Sujet Précédent Sujet Suivant

Cheval de Troie Win32:BHO-IC

Résolu
d-jacky Messages postés 1330 Statut Membre -  
d-jacky Messages postés 1330 Statut Membre -
Bonjour,
J'ai un problème sur un ordi portable d'une amie : Avast signale un cheval de troie Win32:BHO-IC[Trj] mais le fichier gln.exe apparaît toujours à nouveau. J'ai essayé d'installer SDFix.exe et de démarrer en mode sans échec mais après quelques secondes d'analyse, soit l'ordi s'éteint complètement soit apparaît l'écran bleu avec PAGE_FAULT_IN_NONPAGED_AREA; le fichier en cause est astq.tga mais il est impossible à supprimer (je ne me souviens plus du message d'erreur). Les autres outils (AVG Anti Spyware, Spybot, Ad Aware 2007, A-Squared, ComboFix, Avast, ...) n'ont pas réussi à éliminer ce problème.
Quelqu'un aurait-il une idée ?

21 réponses

  • 1
  • 2
Réponse 1 / 21
Profil bloqué
 
slt deja desinstal a-squared(il m'a fait formater mon pc) puis prend ceci:Hijackthis (clic sur le premier bouton et poste tous le rapport ici)
@+
0
Réponse 2 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
Ok, je mettrai le rapport de HiJackThis ici dans les prochains jours parce que je ne l'ai plus sous la main.
A bientôt, DJ
0
Réponse 3 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
Bonjour,
voici le log de hijackthis :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:02:07, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HIRSCHLER Astrid\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{238AF52D-C4A1-4B9C-9DE3-0859875A76F8}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{68C2969F-B4FA-4AD0-99A1-8F72A40325C0}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{B437E89A-5009-4CCD-A111-ABCC4D2956FF}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE50E469-D744-470A-8F29-4605627D436E}: NameServer = 165.131.174.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{238AF52D-C4A1-4B9C-9DE3-0859875A76F8}: NameServer = 165.131.174.49
O17 - HKLM\System\CS3\Services\Tcpip\..\{238AF52D-C4A1-4B9C-9DE3-0859875A76F8}: NameServer = 165.131.174.49
O20 - Winlogon Notify: iebvss32 - C:\WINDOWS\SYSTEM32\iebvss32.dll
O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 4 / 21
Profil bloqué
 
fix checked sa (regarde ici pour savoir fix checked: http://pageperso.aol.fr/balltrap34/demohijack.htm)

-O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
désolé, rien ne s'affiche avec le lien que tu donnes :-(
0
Réponse 6 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
ok, j'ai compris et ai fixé la ligne 020 que tu indiquais.
Pour info, AVG Spyware détectait Trojan.Delf.awy sur la ligne 020 juste au-dessus.
Je fais quoi avec cette ligne 020 Winlogon Notify :iebvss32.dll etc ...
0
Réponse 7 / 21
Profil bloqué
 
dit ke avg et a-squared tu disent un truc tu supprime
0
Réponse 8 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
J'ai mis en quarantaine, mais le message réapparait à chaque démarrage.
0
Réponse 9 / 21
Profil bloqué
 
refait un scan hijac stp
0
Réponse 10 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
le voilà :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:35:35, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\a-squared free\a2free.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Documents and Settings\HIRSCHLER Astrid\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{238AF52D-C4A1-4B9C-9DE3-0859875A76F8}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{68C2969F-B4FA-4AD0-99A1-8F72A40325C0}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{B437E89A-5009-4CCD-A111-ABCC4D2956FF}: NameServer = 165.131.174.49
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE50E469-D744-470A-8F29-4605627D436E}: NameServer = 165.131.174.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{238AF52D-C4A1-4B9C-9DE3-0859875A76F8}: NameServer = 165.131.174.49
O17 - HKLM\System\CS3\Services\Tcpip\..\{238AF52D-C4A1-4B9C-9DE3-0859875A76F8}: NameServer = 165.131.174.49
O20 - Winlogon Notify: iebvss32 - C:\WINDOWS\SYSTEM32\iebvss32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Plug-and-Play PlugPlayNetlogon (PlugPlayNetlogon) - Unknown owner - C:\WINDOWS\system32\adssite-removet.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 11 / 21
Profil bloqué
 
