe[288] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\windows\system32\svchost.exe[312] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[312] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[312] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[312] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\windows\system32\svchost.exe[312] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\windows\system32\svchost.exe[312] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\windows\system32\svchost.exe[312] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\windows\system32\svchost.exe[312] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 006D00E4
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 006D0120
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 006D00A8
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 006D0030
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 006D006C
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 006E01D4
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 006E00E4
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 006E0120
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 006E015C
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 006E0198
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 006E0030
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 006E006C
.text C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe[392] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 006E00A8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[452] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\windows\system32\CTsvcCDA.exe[472] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text C:\windows\system32\CTsvcCDA.exe[472] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text C:\windows\system32\CTsvcCDA.exe[472] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003800E4
.text C:\windows\system32\CTsvcCDA.exe[472] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00380120
.text C:\windows\system32\CTsvcCDA.exe[472] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003800A8
.text C:\windows\system32\CTsvcCDA.exe[472] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00380030
.text C:\windows\system32\CTsvcCDA.exe[472] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0038006C
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\windows\system32\CTsvcCDA.exe[472] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A00A8
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A0030
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A006C
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003B01D4
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003B00E4
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003B0120
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003B015C
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003B0198
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003B0030
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003B006C
.text C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[504] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003B00A8
.text C:\windows\System32\svchost.exe[520] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\windows\System32\svchost.exe[520] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\windows\System32\svchost.exe[520] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\windows\System32\svchost.exe[520] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\windows\System32\svchost.exe[520] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\windows\System32\svchost.exe[520] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\windows\System32\svchost.exe[520] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\windows\System32\svchost.exe[520] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\windows\system32\svchost.exe[552] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\windows\system32\svchost.exe[552] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\windows\system32\svchost.exe[552] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\windows\system32\svchost.exe[552] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\windows\system32\svchost.exe[552] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\windows\system32\svchost.exe[552] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\windows\system32\svchost.exe[552] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\windows\system32\svchost.exe[552] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\Program Files\UPHClean\uphclean.exe[632] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text C:\Program Files\UPHClean\uphclean.exe[632] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 005A00E4
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 005A0120
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 005A00A8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 005A0030
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 005A006C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 005B01D4
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 005B00E4
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 005B0120
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 005B015C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 005B0198
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 005B0030
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 005B006C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[732] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 005B00A8
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 006E01D4
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 006E00E4
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 006E0120
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 006E015C
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 006E0198
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 006E0030
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 006E006C
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 006E00A8
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 006F00E4
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 006F0120
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 006F00A8
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 006F0030
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[952] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 006F006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[964] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A006C
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00140030
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0014006C
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003801D4
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003800E4
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380120
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0038015C
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380198
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00380030
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0038006C
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003800A8
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003900E4
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390120
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003900A8
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00390030
.text c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe[1044] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0039006C
.text C:\windows\system32\spoolsv.exe[1256] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\windows\system32\spoolsv.exe[1256] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\windows\system32\spoolsv.exe[1256] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\windows\system32\spoolsv.exe[1256] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\windows\system32\spoolsv.exe[1256] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\windows\system32\spoolsv.exe[1256] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\windows\system32\spoolsv.exe[1256] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\windows\system32\spoolsv.exe[1256] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00150030
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0015006C
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 003901D4
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003900E4
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390120
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 0039015C
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390198
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00390030
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0039006C
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003900A8
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A00A8
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A0030
.text C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe[1328] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A006C
.text C:\windows\system32\winlogon.exe[1448] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00070030
.text C:\windows\system32\winlogon.exe[1448] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0007006C
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\windows\system32\winlogon.exe[1448] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\windows\system32\winlogon.exe[1448] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\windows\system32\winlogon.exe[1448] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\windows\system32\winlogon.exe[1448] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\windows\system32\winlogon.exe[1448] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\windows\system32\winlogon.exe[1448] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\windows\system32\services.exe[1512] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\windows\system32\services.exe[1512] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0198
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B0030
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B006C
.text C:\windows\system32\services.exe[1512] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B00A8
.text C:\windows\system32\services.exe[1512] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C00E4
.text C:\windows\system32\services.exe[1512] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0120
.text C:\windows\system32\services.exe[1512] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C00A8
.text C:\windows\system32\services.exe[1512] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C0030
.text C:\windows\system32\services.exe[1512] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C006C
.text C:\windows\system32\lsass.exe[1540] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00090030
.text C:\windows\system32\lsass.exe[1540] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 0009006C
.text C:\windows\system32\lsass.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B01D4
.text C:\windows\system32\lsass.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B00E4
.text C:\windows\system32\lsass.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0120
.text C:\windows\system32\lsass.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B015C
.text
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
8 avril 2011 à 13:30
Je crois que le rapport que j'ai posté n'est pas complet alors je le reposte avec ci-joint


http://www.cijoint.fr/cjlink.php?file=cj201104/cijacQMPBq.txt
0
Utilisateur anonyme
8 avril 2011 à 17:01
Télécharge SEAF.exe de C_XX


*Double clique sur SF.exe (Exécuter en tant qu'administrateur pour Vista/7) .

*Une fenêtre va s'ouvrir .

*Tape SJYPKT

dans cette fenêtre

confirme la recherche dans le registre et [Entrée].

*Patiente pendant la recherche.

*Une fenêtre avec un log.txt va s'afficher.

*Copie/colle ce rapport dans ta prochaine réponse.
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
8 avril 2011 à 17:36
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 17:30:23 le 08/04/2011
4.
5. Valeur(s) recherchée(s):
6. SJYPKT
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre seulement
11.
12. ====== Entrée(s) du registre ======
13.
14.
15. [HKLM\System\ControlSet001\Enum\Root\LEGACY_SJYPKT]
16. DA: 08/04/2011 13:19:18
17.
18. [HKLM\System\ControlSet001\Services\SjyPkt]
19. DA: 08/04/2011 13:19:18
20.
21. [HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SJYPKT]
22. DA: 08/04/2011 13:19:18
23.
24. [HKLM\System\CurrentControlSet\Services\SjyPkt]
25. DA: 08/04/2011 13:19:18
26.
27. =========================
28.
29. Fin à: 17:32:49 le 08/04/2011
30. 151744 Éléments analysés
31.
32. =========================
33. E.O.F
0
Utilisateur anonyme
8 avril 2011 à 17:46
ok je me suis mal exprimé fais une recherche en cochant "aussi dans le registre" et non uniquement (il va falloir que je revoie mes canned..)
0
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 18:30:09 le 08/04/2011
4.
5. Valeur(s) recherchée(s):
6. SJYPKT
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14.
15. "C:\Qoobox\Quarantine\Registry_backups\Legacy_SJYPKT.reg.dat" [ ARCHIVE | 1 Ko ]
16. TC: 07/04/2011,14:13:33 | TM: 07/04/2011,15:33:42 | DA: 07/04/2011,15:33:42
17.
18.
19. =========================
20.
21.
22. "C:\Qoobox\Quarantine\Registry_backups\Service_SjyPkt.reg.dat" [ ARCHIVE | 8 Ko ]
23. TC: 07/04/2011,14:13:33 | TM: 07/04/2011,14:13:33 | DA: 07/04/2011,14:13:33
24.
25.
26. =========================
27.
28.
29. "C:\WINDOWS\system32\drivers\SjyPkt.sys" [ ARCHIVE | 14 Ko ]
30. TC: 19/11/2009,23:19:29 | TM: 02/10/2002,10:57:12 | DA: 08/04/2011,18:16:34
31.
32.
33. =========================
34.
35.
36.
37. ====== Entrée(s) du registre ======
38.
39.
40. [HKLM\System\ControlSet001\Enum\Root\LEGACY_SJYPKT]
41. DA: 08/04/2011 18:23:05
42.
43. [HKLM\System\ControlSet001\Services\SjyPkt]
44. DA: 08/04/2011 18:23:19
45.
46. [HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SJYPKT]
47. DA: 08/04/2011 18:23:05
48.
49. [HKLM\System\CurrentControlSet\Services\SjyPkt]
50. DA: 08/04/2011 18:23:19
51.
52. =========================
53.
54. Fin à: 18:34:24 le 08/04/2011
55. 277111 Éléments analysés
56.
57. =========================
58. E.O.F
0
Télécharge The Avenger par Swandog46 sur le Bureau

http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

Clique sur Avenger.zip pour ouvrir le fichier
Extraire avenger.exe sur le bureau

2. Copier tout le texte en gras ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):

Drivers to disable:
SjyPkt

Files to delete:
C:\WINDOWS\system32\drivers\SjyPkt.sys

Drivers to delete:
SJYPKT

registry keys to delete:
HKLM\System\ControlSet001\Enum\Root\LEGACY_SJYPKT
HKLM\System\ControlSet001\Services\SjyPkt
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SJYPKT
HKLM\System\CurrentControlSet\Services\SjyPkt


IMPORTANT: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

Ferme toutes les applications et ton navigateur

3. Maintenant, lance The Avenger en cliquant sur son icône du bureau.

Vérifie que la case devant "Automatically disable any rootkits found" n'est pas cochée.


Cclique sur l'icone de droite (en rose et bleu). Le texte va se copier dans la fenêtre.

Clique sur Execute

4. The Avenger va automatiquement faire ce qui suit:


Il va Re-démarrer le système.
Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur le bureau, ceci est NORMAL.
Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
The Avenger aura également sauvegardé tous les fichiers, etc., que tu lui as demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.

5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans ta réponse
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....
0
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open driver "SjyPkt"
Disablement of driver "SjyPkt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\SjyPkt.sys" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\SJYPKT" not found!
Deletion of driver "SJYPKT" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\System\ControlSet001\Enum\Root\LEGACY_SJYPKT" deleted successfully.

Error: registry key "HKLM\System\ControlSet001\Services\SjyPkt" not found!
Deletion of registry key "HKLM\System\ControlSet001\Services\SjyPkt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SJYPKT" not found!
Deletion of registry key "HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SJYPKT" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\System\CurrentControlSet\Services\SjyPkt" not found!
Deletion of registry key "HKLM\System\CurrentControlSet\Services\SjyPkt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
0
Utilisateur anonyme
8 avril 2011 à 23:14
refais l operation avec Seaf comme plus haut ?
0
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 23:52:01 le 08/04/2011
4.
5. Valeur(s) recherchée(s):
6. SJYPKT
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Recherche registre
11.
12. ====== Fichier(s) ======
13.
14.
15. "C:\Qoobox\Quarantine\Registry_backups\Legacy_SJYPKT.reg.dat" [ ARCHIVE | 1 Ko ]
16. TC: 07/04/2011,14:13:33 | TM: 07/04/2011,15:33:42 | DA: 07/04/2011,15:33:42
17.
18.
19. =========================
20.
21.
22. "C:\Qoobox\Quarantine\Registry_backups\Service_SjyPkt.reg.dat" [ ARCHIVE | 8 Ko ]
23. TC: 07/04/2011,14:13:33 | TM: 07/04/2011,14:13:33 | DA: 07/04/2011,14:13:33
24.
25.
26. =========================
27.
28.
29.
30. ====== Entrée(s) du registre ======
31.
32.
33. [HKLM\System\ControlSet001\Services\SjyPkt]
34. DA: 08/04/2011 23:11:15
35.
36. [HKLM\System\CurrentControlSet\Services\SjyPkt]
37. DA: 08/04/2011 23:11:15
38.
39. =========================
40.
41. Fin à: 23:58:56 le 08/04/2011
42. 278119 Éléments analysés
43.
44. =========================
45. E.O.F
0
Utilisateur anonyme
9 avril 2011 à 00:05

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------


Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

Registry::
[-HKLM\System\ControlSet001\Services\SjyPkt]
[-HKLM\System\CurrentControlSet\Services\SjyPkt]

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 05:57
Desolé d'avoir posté le rapport ci tard mais j'etais absent tout le week-end
0
Utilisateur anonyme
12 avril 2011 à 13:21
salut il est ou ?
0
lancome51 Messages postés 50 Date d'inscription jeudi 3 septembre 2009 Statut Membre Dernière intervention 19 novembre 2014
12 avril 2011 à 13:45
ComboFix 11-04-08.01 - Foot 09/04/2011 1:44.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.509 [GMT 2:00]
Lancé depuis: c:\documents and settings\Foot\Bureau\laurent.exe
Commutateurs utilisés :: c:\documents and settings\Foot\Bureau\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-08 au 2011-04-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-08 16:20 . 2011-04-08 16:20 -------- d--h--w- c:\windows\msdownld.tmp
2011-04-08 16:18 . 2011-04-08 16:20 -------- dc-h--w- c:\windows\ie8
2011-04-08 15:29 . 2011-04-08 15:29 -------- d-----w- c:\program files\SEAF
2011-04-07 04:40 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-07 04:39 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-07 04:39 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-07 04:39 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-07 04:39 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-07 04:39 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-07 04:39 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-07 04:39 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-07 04:39 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-07 04:39 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-07 04:39 . 2011-04-07 04:39 -------- d-----w- c:\program files\AVAST Software
2011-04-07 04:39 . 2011-04-07 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-06 11:42 . 2011-04-06 11:42 -------- d-----w- c:\program files\Ad-Remover
2011-04-04 19:17 . 2011-04-04 19:17 -------- d-----w- C:\$AVG
2011-04-04 18:39 . 2011-04-04 18:39 -------- d-----w- c:\documents and settings\Foot\Application Data\AVG10
2011-04-04 18:38 . 2011-04-04 18:38 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-04-04 18:34 . 2011-04-07 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-04-04 18:32 . 2011-04-04 18:32 -------- d-----w- c:\program files\AVG
2011-04-04 18:24 . 2011-04-04 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-04-04 17:53 . 2010-11-23 15:25 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-04-04 17:53 . 2010-11-23 15:21 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-04 17:52 . 2011-04-04 17:52 -------- d-----w- c:\documents and settings\Foot\Application Data\TuneUp Software
2011-04-04 17:52 . 2011-04-04 17:53 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-04-04 17:52 . 2011-04-04 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-04-04 17:35 . 2011-04-04 17:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-04 17:03 . 2011-04-04 17:03 -------- d-----w- c:\program files\Enigma Software Group
2011-04-04 16:38 . 2011-04-04 16:38 -------- d-----w- c:\documents and settings\andrea et lorenzo\Local Settings\Application Data\KalityWeb
2011-04-04 02:21 . 2011-04-04 02:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-02 08:44 . 2011-04-02 08:44 -------- d-----w- c:\documents and settings\NetworkService\Bureau
2011-04-01 13:32 . 2011-04-01 13:32 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2011-03-31 19:08 . 2011-03-31 19:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-31 15:59 . 2011-03-31 15:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-23 17:09 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 17:09 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 13:04 . 2011-03-23 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-03-18 14:34 . 2011-03-18 14:34 -------- d-----w- c:\program files\Winamax Poker
2011-03-17 17:05 . 2011-03-17 17:06 -------- d-----w- c:\documents and settings\Foot\Local Settings\Application Data\FullTiltPoker.fr
2011-03-17 17:04 . 2011-03-18 20:00 -------- d-----w- c:\program files\Full Tilt Poker.Fr
2011-03-16 22:22 . 2011-03-16 22:22 -------- d-----w- c:\program files\WebAdSystem
2011-03-16 22:22 . 2011-03-16 22:22 -------- d-----w- c:\documents and settings\Foot\Local Settings\Application Data\KalityWeb
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-03-10 20:47 . 2011-03-10 20:55 -------- d-----w- c:\windows\system32\NtmsData
2011-03-10 11:44 . 2011-03-10 11:44 -------- d-----w- c:\program files\iPod
2011-03-10 11:44 . 2011-03-10 11:45 -------- d-----w- c:\program files\iTunes
2011-03-10 11:31 . 2011-03-10 11:31 -------- d-----w- c:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2009-11-20 16:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2009-11-20 16:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-09 13:54 . 2004-08-05 05:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2004-08-05 05:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:59 . 2004-08-05 05:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-05 05:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-05 05:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC8FCB46-9F27-476E-B26A-93989316D2FB}]
2011-03-13 21:40 90624 ----a-w- c:\program files\WebAdSystem\BrowserExtensions\internetexplorer\WebAdSystemBho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-21 1192336]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-08-21 1966128]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Seagate\Schedule2\schedhlp.exe" [2007-08-20 148760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-27 137752]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"CTCheck"="c:\program files\ComPlus Applications\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe [2009-11-19 737280]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
"WebAdSystem"=c:\program files\WebAdSystem\WebAdSystem.exe
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [07/04/2011 06:39 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [07/04/2011 06:39 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2011 06:40 19544]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [23/11/2010 17:23 1483072]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [20/10/2009 15:39 194304]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 12:34 10064]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - UBHELPER
*Deregistered* - uphcleanhlp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-04-08 c:\windows\Tasks\User_Feed_Synchronization-{16DB8730-3D92-4B85-B161-E447154CB8CA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{23D50707-F413-4485-BDF2-A648EBA7D2B0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: everestpoker.com
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
TCP: {CA495168-0DDD-444B-938F-B1585933031D} = 192.168.1.1
TCP: {CCD85EB5-8D11-4E0B-BBA8-A53BDC4C2DC7} = 194.2.0.20,194.2.0.50
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100811034846
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} - hxxp://www.bobtv.fr/download/v2/cfweb_www.bobtv.fr-download-v2_instmodule.exe
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 01:56
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h-€|ÿÿÿÿ¤*€|ù*9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(1444)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6776)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\KMPJLMN.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2011-04-09 02:04:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-04-09 00:04
ComboFix2.txt 2011-04-07 13:45
ComboFix3.txt 2011-04-07 12:24
ComboFix4.txt 2011-04-07 04:34
.
Avant-CF: 26 399 825 920 octets libres
Après-CF: 26 422 190 080 octets libres
.
- - End Of File - - 13BAA1F5B7448D7E03DCDC2DBF737206
0