Infecté par zlob trojan et plus de connexion

aminedu13 Messages postés 41 Statut Membre -  
aminedu13 Messages postés 41 Statut Membre -
Bonjour,

salut a tous

impossible de me connecter sur internet avec mon ordi de bureau car j'ai choper un virus de merde.

voila ça m'affiche ça:

YOUR SYSTEM WAS INFECTED BY ZLOB TROJAN IT'S VERY DANGEROUS FOR YOUR SYSTEM(CRITICAL DATA CAN BE LOST)

CLICK OK TO DOWNLOAD THE ANTIMALWARE APPLICATION TO CLEAN YOUR HARD DISK.

merci de m'aider.

je sais kil existe un moyen avec hickjathis je croi!!!

A+
Configuration: Windows XP
Firefox 2.0.0.6

8 réponses

  1. aminedu13 Messages postés 41 Statut Membre 7
     
    voici mon log hijackthis.

    merci de m'aider

    Logfile of HijackThis v1.99.1
    Scan saved at 02:32:30, on 03/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\nts.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\mrofinu1535.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\nts.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AXIS TONS THE MP3] C:\Documents and Settings\All Users\Application Data\Readme Live Axis Tons\Drive Film.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
    O4 - HKCU\..\Run: [ldcqigdulc] c:\documents and settings\sahrane\local settings\application data\ldcqigdulc.exe ldcqigdulc
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [zlgcnybqu] c:\windows\system32\zlgcnybqu.exe zlgcnybqu
    O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

    voici mon rapport smitfraudfix

    SmitFraudFix v2.195

    Rapport fait à 2:33:51,01, 03/04/2008
    Executé à partir de C:\Documents and Settings\SAHRANE\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 update.asdf.cn
    127.0.0.1 msg.asdf.com
    127.0.0.1 update.111222.cn
    127.0.0.1 msg.ppstream.com
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED712EF5-2EFF-4E41-8C8C-C1B9B8FCDFC1}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED712EF5-2EFF-4E41-8C8C-C1B9B8FCDFC1}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AA6FBFC7-67A2-41D5-A351-A9B36C0C14E4}: DhcpNameServer=82.216.111.123 82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{ED712EF5-2EFF-4E41-8C8C-C1B9B8FCDFC1}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.123 82.216.111.124 82.216.111.125 82.216.111.121 82.216.111.122

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    merci de votre comprehension et de votre aide

    AMINE A+
    0
  2. Utilisateur anonyme
     
    C:\WINDOWS\nts.exe VIRUS^^
    0
    1. aminedu13 Messages postés 41 Statut Membre 7
       
      salut,

      merci mais que dois je faire a present.

      kel antivirus et tres efficace pour enlever le virus ZLOB

      amine A+
      0
  3. Utilisateur anonyme
     
    C:\WINDOWS\nts.exe VIRUS^^
    pour info: http://www.sophos.com/security/analyses/viruses-and-spyware/w32rbotagb.html

    C:\WINDOWS\mrofinu1535.exe VIRUS^^

    pour info: http://spywarefiles.prevx.com/RRHCJA44404484/MROFINU1535.EXE.html

    Bon, télécharge Gmer, un anti-rootkit puisssant, fait un scan, et copie/colle le log ici!
    Télécharger ici: http://www.gmer.net

    Ensuite, télécharge AVG 7.5 met le à jour puis fait un scan complet de ton système
    Télécharger ici: http://free.grisoft.com/doc/5390/us/frt/0?prd=aff

    Refait un scan de Hijackthis, et puis coche les lignes suivantes et ensuite clique sur Fixed Checked items

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\nts.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: (no name) - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - (no file)
    O4 - HKLM\..\Run: [Network Translation Service] "C:\WINDOWS\nts.exe" *
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe
    O4 - HKCU\..\Run: [zlgcnybqu] c:\windows\system32\zlgcnybqu.exe zlgcnybqu
    O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe

    Par la suite, désinstalle les programmes nocifs, va dans Panneau de configuration/ Ajout et Suppression de programmes

    Et supprime Yahoo Toolbar et toutes ses composantes
    Snagit Toolbar...

    Recherche aussi s'il n'y aurait pas des programmes qui te semblerais suspects ainsi que s'il y a des composantes de
    -Network Translation Service
    -runner1
    -zlgcnybqu
    -Roam Bash

    Et s'il y en a, supprime les!