tu n'a plus rien de la part de hijack^^ voila ton probleme a été resolu(j'ai vus que tu avais la 40aine, tu te fait aider par un pauvre gamin qui a 14ans(moi))
@+
0
Réponse 12 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
Super, merci à toi. Je ne suis pas convaincu que tous les problèmes soient réglés, mais je te remercie quand même.
Cordialement,
DJ
0
Réponse 13 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
Entre temps j'ai fait une recherche sur google pour le iebvss32.dll, je suis arrivé sur une page qui propose de télécharger l'outil d'analyse Prevx CSI. Je l'ai installé et ai fait une analyse : il me trouve les problèmes suivants :
Summary:
C:\WINDOWS\system32\iebvss32.dll - [B] >> Trojan.DoS.Win32.Opdos
C:\WINDOWS\system32\drivers\astq.tga - [4] >> Hidden Service: astq
C:\WINDOWS\System32\drivers\ztx86.sys - [112] >> Hidden Data
C:\WINDOWS\system32\ztx86.sys - [4] >> Hidden Service: ztx86
C:\WINDOWS\system32\drivers\alg.exe~ - [B] >> Trojan.SystemPoser
C:\WINDOWS\system32\drivers\svchost.exe~ - [B] >> TROJAN.BHO.AQ
C:\WINDOWS\xpupdate.exe~ - [B] >> Trojan.Vundo
C:\WINDOWS\system32\cygwn32.dll - [B] >> Downloader.Agent.ABSJ
C:\WINDOWS\system32\dllgh8jkd1q1.exe~ - [B] >> Trojan.Downloader
C:\WINDOWS\system32\dllgh8jkd1q5.exe~ - [B] >> Trojan.Downloader
C:\WINDOWS\system32\dllgh8jkd1q7.exe~ - [B] >> Trojan.Downloader
C:\WINDOWS\system32\n2ewma1xxsv2234.exe~ - [B] >> Generic.Malware
C:\WINDOWS\system32\swreg.exe - [B] >> Generic.Malware
C:\WINDOWS\system32\sysdamp.exe - [B] >> Adware Generic2.AAUH
C:\WINDOWS\system32\vedxga1me4t1.exe~ - [B] >> Trojan.VXGAME
C:\WINDOWS\system32\wininet2_.dll - [B] >> Generic.Malware
Note: Some of the above entries may be from previous scans or cleaned infections.

Evidemment, il détecte mais ne nettoie pas. Il faudrait payer ...
Quelqu'un aurait-il une idée de la suite à donner ?
0
Réponse 14 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
up
0
Réponse 15 / 21
Profil bloqué
 
up?
0
Réponse 16 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
Quelqu'un a une idée de ce que je peux faire avec toutes les belles choses de mon message n° 13 ?
0
Réponse 17 / 21
Profil bloqué
 
j'ai un doute sur se logiciel peu lourd et pas tres connu voila se que c'est un bon truc https://www.zebulon.fr/astuces/securite-systeme/202-l-antimalware-cache-de-windows.html
0
Réponse 18 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
J'ai fait un scan avec Gmer.
Voici le rapport, que dois-je faire ensuite ?

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-27 22:17:10
Windows 5.1.2600 Service Pack 2

.text ...
.text ...

---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xF7B438AC]
SSDT \??\C:\WINDOWS\system32\drivers\astq.tga ZwCreateKey [0xF7618A68]
SSDT \??\C:\WINDOWS\system32\drivers\astq.tga ZwOpenKey [0xF7618B1C]
SSDT \??\C:\WINDOWS\system32\drivers\astq.tga ZwTerminateProcess [0xF761A7E2]

---- Devices - GMER 1.0.14 ----

Device \Driver\aswTdi \Device\AswTcpFilter astq.tga
Device \Driver\aswTdi \Device\ASWTDI astq.tga
Device \Driver\aswTdi \Device\AswUdpFilter astq.tga

AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip astq.tga
AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp astq.tga
AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp astq.tga
AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp astq.tga
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Ntfs \Ntfs astq.tga

