Sujet Précédent Sujet Suivant

Infecté par zlob trojan et plus de connexion

aminedu13 Messages postés 41 Statut Membre -  
aminedu13 Messages postés 41 Statut Membre -
Bonjour,

salut a tous

impossible de me connecter sur internet avec mon ordi de bureau car j'ai choper un virus de merde.

voila ça m'affiche ça:

YOUR SYSTEM WAS INFECTED BY ZLOB TROJAN IT'S VERY DANGEROUS FOR YOUR SYSTEM(CRITICAL DATA CAN BE LOST)

CLICK OK TO DOWNLOAD THE ANTIMALWARE APPLICATION TO CLEAN YOUR HARD DISK.

merci de m'aider.

je sais kil existe un moyen avec hickjathis je croi!!!

A+
A voir également:

8 réponses

Réponse 1 / 8
aminedu13 Messages postés 41 Statut Membre 7
 
voici mon log hijackthis.

merci de m'aider

Logfile of HijackThis v1.99.1
Scan saved at 02:32:30, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\nts.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\mrofinu1535.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\nts.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons\Drive Film.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [ldcqigdulc] c:\documents and settings\sahrane\local settings\application data\ldcqigdulc.exe ldcqigdulc
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [zlgcnybqu] c:\windows\system32\zlgcnybqu.exe zlgcnybqu
O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

voici mon rapport smitfraudfix

SmitFraudFix v2.195

Rapport fait à 2:33:51,01, 03/04/2008
Executé à partir de C:\Documents and Settings\SAHRANE\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.0.0.1 update.111222.cn
127.0.0.1 msg.ppstream.com
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED712EF5-2EFF-4E41-8C8C-C1B9B8FCDFC1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED712EF5-2EFF-4E41-8C8C-C1B9B8FCDFC1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AA6FBFC7-67A2-41D5-A351-A9B36C0C14E4}: DhcpNameServer=82.216.111.123 82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ED712EF5-2EFF-4E41-8C8C-C1B9B8FCDFC1}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"

»»»»»»»»»»»»»»»»»»»»»»»» Fin

merci de votre comprehension et de votre aide

AMINE A+
0
Réponse 2 / 8
Utilisateur anonyme
 
C:\WINDOWS\nts.exe VIRUS^^
0
aminedu13 Messages postés 41 Statut Membre 7
 
salut,

merci mais que dois je faire a present.

kel antivirus et tres efficace pour enlever le virus ZLOB

amine A+
0
Réponse 3 / 8
Utilisateur anonyme
 
C:\WINDOWS\nts.exe VIRUS^^
pour info: http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotagb.html

C:\WINDOWS\mrofinu1535.exe VIRUS^^

pour info: http://spywarefiles.prevx.com/RRHCJA44404484/MROFINU1535.EXE.html

Bon, télécharge Gmer, un anti-rootkit puisssant, fait un scan, et copie/colle le log ici!
Télécharger ici: http://www.gmer.net

Ensuite, télécharge AVG 7.5 met le à jour puis fait un scan complet de ton système
Télécharger ici: http://free.grisoft.com/doc/5390/us/frt/0?prd=aff

Refait un scan de Hijackthis, et puis coche les lignes suivantes et ensuite clique sur Fixed Checked items

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\nts.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe
O4 - HKCU\..\Run: [zlgcnybqu] c:\windows\system32\zlgcnybqu.exe zlgcnybqu
O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe

Par la suite, désinstalle les programmes nocifs, va dans Panneau de configuration/ Ajout et Suppression de programmes

Et supprime Yahoo Toolbar et toutes ses composantes
Snagit Toolbar...

Recherche aussi s'il n'y aurait pas des programmes qui te semblerais suspects ainsi que s'il y a des composantes de
-Network Translation Service
-runner1
-zlgcnybqu
-Roam Bash

Et s'il y en a, supprime les!

Ensuite, assure toi que ces malwares ne démarre plus avec Windows
Ouvre le menu démarrer, Exécuter et tape: msconfig
Va dans l'onglet Démarrage, puis vérifie les noms des programmes s'ils sont toujours la

Ah tu peux aussi, faire un scan avec Spybot:
Installe le complet(mise à jour incluse)
Puis fait un scan, et supprime tout ce qu'il trouve!
Télécharger ici: https://www.safer-networking.org/download/

Une fois cela fait, passe un coup de balai à l'aide Ccleaner
Télécharger ici: https://www.ccleaner.com/

Refait un scan de Hijackthis puis repost le rapport ici.

Bonne chance

Et à l'avenir, utilise un navigateur comme firefox
Télécharger ici: http://www.firefox.fr/windows.htm

Ensuite, prévients l'infections avec Spywareblaster
Télécharger ici: http://www.brightfort.com/spywareblaster.html

Ne jamais naviguer sur internet tout nu, c'est à dire sans firewall(on EXCLUS le firewall de windows qui est une porte ouverte aux infections et autres attaques!!!)
Télécharge Zone Alarme
Télécharger ici: https://www.zonealarm.com/software/free-firewall
(prendre la version gratuite :) ) (ne pas oublier de désactiver le firewall de windows avant d'utilisé ZA)

Avec tout sa, bonne chance

Dsl pour le poste précédent, J'avais accrocher la touche Enter ^^
Je sais, c'est boulet mais c'est un accident xD
0
aminedu13 Messages postés 41 Statut Membre 7
 
Pas de souci et surtout merci de m'aider

resalut voici le log GMER





GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-03 04:00:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 86D9B1A8 ZwConnectPort
SSDT \??\C:\WINDOWS\yeTyezzd.sys ZwCreateKey [0xEFF0DA77]
SSDT sptd.sys ZwEnumerateKey [0xF72B9E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF72BA1BA]
SSDT \??\C:\WINDOWS\yeTyezzd.sys ZwOpenKey [0xEFF0DB2B]
SSDT sptd.sys ZwQueryKey [0xF72BA292]
SSDT sptd.sys ZwQueryValueKey [0xF72BA112]
SSDT sptd.sys ZwSetValueKey [0xF72BA324]
SSDT \??\C:\WINDOWS\yeTyezzd.sys ZwTerminateProcess [0xEFF0F649]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
PAGE CLASSPNP.SYS!ClassInitialize + F4 F74E34B2 4 Bytes [ 7E, 68, 4F, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF F74E34BD 4 Bytes [ 28, 14, 4F, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A F74E34C8 4 Bytes [ 90, 68, 4F, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 F74E34CF 4 Bytes [ 84, 68, 4F, 86 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 F74E34D6 4 Bytes [ 8A, 68, 4F, 86 ]
PAGE ...
? C:\WINDOWS\system32\drivers\Dkq40.sys Accès refusé.
.text USBPORT.SYS!DllUnload F60E962C 5 Bytes JMP 86F96780
? System32\Drivers\a13pqzed.SYS Le fichier spécifié est introuvable. !
.text yeTyezzd.sys EFF0D112 65 Bytes CALL EFF0D117 \??\C:\WINDOWS\yeTyezzd.sys
.text yeTyezzd.sys EFF0D154 314 Bytes [ B5, 6B, 04, 00, 00, 56, 6A, ... ]
.text yeTyezzd.sys EFF0D28F 9 Bytes CALL B9022008
.text yeTyezzd.sys EFF0D299 339 Bytes CALL EFF0D2CA \??\C:\WINDOWS\yeTyezzd.sys
.text yeTyezzd.sys EFF0D3ED 495 Bytes [ 00, 57, 8B, 4F, 04, 83, E9, ... ]
.text ...
.text C:\WINDOWS\yeTyezzd.sys section is writeable [0xEFF0D000, 0x7E58, 0xE8000020]
? C:\WINDOWS\yeTyezzd.sys Le fichier spécifié est introuvable.
? C:\WINDOWS\TEMP\mc26.tmp Le fichier spécifié est introuvable. !
.text ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\SCardSvr.exe[272] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\SCardSvr.exe[272] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\SCardSvr.exe[272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\SCardSvr.exe[272] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[272] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\SCardSvr.exe[272] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\System32\SCardSvr.exe[272] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\SCardSvr.exe[272] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\mrofinu1535.exe[404] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\mrofinu1535.exe[404] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\mrofinu1535.exe[404] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\mrofinu1535.exe[404] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\mrofinu1535.exe[404] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\nvsvc32.exe[684] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\nvsvc32.exe[684] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[684] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[684] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[684] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\nvsvc32.exe[684] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\nvsvc32.exe[684] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[752] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[752] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\system32\ctfmon.exe[752] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\ctfmon.exe[752] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\ctfmon.exe[752] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\DAEMON Tools\daemon.exe[772] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DAEMON Tools\daemon.exe[772] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\DAEMON Tools\daemon.exe[772] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\DAEMON Tools\daemon.exe[772] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\DAEMON Tools\daemon.exe[772] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[780] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[780] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[780] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[780] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\csrss.exe[780] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\winlogon.exe[804] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[804] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\winlogon.exe[804] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\services.exe[848] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\lsass.exe[860] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1064] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] user32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] user32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[1276] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
? C:\WINDOWS\System32\svchost.exe[1336] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1336] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
? C:\WINDOWS\System32\svchost.exe[1372] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1372] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1520] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1596] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1872] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1872] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1872] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1872] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1872] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1872] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\spoolsv.exe[1872] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2112] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[2112] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[2112] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowLongA 7E39D60D 5 Bytes JMP 445118EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowLongW 7E39D62B 5 Bytes JMP 4451191B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 445117EF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511770 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 445117B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 445116FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 44511736 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4451182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F120F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
? C:\WINDOWS\System32\svchost.exe[2828] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
.text C:\WINDOWS\System32\svchost.exe[2828] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[2828] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\System32\svchost.exe[2828] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[2828] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\System32\svchost.exe[2828] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\alg.exe[3096] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[3096] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\alg.exe[3096] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100
0
Réponse 4 / 8
Utilisateur anonyme
 
Bon, alors, Gmer t'a afficher des lignes en rouge...si oui ce sont des malwares/rootkits
Alors tu n'as qu'à les supprimer...mais je ne vois rien d'anormal dans le log...

Navigue dans les onglets de Gmer et vérifie s'il n'y a pas des processus cachés!!

Sinon, reposte quand tu auras fini de faire les autres manip^^

++
0
aminedu13 Messages postés 41 Statut Membre 7
 
resalut

suis je obliger d'attendre la fin du scan aVG pour tenvoyer le scan hijacthis ensuite.


merci de me repondre

parcontre avec gmer je vois rien d'anormal.

et di moi avec avg je pourai suprimer les virus mon pc ira mieu apres


A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
Utilisateur anonyme
 
Non tu peux envoyer le log HJT tout de suite^^

sauf que AVG n'aura p-e pas trouver les virus encores...

Mais si tu as fait les autres manips( cocher les lignes de HJT par exemple...cela devrait déjà aller mieux!!)

Étrange que Gmer n,est rien vu...très étrange même!

Mais bon..envoi le log...et je l'analyse tout de suite et je te répond immédiatement par la suiute!
0
aminedu13 Messages postés 41 Statut Membre 7
 
voila jai fai le log hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 05:27:37, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: AVG7 Alert Manager Server (avg7alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (avg7updsvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (avgems) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

merci
0
Réponse 6 / 8
aminedu13 Messages postés 41 Statut Membre 7
 
re

au faite internet ne fonctionne toujours pas je communique avec toi grace a mon ordi portable et je transmet tou ce ke tu me di a travers une clef usb.

merci de ton aide en esperant ke sa marche car la je fatigue lol.
0
Réponse 7 / 8
Utilisateur anonyme
 
Ah, j'ai oublié de te mentionner, désinstalle Norton Anti-virus....deux anti-virus ce n'est jamais bon!
Et si tu veux garder Spyware Doctor...a toi de voir, mais c,est la même chose que les anti-virus!
Donc Spybot ou Spyware Doctor...perso je conseil Spybot!

O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)

Coche ces deux là...

Par la suite, désinstalle les programmes nocifs, va dans Panneau de configuration/ Ajout et Suppression de programmes

Et supprime Yahoo Toolbar et toutes ses composantes
Snagit Toolbar...
(si tu ne l'a pas déjà fait)

Recherche aussi s'il n'y aurait pas des programmes qui te semblerais suspects ainsi que s'il y a des composantes de
-Network Translation Service
-runner1
-zlgcnybqu
-Roam Bash

Et s'il y en a, supprime les!

Va revoir aussi dans msconfig pour les programmes de démarrage puis Roam Bash est toujours là!
et regarde par le fait même pour nts.exe

Sinon tu feras un scan de Spybot, et supprimer tout ce qu'il trouve!

Mais pour ta connexion internet qui ne marche toujours pas...tu peux essayer de réinstaller les composantes de ton FAI

Je suppose que AVG n'a pas fini son scan encore???

Répond moi puis va te coucher lol...moi aussi je commence à fatiguer...je vais attendre ta réponse

Au pire tu peux continuer sa demain...

ou...on se parle via msn et l'on en décide...perso j'ai rien contre...à toi de voir!
0
aminedu13 Messages postés 41 Statut Membre 7
 
wech

impossible de faire un scan spybot car il me demande de voir les mise a jour et vu ke jai pas internet sa fonctionne pas.donc jai fai une vaccination.pour le scan avg c toujour en cour.et jarrive pas a mettre zone alarm.


tu peu m'expliker "réinstaller les composantes de ton FAI"



merci de m'aider car c la galere.


mon msn aminedu13@hotmail.com

c'est bon jai coche roam bash et nts et puis jai fixer.

AVG c 'est fini est la je fai koi ya ecrit threats found

102947 ojects scanned
1 errors

puis ya un endroit ou on peu cliker display test configuration

et virus statistic

threat 3
healed 0
moved to virus vault 1
deleted 0

SCAN AGAIN CLOSE
0
Réponse 8 / 8
Utilisateur anonyme
 
Tu n'as qu'a envoyer un message privé pour éviter de mettre ton addresse sur le forum!

(NB: petit rappel, clique sur mon pseudo et message privé^^)
0

Discussions similaires

Impossible d'ouvrir certains sites (JAVA)
ELISE8000 -
titicris58 -

4 réponses
Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
Impossible d'établir la connexion a NVIDIA.
AFD31 -
emile -

34 réponses
Connexion limitée TV en Wifi
FSamba -
Wouaf -

21 réponses
Option de connexion est désactivé sur pc HP
franky95 -
georges97 -

2 réponses