    Ensuite, assure toi que ces malwares ne démarre plus avec Windows
    Ouvre le menu démarrer, Exécuter et tape: msconfig
    Va dans l'onglet Démarrage, puis vérifie les noms des programmes s'ils sont toujours la

    Ah tu peux aussi, faire un scan avec Spybot:
    Installe le complet(mise à jour incluse)
    Puis fait un scan, et supprime tout ce qu'il trouve!
    Télécharger ici: https://www.safer-networking.org/download/

    Une fois cela fait, passe un coup de balai à l'aide Ccleaner
    Télécharger ici: https://www.ccleaner.com/

    Refait un scan de Hijackthis puis repost le rapport ici.

    Bonne chance

    Et à l'avenir, utilise un navigateur comme firefox
    Télécharger ici: http://www.firefox.fr/windows.htm

    Ensuite, prévients l'infections avec Spywareblaster
    Télécharger ici: http://www.brightfort.com/spywareblaster.html

    Ne jamais naviguer sur internet tout nu, c'est à dire sans firewall(on EXCLUS le firewall de windows qui est une porte ouverte aux infections et autres attaques!!!)
    Télécharge Zone Alarme
    Télécharger ici: https://www.zonealarm.com/software/free-firewall
    (prendre la version gratuite :) ) (ne pas oublier de désactiver le firewall de windows avant d'utilisé ZA)

    Avec tout sa, bonne chance

    Dsl pour le poste précédent, J'avais accrocher la touche Enter ^^
    Je sais, c'est boulet mais c'est un accident xD
    0
    1. aminedu13 Messages postés 41 Statut Membre 7
       
      Pas de souci et surtout merci de m'aider

      resalut voici le log GMER





      GMER 1.0.14.14205 - http://www.gmer.net
      Rootkit scan 2008-04-03 04:00:47
      Windows 5.1.2600 Service Pack 2


      ---- System - GMER 1.0.14 ----

      SSDT 86D9B1A8 ZwConnectPort
      SSDT \??\C:\WINDOWS\yeTyezzd.sys ZwCreateKey [0xEFF0DA77]
      SSDT sptd.sys ZwEnumerateKey [0xF72B9E2C]
      SSDT sptd.sys ZwEnumerateValueKey [0xF72BA1BA]
      SSDT \??\C:\WINDOWS\yeTyezzd.sys ZwOpenKey [0xEFF0DB2B]
      SSDT sptd.sys ZwQueryKey [0xF72BA292]
      SSDT sptd.sys ZwQueryValueKey [0xF72BA112]
      SSDT sptd.sys ZwSetValueKey [0xF72BA324]
      SSDT \??\C:\WINDOWS\yeTyezzd.sys ZwTerminateProcess [0xEFF0F649]

      ---- Kernel code sections - GMER 1.0.14 ----

      ? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
      PAGE CLASSPNP.SYS!ClassInitialize + F4 F74E34B2 4 Bytes [ 7E, 68, 4F, 86 ]
      PAGE CLASSPNP.SYS!ClassInitialize + FF F74E34BD 4 Bytes [ 28, 14, 4F, 86 ]
      PAGE CLASSPNP.SYS!ClassInitialize + 10A F74E34C8 4 Bytes [ 90, 68, 4F, 86 ]
      PAGE CLASSPNP.SYS!ClassInitialize + 111 F74E34CF 4 Bytes [ 84, 68, 4F, 86 ]
      PAGE CLASSPNP.SYS!ClassInitialize + 118 F74E34D6 4 Bytes [ 8A, 68, 4F, 86 ]
      PAGE ...
      ? C:\WINDOWS\system32\drivers\Dkq40.sys Accès refusé.
      .text USBPORT.SYS!DllUnload F60E962C 5 Bytes JMP 86F96780
      ? System32\Drivers\a13pqzed.SYS Le fichier spécifié est introuvable. !
      .text yeTyezzd.sys EFF0D112 65 Bytes CALL EFF0D117 \??\C:\WINDOWS\yeTyezzd.sys
      .text yeTyezzd.sys EFF0D154 314 Bytes [ B5, 6B, 04, 00, 00, 56, 6A, ... ]
      .text yeTyezzd.sys EFF0D28F 9 Bytes CALL B9022008
      .text yeTyezzd.sys EFF0D299 339 Bytes CALL EFF0D2CA \??\C:\WINDOWS\yeTyezzd.sys
      .text yeTyezzd.sys EFF0D3ED 495 Bytes [ 00, 57, 8B, 4F, 04, 83, E9, ... ]
      .text ...
      .text C:\WINDOWS\yeTyezzd.sys section is writeable [0xEFF0D000, 0x7E58, 0xE8000020]
      ? C:\WINDOWS\yeTyezzd.sys Le fichier spécifié est introuvable.
      ? C:\WINDOWS\TEMP\mc26.tmp Le fichier spécifié est introuvable. !
      .text ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]

      ---- User code sections - GMER 1.0.14 ----

      .text C:\WINDOWS\System32\SCardSvr.exe[272] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\System32\SCardSvr.exe[272] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\System32\SCardSvr.exe[272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\System32\SCardSvr.exe[272] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\System32\SCardSvr.exe[272] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\System32\SCardSvr.exe[272] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\System32\SCardSvr.exe[272] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\System32\SCardSvr.exe[272] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe[360] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\mrofinu1535.exe[404] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\mrofinu1535.exe[404] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\mrofinu1535.exe[404] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\WINDOWS\mrofinu1535.exe[404] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\mrofinu1535.exe[404] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\mrofinu1535.exe[404] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE[420] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\nvsvc32.exe[684] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\nvsvc32.exe[684] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\nvsvc32.exe[684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\nvsvc32.exe[684] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\nvsvc32.exe[684] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\nvsvc32.exe[684] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\nvsvc32.exe[684] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\nvsvc32.exe[684] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\ctfmon.exe[752] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\ctfmon.exe[752] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\ctfmon.exe[752] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\WINDOWS\system32\ctfmon.exe[752] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\ctfmon.exe[752] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\ctfmon.exe[752] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\DAEMON Tools\daemon.exe[772] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\csrss.exe[780] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\csrss.exe[780] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\csrss.exe[780] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\csrss.exe[780] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\csrss.exe[780] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\winlogon.exe[804] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\winlogon.exe[804] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\winlogon.exe[804] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\services.exe[848] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\lsass.exe[860] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1028] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1064] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] user32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0E0F5A
      .text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] user32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Spyware Doctor\sdhelp.exe[1252] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\System32\svchost.exe[1276] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\System32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\System32\svchost.exe[1276] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\System32\svchost.exe[1276] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\System32\svchost.exe[1276] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\System32\svchost.exe[1276] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      ? C:\WINDOWS\System32\svchost.exe[1336] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll
      .text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\System32\svchost.exe[1336] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      ? C:\WINDOWS\System32\svchost.exe[1372] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
      .text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\System32\svchost.exe[1372] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1520] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\svchost.exe[1596] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1596] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\svchost.exe[1648] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[1676] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe[1684] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1732] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[1832] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe[1844] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\spoolsv.exe[1872] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\spoolsv.exe[1872] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\spoolsv.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\spoolsv.exe[1872] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\spoolsv.exe[1872] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\spoolsv.exe[1872] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\spoolsv.exe[1872] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\spoolsv.exe[1872] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe[2008] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[2080] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\system32\svchost.exe[2112] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\system32\svchost.exe[2112] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\system32\svchost.exe[2112] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\WINDOWS\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\system32\svchost.exe[2112] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowLongA 7E39D60D 5 Bytes JMP 445118EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowLongW 7E39D62B 5 Bytes JMP 4451191B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F1A0F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F160F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 445117EF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511770 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 445117B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 445116FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 44511736 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4451182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2268] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] USER32.dll!DispatchMessageA 7E3996B8 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F120F5A
      .text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F0E0F5A
      .text C:\Program Files\Spyware Doctor\swdoctor.exe[2372] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe[2408] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2668] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2784] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      ? C:\WINDOWS\System32\svchost.exe[2828] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: gdiplus.dllunknown module: OLEAUT32.dll
      .text C:\WINDOWS\System32\svchost.exe[2828] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\System32\svchost.exe[2828] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\System32\svchost.exe[2828] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\WINDOWS\System32\svchost.exe[2828] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100F5A
      .text C:\WINDOWS\System32\svchost.exe[2828] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\System32\svchost.exe[2828] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\System32\alg.exe[3096] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ]
      .text C:\WINDOWS\System32\alg.exe[3096] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 0E, 5F ]
      .text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
      .text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
      .text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
      .text C:\WINDOWS\System32\alg.exe[3096] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
      .text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F180F5A
      .text C:\WINDOWS\System32\alg.exe[3096] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F140F5A
      .text C:\WINDOWS\System32\alg.exe[3096] GDI32.dll!Escape 77F073BC 6 Bytes JMP 5F100
      0
  4. Utilisateur anonyme
     
    Bon, alors, Gmer t'a afficher des lignes en rouge...si oui ce sont des malwares/rootkits
    Alors tu n'as qu'à les supprimer...mais je ne vois rien d'anormal dans le log...

    Navigue dans les onglets de Gmer et vérifie s'il n'y a pas des processus cachés!!

    Sinon, reposte quand tu auras fini de faire les autres manip^^

    ++
    0
    1. aminedu13 Messages postés 41 Statut Membre 7
       
      resalut

      suis je obliger d'attendre la fin du scan aVG pour tenvoyer le scan hijacthis ensuite.


      merci de me repondre

      parcontre avec gmer je vois rien d'anormal.

      et di moi avec avg je pourai suprimer les virus mon pc ira mieu apres


      A+
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Non tu peux envoyer le log HJT tout de suite^^

    sauf que AVG n'aura p-e pas trouver les virus encores...

    Mais si tu as fait les autres manips( cocher les lignes de HJT par exemple...cela devrait déjà aller mieux!!)

    Étrange que Gmer n,est rien vu...très étrange même!

    Mais bon..envoi le log...et je l'analyse tout de suite et je te répond immédiatement par la suiute!
    0
    1. aminedu13 Messages postés 41 Statut Membre 7
       
      voila jai fai le log hijackthis


      Logfile of HijackThis v1.99.1
      Scan saved at 05:27:37, on 03/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\SCardSvr.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
      C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Spyware Doctor\sdhelp.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
      C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\Program Files\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Grisoft\AVG7\avgwb.dat
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
      O23 - Service: AVG7 Alert Manager Server (avg7alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (avg7updsvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (avgems) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

      merci
      0
  7. aminedu13 Messages postés 41 Statut Membre 7
     
    re

    au faite internet ne fonctionne toujours pas je communique avec toi grace a mon ordi portable et je transmet tou ce ke tu me di a travers une clef usb.

    merci de ton aide en esperant ke sa marche car la je fatigue lol.
    0
  8. Utilisateur anonyme
     
    Ah, j'ai oublié de te mentionner, désinstalle Norton Anti-virus....deux anti-virus ce n'est jamais bon!
    Et si tu veux garder Spyware Doctor...a toi de voir, mais c,est la même chose que les anti-virus!
    Donc Spybot ou Spyware Doctor...perso je conseil Spybot!

    O4 - HKCU\..\Run: [Roam Bash] C:\DOCUME~1\SAHRANE\APPLIC~1\BAGSFL~1\VGAAXIS.exe
    O23 - Service: Network Translation Service (NTS) - Unknown owner - C:\WINDOWS\nts.exe (file missing)

    Coche ces deux là...

    Par la suite, désinstalle les programmes nocifs, va dans Panneau de configuration/ Ajout et Suppression de programmes

    Et supprime Yahoo Toolbar et toutes ses composantes
    Snagit Toolbar...
    (si tu ne l'a pas déjà fait)

    Recherche aussi s'il n'y aurait pas des programmes qui te semblerais suspects ainsi que s'il y a des composantes de
    -Network Translation Service
    -runner1
    -zlgcnybqu
    -Roam Bash

    Et s'il y en a, supprime les!

    Va revoir aussi dans msconfig pour les programmes de démarrage puis Roam Bash est toujours là!
    et regarde par le fait même pour nts.exe

    Sinon tu feras un scan de Spybot, et supprimer tout ce qu'il trouve!

    Mais pour ta connexion internet qui ne marche toujours pas...tu peux essayer de réinstaller les composantes de ton FAI

    Je suppose que AVG n'a pas fini son scan encore???

    Répond moi puis va te coucher lol...moi aussi je commence à fatiguer...je vais attendre ta réponse

    Au pire tu peux continuer sa demain...

    ou...on se parle via msn et l'on en décide...perso j'ai rien contre...à toi de voir!
    0
    1. aminedu13 Messages postés 41 Statut Membre 7
       
      wech

      impossible de faire un scan spybot car il me demande de voir les mise a jour et vu ke jai pas internet sa fonctionne pas.donc jai fai une vaccination.pour le scan avg c toujour en cour.et jarrive pas a mettre zone alarm.


      tu peu m'expliker "réinstaller les composantes de ton FAI"



      merci de m'aider car c la galere.


      mon msn aminedu13@hotmail.com

      c'est bon jai coche roam bash et nts et puis jai fixer.

      AVG c 'est fini est la je fai koi ya ecrit threats found

      102947 ojects scanned
      1 errors

      puis ya un endroit ou on peu cliker display test configuration

      et virus statistic

      threat 3
      healed 0
      moved to virus vault 1
      deleted 0

      SCAN AGAIN CLOSE
      0
  9. Utilisateur anonyme
     
    Tu n'as qu'a envoyer un message privé pour éviter de mettre ton addresse sur le forum!

    (NB: petit rappel, clique sur mon pseudo et message privé^^)
    0