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

SSDT \SystemRoot\system32\drivers\pctmp.sys (Memory Monitor Driver/PCTools Research Pty Ltd.) ZwAllocateVirtualMemory [0xF75E9EEC]
SSDT \SystemRoot\system32\drivers\pctmp.sys (Memory Monitor Driver/PCTools Research Pty Ltd.) ZwProtectVirtualMemory [0xF75EA27E]
SSDT \SystemRoot\system32\drivers\pctmp.sys (Memory Monitor Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xF75EA98A]

---- Kernel code sections - GMER 1.0.14 ----

.text astq.tga F761810D 118 Bytes CALL F7618112 \??\C:\WINDOWS\system32\drivers\astq.tga
.text astq.tga F7618184 642 Bytes [ 95, 5F, 04, 00, 00, 85, C0, ... ]
.text astq.tga F7618407 7 Bytes [ 66, 25, FF, 0F, 8B, 1C, 24 ]
.text astq.tga F761840F 85 Bytes [ 1B, 01, C3, 03, 5D, F8, 8B, ... ]
.text astq.tga F7618465 14 Bytes [ 04, 00, 00, 8B, 17, 83, C7, ... ]

---- User code sections - GMER 1.0.14 ----

.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\HIRSCHLER Astrid\Bureau\gmer.exe[2260] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\a-squared Free\a2service.exe[440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\a-squared Free\a2service.exe[440] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2364] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[2004] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1932] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3304] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[676] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3424] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[484] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 00C5C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 00C5C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 00C5C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 00AC5415 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 00C5C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 00C5C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 00C5C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 00C5C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2712] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[3312] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3432] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\PrevxCSI\prevxcsi.exe[3472] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Process Explorer\procexp.exe[3844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Process Explorer\procexp.exe[3844] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3452] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[3344] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\eHome\ehRecvr.exe[564] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\eHome\ehRecvr.exe[564] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[564] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\eHome\ehSched.exe[588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehSched.exe[588] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[2660] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[2660] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\Explorer.EXE[2660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2660] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[2660] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[2660] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2660] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[2660] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2980] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[2980] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2980] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2980] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\alg.exe[2980] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\csrss.exe[1024] KERNEL32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\csrss.exe[1024] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[1024] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\csrss.exe[1024] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[1024] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[1024] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\csrss.exe[1024] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\ctfmon.exe[3444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3444] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\dllhost.exe[2700] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\dllhost.exe[2700] USER32.dll!SetWindowsHookW 7E3AC1C1 6 Bytes JMP 5F160F5A

---- Kernel code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\drivers\astq.tga section is writeable [0xF7618000, 0x6DEA, 0xE8000020]
? C:\WINDOWS\system32\drivers\astq.tga Le fichier spécifié est introuvable.

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\astq.tga (*** hidden *** ) [SYSTEM] astq <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP100.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!FreeLibrary 7C80ABDE 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1108] ole32.dll!CoCreateInstance 774BFAC3 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[1108] ole32.dll!CoCreateInstanceEx 774BFA6B 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[1108] ole32.dll!CoGetClassObject 774D5DB2 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1108] ole32.dll!OleCreate 7753B914 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!PostMessageA 7E39CB85 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!PostMessageW 7E398CCB 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SendMessageA 7E3AF383 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SendMessageCallbackA 7E3EAF01 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SendMessageCallbackW 7E39F306 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SendMessageTimeoutA 7E3AFB2B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SendMessageTimeoutW 7E39ED72 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SendMessageW 7E39B8BA 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SetWindowsHookA 7E3BED31 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\lsass.exe[1108] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 By
0
Réponse 19 / 21
Profil bloqué
 
ta utiliser deja SmitFraudFix choisit la deuxieme reponse puis au bout d'un moment il va te dire:"voulez vous nettoyer le registre" met o
0
Réponse 20 / 21
d-jacky Messages postés 1330 Statut Membre 194
 
Bsr,
Pour info, j'ai réussi à supprimer 2 fichiers cachés avec Gmer :
C:\WINDOWS\system32\drivers\astq.tga (*** hidden *** )
C:\WINDOWS\System32\drivers\ztx86.sys - [112] >> Hidden Data
Maintenant, le système est stable et je peux faire les analyses. C'est sur la bonne voie ...
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses