Besoin d'aide à propos d'un rootkit

Résolu
Ketmie -  
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Avg anti rootkit à trouver un hidden driver file ... system32\aj5mk0md.sys
Ce fichier reste invisible avec l'explorateur même en rendant l'affichage des fichiers cachés. Je trouve cela plutôt inquiétant.
J'ai lancé navilog1. A la vue du rapport joint faut-il que je lance la désinfection ?
Qu'en est-il de la possible infection Vundo dont le rapport fait état ?

Merci d'avance pour votre aide

Search Navipromo version 3.5.3 commencé le 12/04/2008 à 14:22:02,26

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "internet"

Mise à jour le 09.04.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\internet\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\internet\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\internet\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\internet\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\internet\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\hjkkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\kjkkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\nnnmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 12/04/2008 à 14:25:19,96 ***
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Salut,

Par définition, un rootkit reste toujours invisible via le gestionnaire de tâches, l'explorateur ou regedit.

1/ * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
* Un nouveau dossier chercher va être créé.
* Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
* Une fenêtre va s'ouvrir, choisis l'option 1
* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

2/ # Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

FillPCA
0
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Salut!
Merci pour ton aide

DiagHelp version v1.4 - http://www.malekal.com
excute le 12/04/2008 à 17:18:17,18


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->12/04/2008 17:17:37
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->12/04/2008 17:17:31
C:\WINDOWS\prefetch\IZARC.EXE-09F422F3.pf -->12/04/2008 17:15:10
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->12/04/2008 17:14:47
C:\WINDOWS\prefetch\FXSVR2.EXE-34D06B28.pf -->12/04/2008 17:14:26
C:\WINDOWS\prefetch\ALBUMDB2.EXE-1F918EF2.pf -->12/04/2008 17:14:26
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->12/04/2008 17:13:49
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->12/04/2008 17:09:34
C:\WINDOWS\prefetch\WINWORD.EXE-33AEA629.pf -->12/04/2008 17:04:48
C:\WINDOWS\prefetch\E_S10MT2.EXE-0E680929.pf -->12/04/2008 17:02:33

C:\WINDOWS\System32\drivers\fwdrv.err -->12/04/2008 13:53:45
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->29/03/2008 19:35:49
C:\WINDOWS\System32\drivers\aswmon2.sys -->29/03/2008 19:35:21
C:\WINDOWS\System32\drivers\aswSP.sys -->29/03/2008 19:31:34
C:\WINDOWS\System32\drivers\aswRdr.sys -->29/03/2008 19:29:08
C:\WINDOWS\System32\drivers\aswTdi.sys -->29/03/2008 19:27:33
C:\WINDOWS\System32\drivers\aavmker4.sys -->29/03/2008 19:26:52

C:\WINDOWS\System32\wpa.dbl -->12/04/2008 14:50:55
C:\WINDOWS\System32\nvapps.xml -->12/04/2008 14:50:30
C:\WINDOWS\System32\PerfStringBackup.INI -->11/04/2008 21:46:20
C:\WINDOWS\System32\perfh00C.dat -->11/04/2008 21:46:20
C:\WINDOWS\System32\perfh009.dat -->11/04/2008 21:46:20
C:\WINDOWS\System32\perfc00C.dat -->11/04/2008 21:46:20
C:\WINDOWS\System32\perfc009.dat -->11/04/2008 21:46:20
C:\WINDOWS\System32\FNTCACHE.DAT -->09/04/2008 11:43:09
C:\WINDOWS\System32\MRT.exe -->06/04/2008 07:56:20
C:\WINDOWS\System32\CONFIG.NT -->05/04/2008 09:47:49
C:\WINDOWS\System32\aswBoot.exe -->29/03/2008 19:45:49
C:\WINDOWS\System32\AVASTSS.scr -->29/03/2008 19:23:22
C:\WINDOWS\System32\SIntfNT.dll -->29/03/2008 11:16:23
C:\WINDOWS\System32\SIntf32.dll -->29/03/2008 11:16:23
C:\WINDOWS\System32\SIntf16.dll -->29/03/2008 11:16:23
C:\WINDOWS\System32\hjkkj.ini -->26/03/2008 13:14:17
C:\WINDOWS\System32\bmvbppkp.ini -->26/03/2008 13:13:49
C:\WINDOWS\System32\hjkkj.ini2 -->26/03/2008 13:12:00
C:\WINDOWS\System32\gdmyhpxt.ini -->25/03/2008 16:20:41
C:\WINDOWS\System32\clwmuijp.ini -->25/03/2008 14:59:58
C:\WINDOWS\System32\ttrindja.ini -->24/03/2008 16:19:21
C:\WINDOWS\System32\iwipvnug.ini -->23/03/2008 11:36:45
C:\WINDOWS\System32\skityxji.ini -->21/03/2008 18:17:22
C:\WINDOWS\System32\nwvmqkyc.ini -->21/03/2008 12:36:09
C:\WINDOWS\System32\win32k.sys -->20/03/2008 10:09:22

C:\WINDOWS\WindowsUpdate.log -->12/04/2008 17:18:15
C:\WINDOWS\setupapi.log -->12/04/2008 17:18:08
C:\WINDOWS\0.log -->12/04/2008 14:50:53
C:\WINDOWS\wiadebug.log -->12/04/2008 14:50:50
C:\WINDOWS\wiaservc.log -->12/04/2008 14:50:49
C:\WINDOWS\bootstat.dat -->12/04/2008 14:50:16
C:\WINDOWS\pfirewall.log -->12/04/2008 14:49:16
C:\WINDOWS\SchedLgU.Txt -->12/04/2008 14:49:10
C:\WINDOWS\win.ini -->12/04/2008 14:48:56
C:\WINDOWS\system.ini -->12/04/2008 14:48:56
C:\WINDOWS\QTFont.qfn -->10/04/2008 09:33:44
C:\WINDOWS\QTFont.for -->10/04/2008 09:33:44
C:\WINDOWS\NeroDigital.ini -->07/04/2008 14:13:04
C:\WINDOWS\Papier-peint-PhotoFiltre.bmp -->03/04/2008 16:38:58
C:\WINDOWS\tlc-fra.INI -->30/03/2008 12:52:23

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 188
Command line: explorer.exe

Base Size Version Path
0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x02310000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x024b0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x03400000 0x8000 8.04.0007.1034 D:\Program Files\Logitech\Video\AlbuDBps.dll
0x03410000 0x9b000 d:\PROGRA~1\IZArc\IZArcCM.dll
0x00d10000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 784
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01210000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 2425-E6DB

Répertoire de C:\WINDOWS\system

16/06/1995 03:03 4 160 QTNOTIFY.EXE
1 fichier(s) 4 160 octets
0 Rép(s) 17 793 650 688 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 2425-E6DB

Répertoire de C:\WINDOWS\system32

05/08/2004 14:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 17 793 650 688 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 2425-E6DB

Répertoire de C:\WINDOWS\Downloaded Program Files

14/03/2008 19:22 <REP> .
14/03/2008 19:22 <REP> ..
09/05/2007 14:28 65 desktop.ini
30/06/2006 13:00 29 616 dwusplay.dll
30/06/2006 13:00 201 648 dwusplay.exe
13/04/2007 02:14 382 344 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
11/09/2006 05:40 484 272 isusweb.dll
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
26/03/2007 16:46 5 085 swflash.inf
26/05/2005 04:19 291 wuweb.inf
9 fichier(s) 1 408 181 octets

Total des fichiers listés :
9 fichier(s) 1 408 181 octets
2 Rép(s) 17 793 650 688 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="D:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Disabled:Sunbelt Kerio Firewall GUI"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe"="C:\\Program Files\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe:*:Disabled:Media Manager for PSP 2.5"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Disabled:SightSpeed"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 eupdatepage.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 exeupdate.com
127.0.0.1 www.exeupdate.com
127.0.0.1 www.hotwinupdates.com
127.0.0.1 hotwinupdates.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 www.msupdate.net
127.0.0.1 msupdate.net
127.0.0.1 msupdater.net
127.0.0.1 www.msupdater.net
127.0.0.1 www.necessaryupdates.com
127.0.0.1 necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 securityupdatesite.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 www.systemupdates.net
127.0.0.1 systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 update.680180.net
127.0.0.1 update.shareaza.com
127.0.0.1 updatemysettings.com
127.0.0.1 www.updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 www.antispywareupdates.net
127.0.0.1 antispywareupdates.net
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 www.pandaantivirus-2007.com
127.0.0.1 www.pandadownload-now.com
127.0.0.1 pandadownload-now.com
127.0.0.1 www.panda-hq.com
127.0.0.1 panda-hq.com
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 17:20:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:6a,d7,47,4c,e9,aa,63,2c,d2,1e,b2,f8,f6,d3,5e,8b,46,e8,aa,b0,20,..
"p0"="d:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:f5,5f,ed,fe,a5,eb,a2,2b,b9,3a,73,0e,13,ba,02,3b,9c,19,e5,b1,b5,..
"p0"="d:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,55,47,b6,e2,e0,36,ca,1d,87,69,80,33,3a,09,20,6b,..
"khjeh"=hex:97,66,57,17,f9,bc,99,9e,88,54,db,37,58,93,46,c9,b9,06,bb,3a,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3d,85,29,78,4b,ef,14,24,8f,93,f5,cc,50,e9,8f,49,42,22,c7,65,fe,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:6a,d7,47,4c,e9,aa,63,2c,d2,1e,b2,f8,f6,d3,5e,8b,46,e8,aa,b0,20,..
"p0"="d:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:f5,5f,ed,fe,a5,eb,a2,2b,b9,3a,73,0e,13,ba,02,3b,9c,19,e5,b1,b5,..
"p0"="d:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,95,55,47,b6,e2,e0,36,ca,1d,87,69,80,33,3a,09,20,6b,..
"khjeh"=hex:97,66,57,17,f9,bc,99,9e,88,54,db,37,58,93,46,c9,b9,06,bb,3a,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3d,85,29,78,4b,ef,14,24,8f,93,f5,cc,50,e9,8f,49,42,22,c7,65,fe,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
188 - explorer.exe
456 - ashDisp.exe
660 - kpf4ss.exe
736 - MDM.EXE
760 - csrss.exe
764 - nvsvc32.exe
784 - winlogon.exe
828 - services.exe
840 - lsass.exe
1044 - svchost.exe
1112 - svchost.exe
1200 - svchost.exe
1240 - svchost.exe
1428 - svchost.exe
1504 - kpf4gui.exe
1556 - ashWebSv.exe
1640 - ashServ.exe
1924 - ashMaiSv.exe
1956 - spoolsv.exe
2076 - alg.exe
2216 - LVCOMSX.EXE
2604 - wuauclt.exe
2880 - cmd.exe
3216 - kpf4gui.exe
3308 - SpybotSD.exe

Total number of processes = 26
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806FD000 - \WINDOWS\system32\hal.dll
F8A36000 - \WINDOWS\system32\KDCOM.DLL
F8946000 - \WINDOWS\system32\BOOTVID.dll
F8418000 - spkx.sys
F8A38000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F8400000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F83D1000 - ACPI.sys
F83C0000 - pci.sys
F8536000 - isapnp.sys
F8A3A000 - avgarkt.sys
F8AFE000 - PCIIde.sys
F87B6000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS
F8A3C000 - intelide.sys
F8546000 - MountMgr.sys
F83A1000 - ftdisk.sys
F87BE000 - PartMgr.sys
F8556000 - VolSnap.sys
F8389000 - atapi.sys
F8566000 - disk.sys
F8576000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F8369000 - fltMgr.sys
F8357000 - sr.sys
F8341000 - drvmcdb.sys
F8586000 - PxHelp20.sys
F832A000 - KSecDD.sys
F8317000 - WudfPf.sys
F828A000 - Ntfs.sys
F825D000 - NDIS.sys
F8242000 - Mup.sys
F8596000 - agp440.sys
F8776000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F7770000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F775C000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F885E000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F7739000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F8866000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F8786000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F886E000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F76FC000 - \SystemRoot\system32\DRIVERS\serial.sys
F8A32000 - \SystemRoot\system32\DRIVERS\serenum.sys
F8876000 - \SystemRoot\system32\DRIVERS\fdc.sys
F76E8000 - \SystemRoot\system32\DRIVERS\parport.sys
F8796000 - \SystemRoot\system32\DRIVERS\imapi.sys
F87A6000 - \SystemRoot\System32\Drivers\cdrbsdrv.SYS
F821E000 - \SystemRoot\system32\drivers\pfc.sys
F85C6000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F85D6000 - \SystemRoot\system32\DRIVERS\redbook.sys
F76C5000 - \SystemRoot\system32\DRIVERS\ks.sys
F887E000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F7637000 - \SystemRoot\system32\drivers\smwdm.sys
F7613000 - \SystemRoot\system32\drivers\portcls.sys
F85F6000 - \SystemRoot\system32\drivers\drmk.sys
F75FB000 - \SystemRoot\system32\drivers\aeaudio.sys
F7594000 - \SystemRoot\System32\Drivers\atltpfs9.SYS
F8BC5000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8686000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F89DA000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F757D000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8696000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F86A6000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F88EE000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F756C000 - \SystemRoot\system32\DRIVERS\psched.sys
F86B6000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F88F6000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F88FE000 - \SystemRoot\system32\DRIVERS\raspti.sys
F86C6000 - \SystemRoot\System32\Drivers\pcouffin.sys
F86D6000 - \SystemRoot\system32\DRIVERS\termdd.sys
F8906000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F8A94000 - \SystemRoot\system32\DRIVERS\swenum.sys
F7473000 - \SystemRoot\system32\DRIVERS\update.sys
F89E2000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F86E6000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8706000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8A9A000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F8926000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F8AAA000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8B26000 - \SystemRoot\System32\Drivers\Null.SYS
F8AAC000 - \SystemRoot\System32\Drivers\Beep.SYS
F8B43000 - \SystemRoot\System32\DRIVERS\AvgArCln.sys
F8936000 - \SystemRoot\System32\drivers\vga.sys
F8AAE000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8AB0000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F62BA000 - \SystemRoot\system32\drivers\fwdrv.sys
F893E000 - \SystemRoot\System32\Drivers\Msfs.SYS
F87CE000 - \SystemRoot\System32\Drivers\Npfs.SYS
F820A000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F62A7000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F624F000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F8726000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F622E000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F6206000 - \SystemRoot\system32\DRIVERS\netbt.sys
F8736000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F61E4000 - \SystemRoot\System32\drivers\afd.sys
F8746000 - \SystemRoot\system32\DRIVERS\netbios.sys
F61B9000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F614A000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F6139000 - \SystemRoot\system32\drivers\khips.sys
F8756000 - \SystemRoot\System32\Drivers\Fips.SYS
F6123000 - \SystemRoot\System32\Drivers\aswSP.SYS
F87F6000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F87FE000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F85E6000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F8806000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F7AD4000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F8606000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F880E000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F8616000 - \SystemRoot\system32\drivers\lvusbsta.sys
F5F19000 - \SystemRoot\system32\DRIVERS\LVCM.sys
F5CFE000 - \SystemRoot\system32\DRIVERS\lvsvf2.sys
F8626000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
F8636000 - \SystemRoot\system32\drivers\usbaudio.sys
F89D2000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F5CE6000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8AB6000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F7463000 - \SystemRoot\System32\drivers\Dxapi.sys
F8816000 - \SystemRoot\System32\watchdog.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
F8C6C000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F884E000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
F5653000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F5031000 - \SystemRoot\System32\Drivers\aswMon2.SYS
F49C4000 - \SystemRoot\system32\drivers\wdmaud.sys
F4B59000 - \SystemRoot\system32\drivers\sysaudio.sys
F4783000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F8A92000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F4641000 - \SystemRoot\system32\DRIVERS\srv.sys
F60BB000 - \SystemRoot\system32\DRIVERS\secdrv.sys
F43D0000 - \SystemRoot\System32\Drivers\HTTP.sys
F438C000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F2EB7000 - \SystemRoot\system32\DRIVERS\yukonx86.sys
F8C3C000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 135

Liste des programmes installes

802.11 USB Wireless LAN Adapter
a-squared Free 3.1
a-squared HiJackFree 3.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2 - Français
Adobe Shockwave Player
Alexandra Ledermann 5
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
AVG Anti-Rootkit Free
Cars
CCleaner (remove only)
CodeStuff Starter
ConvertXtoDVD 2.99.9.600b
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB914440)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Creative DVD Audio Plugin for Audigy Series
DirectXInstallService
Disney Dingo Extrême Skateboarding
DivX
DVD Shrink 3.2
DVD Solution
EPSON Logiciel imprimante
Futuroscope Experience
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterVideo WinDVD 5
iTunes
IZArc 3.81
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Language pack for Ad-Aware SE
Lecteur Windows Media 11
Logiciel QuickCam de Logitech
Magic Video Converter Trial Version (English) 8.0.4.18
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 French Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB903235)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB941693)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB945553)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour de sécurité pour Windows XP (KB948590)
Mise à jour de sécurité pour Windows XP (KB948881)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB925720)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Mission Vétérinaire
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.9)
Mozilla Thunderbird (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Navilog1 3.5.3
Nero OEM
Norton™ Security Scan
NVIDIA Drivers
Opera 9.25
PC Inspector File Recovery
PhotoFiltre
Picasa 2
PowerDVD
PowerProducer
Programme de gestion Camera de Logitech®
PSP Max Media Manager
QuickTime
QuickTime 3.0
rayman2
RealPlayer
Scribus 1.3.3.8
Search Settings
SiSoftware Sandra Lite XII
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
Sonic Riders
Sony Media Manager for PSP 2.5
SoundMAX
Spybot - Search & Destroy
Sunbelt Kerio Personal Firewall
VCRedistSetup
WebFldrs XP
Windows Communication Foundation
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation
Windows Workflow Foundation FR Language Pack
WinHex
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 2425-E6DB

Répertoire de C:\Program Files

12/04/2008 14:18 <REP> .
12/04/2008 14:18 <REP> ..
15/02/2008 10:31 <REP> Adobe
23/03/2008 14:22 <REP> Ahead
10/05/2007 10:39 <REP> Analog Devices
19/08/2007 15:13 <REP> Apple Software Update
22/09/2007 15:39 <REP> AskPBar
10/03/2008 15:42 <REP> AviSynth 2.5
29/02/2008 16:51 <REP> BoontyGames
13/11/2007 20:02 <REP> Codemasters
09/05/2007 14:25 <REP> ComPlus Applications
10/03/2008 15:49 <REP> Conduit
19/03/2008 12:57 <REP> Creative
23/03/2008 14:18 <REP> CyberLink
18/03/2008 18:48 <REP> DivX
22/05/2007 09:35 <REP> EPSON
29/03/2008 18:54 <REP> Fichiers communs
10/03/2008 15:49 <REP> free-downloads.net
02/04/2008 10:05 <REP> Futuroscope Experience ADF
23/02/2008 14:06 <REP> Gamenext
12/01/2008 16:00 <REP> GamesBar
29/03/2008 19:17 <REP> Google
17/03/2008 00:18 <REP> InterActual
09/04/2008 11:30 <REP> Internet Explorer
19/03/2008 12:57 <REP> InterVideo
19/08/2007 15:16 <REP> iPod
15/10/2007 17:44 <REP> Java
30/03/2008 11:58 <REP> JS Star
04/12/2007 17:46 <REP> Lambda
22/09/2007 09:29 <REP> Lasermedia
10/05/2007 12:26 <REP> Logitech
09/05/2007 17:42 <REP> Messenger
22/09/2007 16:57 <REP> Messenger Plus! Live
09/05/2007 14:29 <REP> microsoft frontpage
21/07/2007 19:53 <REP> Microsoft Visual Studio
21/07/2007 19:53 <REP> Microsoft Works
21/07/2007 19:57 <REP> Microsoft.NET
30/11/2007 18:09 <REP> Mindscape
17/06/2007 18:28 <REP> Montparnasse Multimedia - GEO
18/11/2007 14:26 <REP> Movie Maker
12/04/2008 17:09 <REP> Mozilla Firefox
12/04/2008 17:04 <REP> Mozilla Thunderbird
14/01/2008 22:28 <REP> MSBuild
09/05/2007 22:05 <REP> MSN
09/05/2007 14:25 <REP> MSN Gaming Zone
17/02/2008 16:45 <REP> MSN Messenger
09/05/2007 19:22 <REP> MSXML 4.0
15/01/2008 20:54 <REP> MSXML 6.0
12/04/2008 14:25 <REP> Navilog1
09/05/2007 14:26 <REP> NetMeeting
04/04/2008 15:00 <REP> Norton Security Scan
09/05/2007 14:25 <REP> Online Services
30/03/2008 12:56 <REP> OpenOffice.org 2.0
18/03/2008 10:47 <REP> Outlook Express
17/12/2007 22:04 <REP> PhotoFiltre
10/04/2008 09:40 <REP> Picasa2
22/09/2007 16:26 <REP> Pidgin
17/08/2007 18:22 <REP> Playmobil
23/11/2007 16:07 <REP> QuickTime
06/09/2007 13:20 <REP> Real
14/01/2008 22:24 <REP> Reference Assemblies
20/01/2008 12:50 <REP> Search Settings
23/02/2008 13:43 <REP> Securitoo
24/01/2008 09:23 <REP> Sega
09/05/2007 14:27 <REP> Services en ligne
12/03/2008 17:10 15 397 settings.dat
14/03/2008 19:24 <REP> SmartSound Software
15/01/2008 22:27 <REP> Sony
30/05/2007 14:33 <REP> Styliste3
27/05/2007 10:57 <REP> THQ
18/11/2007 11:23 <REP> TLC
15/12/2007 12:12 <REP> Ubi Soft
15/12/2007 12:08 <REP> UbiSoft
11/03/2004 14:27 40 960 Uninstall_CDS.exe
17/01/2008 12:14 <REP> uTorrent
19/03/2008 17:47 <REP> VSO
09/05/2007 17:12 <REP> Wanadoo
22/09/2007 16:57 <REP> Windows Live
18/11/2007 14:26 <REP> Windows Media Connect 2
05/02/2008 13:26 <REP> Windows Media Player
09/05/2007 14:25 <REP> Windows NT
18/10/2007 15:23 <REP> WinHex
09/05/2007 14:29 <REP> xerox
2 fichier(s) 56 357 octets
81 Rép(s) 17 783 386 112 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 2425-E6DB

Répertoire de C:\Program Files\fichiers communs

29/03/2008 18:54 <REP> .
29/03/2008 18:54 <REP> ..
15/02/2008 10:31 <REP> Adobe
23/03/2008 14:22 <REP> Ahead
19/08/2007 15:13 <REP> Apple
29/02/2008 15:49 <REP> BOONTY Shared
21/07/2007 19:54 <REP> DESIGNER
09/05/2007 15:59 278 528 FDEUnInstaller.exe
14/03/2008 19:22 <REP> InstallShield
19/03/2008 13:01 <REP> InterVideo
19/05/2007 09:57 <REP> Java
10/05/2007 12:27 <REP> Logitech
14/01/2008 22:08 <REP> Microsoft Shared
09/05/2007 14:26 <REP> MSSoap
09/05/2007 16:13 <REP> ODBC
23/11/2007 11:37 <REP> PC SOFT
06/09/2007 13:20 <REP> Real
09/05/2007 14:26 <REP> Services
09/05/2007 16:13 <REP> SpeechEngines
14/03/2008 23:15 <REP> SureThing Shared
04/04/2008 18:12 <REP> Symantec Shared
21/07/2007 19:53 <REP> System
06/09/2007 13:20 <REP> xing shared
1 fichier(s) 278 528 octets
22 Rép(s) 17 783 382 016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 2425-E6DB

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

21/07/2007 19:54 <REP> .
21/07/2007 19:54 <REP> ..
21/07/2007 19:54 <REP> 1033
21/07/2007 19:54 <REP> 1036
11/07/2003 10:15 1 292 872 MSONSEXT.DLL
15/07/2003 06:52 35 896 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
5 fichier(s) 1 659 186 octets
4 Rép(s) 17 783 382 016 octets libres




c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Documents\Ma musique\marie2\lesoldatrose_setup.exe
c:\Documents and Settings\All Users\Documents\Ma musique\marie2\screensaver_soldatrose.exe
c:\Documents and Settings\All Users\Documents\marie\marie2\lesoldatrose_setup.exe
c:\Documents and Settings\All Users\Documents\marie\marie2\screensaver_soldatrose.exe
c:\Documents and Settings\All Users\Documents\psp\7368_psp_max_media_manager__convert___transfer_movies_to_psp_.exe
c:\Documents and Settings\All Users\Documents\psp\dotnetfx3setup.exe
c:\Documents and Settings\All Users\Documents\psp\MediaCenter120410.exe
c:\Documents and Settings\All Users\Documents\psp\mediamanager2.5_setup.exe
c:\Documents and Settings\All Users\Documents\psp\XviD4PSP_5026_full.exe
c:\Documents and Settings\All Users\Documents\psp\convertion\koyotesoft\Setup_FreeConverter.exe
c:\Documents and Settings\All Users\Documents\psp\convertion\PSPVideo9\psp-video_psp_video_9_1.74_francais_18025.exe
c:\Documents and Settings\All Users\Documents\téléchargement\adaware\a2AntiDialerSetup.exe
c:\Documents and Settings\All Users\Documents\téléchargement\adaware\a2HiJackFreeSetup.exe
c:\Documents and Settings\All Users\Documents\téléchargement\adaware\aaw2007.exe
c:\Documents and Settings\All Users\Documents\téléchargement\adaware\ad-aware_ad-aware_2007_7.0.2.5_anglais_12797.exe
c:\Documents and Settings\All Users\Documents\téléchargement\adaware\pllangs.exe
c:\Documents and Settings\All Users\Documents\téléchargement\advisor\advisor.exe
c:\Documents and Settings\All Users\Documents\téléchargement\aresregular\aresregular209_installer.exe
c:\Documents and Settings\All Users\Documents\téléchargement\avgAntirookIt\avgarkt-setup-1.1.0.42.exe
c:\Documents and Settings\All Users\Documents\téléchargement\belarcadvisor\belarc-advisor_belarc_advisor_7.2.20.7_anglais_18178.exe
c:\Documents and Settings\All Users\Documents\téléchargement\ccleaner\ccsetup206.exe
c:\Documents and Settings\All Users\Documents\téléchargement\conversionVideo\Setup_FreeVideoConverter.exe
c:\Documents and Settings\All Users\Documents\téléchargement\conversionVideo\super_super_v2007_build_23_anglais_19891.exe
c:\Documents and Settings\All Users\Documents\téléchargement\conversionVideo\ConvertXtoDVD\vsoConvertXtoDVD3_setup.exe
c:\Documents and Settings\All Users\Documents\téléchargement\conversionVideo\GSpot260RC1\GSpot.exe
c:\Documents and Settings\All Users\Documents\téléchargement\conversionVideo\mediacoder\MediaCoder-0.6.0.3798.exe
c:\Documents and Settings\All Users\Documents\téléchargement\conversionVideo\TMPGEnc-2.521.58.169-Free\TMPGEnc.exe
c:\Documents and Settings\All Users\Documents\téléchargement\DeepBurner\DeepBurner1.exe
c:\Documents and Settings\All Users\Documents\téléchargement\Framework .net\dotnetfx.exe
c:\Documents and Settings\All Users\Documents\téléchargement\gcompris\gcompris-8.3.2.exe
c:\Documents and Settings\All Users\Documents\téléchargement\gravure\Direct_CD_3.03a.exe
c:\Documents and Settings\All Users\Documents\téléchargement\gravure\fb_free.exe
c:\Documents and Settings\All Users\Documents\téléchargement\gravure\Setup_FreeBurner.exe
c:\Documents and Settings\All Users\Documents\téléchargement\icone\300_Icones.exe
c:\Documents and Settings\All Users\Documents\téléchargement\itune\iTunesSetup.exe
c:\Documents and Settings\All Users\Documents\téléchargement\Kerio\sunbelt-personal-firewall.exe
c:\Documents and Settings\All Users\Documents\téléchargement\Messenger\Install_Messenger.exe
c:\Documents and Settings\All Users\Documents\téléchargement\Messenger\MsgPlusLive-423.exe
c:\Documents and Settings\All Users\Documents\téléchargement\mozilla\Firefox Setup 2.0.0.9.exe
c:\Documents and Settings\All Users\Documents\téléchargement\mozilla\Thunderbird Setup 2.0.0.9.exe
c:\Documents and Settings\All Users\Documents\téléchargement\Shareaza\Shareaza 2.3.1.0 [Par Ratiatum.com].exe
c:\Documents and Settings\All Users\Documents\téléchargement\Tweak-XP\txp4trial.exe
c:\Documents and Settings\internet\Application Data\ezpinst.exe
c:\Documents and Settings\internet\Application Data\inst.exe
c:\Documents and Settings\internet\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
c:\Documents and Settings\internet\Application Data\Microsoft\Installer\{C619B312-19F3-460A-9F7B-443248379F18}\ARPPRODUCTICON.exe
c:\Documents and Settings\internet\Application Data\MSNInstaller\msnauins.exe
c:\Documents and Settings\internet\Application Data\Real\RealPlayer\Update\RealPlayer11GOLD.exe
c:\Documents and Settings\internet\Application Data\Sony Setup\46221573-1FC8-4EC3-B60C-85E1B8FBE4C6\langpack.exe
c:\Documents and Settings\internet\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\internet\Bureau\CxtMgrDlg.exe
c:\Documents and Settings\internet\Bureau\FileDigitalSignVerify.EXE
c:\Documents and Settings\internet\Bureau\PendMove.exe
c:\Documents and Settings\internet\Bureau\RenamePlus.EXE
c:\Documents and Settings\internet\Bureau\SREngPS.EXE
c:\Documents and Settings\internet\Bureau\TrayToolTipFix.exe
c:\Documents and Settings\internet\Bureau\WICleanupC.EXE
c:\Documents and Settings\internet\Bureau\WICleanupUI.EXE
c:\Documents and Settings\internet\Bureau\adrien\Bureau\3D_Ultra_Minigolf_Adventures-setup.exe
c:\Documents and Settings\internet\Bureau\adrien\Bureau\Alien_Stars-setup.exe
c:\Documents and Settings\internet\Bureau\adrien\Bureau\Chromadrome_2-setup(2).exe
c:\Documents and Settings\internet\Bureau\adrien\Bureau\Chromadrome_2-setup.exe
c:\Documents and Settings\internet\Bureau\adrien\Bureau\DirtBike.exe
c:\Documents and Settings\internet\Bureau\adrien\Bureau\Peggle-setup.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\internet\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\internet\Bureau\marie ancien\Bureau\marie\marie2\lesoldatrose_setup.exe
c:\Documents and Settings\internet\Bureau\marie ancien\Bureau\marie\marie2\screensaver_soldatrose.exe
c:\Documents and Settings\internet\Bureau\Outils et Sécurité\DSLtest20.exe
c:\Documents and Settings\internet\Bureau\tecktonik-girl\Bureau\minimoys\EmoticonesLove.exe
c:\Documents and Settings\internet\Bureau\tecktonik-girl\Bureau\tecktonik\gclkugs\lesoldatrose_setup.exe
c:\Documents and Settings\internet\Bureau\tecktonik-girl\Mes documents\Ma musique\lesoldatrose_setup.exe
c:\Documents and Settings\internet\Bureau\tecktonik-girl\Mes documents\Ma musique\screensaver_soldatrose.exe
c:\Documents and Settings\internet\Local Settings\Application Data\CDBurnerXP_Soft\cdbxpp.exe_Url_ibigjzvkuse2hwwr14gi0vqvafl5ifm4
c:\Documents and Settings\internet\Local Settings\Temp\NERO13823\Data\Redist\NL2WriteThrough.exe
c:\Documents and Settings\internet\Local Settings\Temp\nsr30.tmp\DivXComponentInstaller.exe
c:\Documents and Settings\internet\Local Settings\Temp\nsr30.tmp\LicenseActivator.exe
c:\Documents and Settings\internet\Local Settings\Temp\nsr76.tmp\DivXComponentInstaller.exe
c:\Documents and Settings\internet\Local Settings\Temp\nsr76.tmp\LicenseActivator.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_xxx.tar.gz a l'adresse http://upload.malekal.com





[CODE]

2008-04-12,17:33:31

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<PowerBar><> [N/A]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [N/A]
<Copernic Desktop Search 2><"d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<avast!><d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe > [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{85A9C42E-29DB-438A-8D09-A056493B9471}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebxxuv]
<WinlogonNotify: gebxxuv><gebxxuv.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<2425e674><; rundll32.exe "C:\WINDOWS\system32\ijxytiks.dll",b> [N/A]
<BM2716d5e8><; Rundll32.exe "C:\WINDOWS\system32\weihpxdx.dll",s> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools Lite><; "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DMXLauncher><; "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DW4><; "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<InCD><; C:\Program Files\Ahead\InCD\InCD.exe> [N/A]
<ISUSPM Startup><; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup> [InstallShield Software Corporation]
<iTunesHelper><; "D:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<LogitechSoftwareUpdate><; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<LogitechVideoRepair><; d:\Program Files\Logitech\Video\ISStart.exe > [Logitech Inc.]
<LogitechVideoTray><; d:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
<LVCOMSX><; C:\WINDOWS\system32\LVCOMSX.EXE> [Logitech Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Picasa Media Detector><; C:\Program Files\Picasa2\PicasaMediaDetector.exe> [(Verified)Google Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PowerBar><; "d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime> [Cyberlink, Corp.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<RemoteControl><; "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<RoxioDragToDisc><; "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"> [N/A]
<RoxWatchTray><; "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"> [N/A]
<SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<SoundMAXPnP><; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SpybotSD TeaTimer><; d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SpybotSnD><; "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose> [(Verified)Safer Networking Ltd.]
<TkBellExe><; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windows update loader><; C:\Windows\xpupdate.exe> [N/A]

==================================
Startup Folders
[Outil de mise à jour Google]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk --> C:\Program Files\Google\Google Updater\GoogleUpdater.exe [N/A]><N>

==================================
Services
[a-squared Free Service / a2free][Running/Auto Start]
<"d:\Program Files\a-squared Free\a2service.exe"><Emsi Software GmbH>
[Apple Mobile Device / Apple Mobile Device][Stopped/Disabled]
<"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"d:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service>&l
0
Réponse 2 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

1/ # Télécharge Vundofix (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
# Double-clique VundoFix.exe afin de le lancer.
# Clique sur le bouton Scan for Vundo.
# Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
# Une invite te demandera si tu veux supprimer les fichiers, clique YES.
# Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
# Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
# Copie/colle le contenu du rapport situé dans C:\vundofix.txt

2/ Télécharge et édite un rapport Hijackthis :
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

3/ Ré-édite un rapport SREng dans une autre réponse. Celui-ci était incomplet.

FilLPCA
0
Réponse 3 / 21
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Bonsoir,
Vundofix n'a pas trouvé de fichier infectieux.
j'espére que le rapport SREng est complet

une fenêtre s'affiche au démarrage de SREng :
system repair Engineer

Warning! System repair engineer remind you that following functions
have modified to abnormal values by unknown reasons :
Entrypoint Error : createprocesseA
“ “ : createprocessW
“ “ : createremotethread
“ “ : createthread
“ “ : WriteProcessMemory
“ “ : SetwindowsHookExa
“ “ :
SetWindowsHookExW

Détails -> ouvre une fenêtre "hapi hook detection reports "
avec un bouton "fix entry point error"

Merci de ton aide
Ketmie

=======================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:23, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\internet\Bureau\VERIFICATION\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12222777-BD3B-4D34-BED7-37F79F2F0B19} - (no file)
O2 - BHO: (no name) - {1308A366-B5A7-4E04-AF70-C0CAB161CBAE} - (no file)
O2 - BHO: (no name) - {18931A5B-D1FC-436A-A93E-A3298C082C84} - (no file)
O2 - BHO: (no name) - {1A2DFDCD-4D2A-4C71-A787-B88FC18284A3} - (no file)
O2 - BHO: {f5067e98-951c-8fe8-ad54-1d6f789e8c42} - {24c8e987-f6d1-45da-8ef8-c15989e7605f} - (no file)
O2 - BHO: (no name) - {49139752-B1DD-468B-862F-F92F31CBD5FA} - (no file)
O2 - BHO: (no name) - {4c5b44d9-aa3f-4287-b127-3e1579acfa6d} - (no file)
O2 - BHO: (no name) - {633DF5DD-610A-4A9C-936F-C4D6B22DE595} - (no file)
O2 - BHO: (no name) - {7523e0a7-a29b-44ca-8fe0-d3fdeea543ad} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {793fe1aa-3ef1-44f8-9caa-c2a828b094cc} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85A9C42E-29DB-438A-8D09-A056493B9471} - (no file)
O2 - BHO: (no name) - {930D9531-8829-4508-8015-10791031CB34} - (no file)
O2 - BHO: (no name) - {9D7140BF-46C7-4E9F-9CA7-037946D7FB87} - (no file)
O2 - BHO: (no name) - {A0341296-454F-4879-9A42-2B7C6CBCE10C} - (no file)
O2 - BHO: (no name) - {A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD} - (no file)
O2 - BHO: (no name) - {AC155E15-0D7B-4DD2-A003-B4D8DE853F44} - (no file)
O2 - BHO: (no name) - {AD236356-032D-44A3-B471-E7BDDC25CC19} - (no file)
O2 - BHO: (no name) - {AD463D78-62B1-4DE3-81D5-98358094B6FB} - (no file)
O2 - BHO: (no name) - {b259391c-3728-45b3-bb3a-9403011274cf} - (no file)
O2 - BHO: (no name) - {BEF5EDA7-C25D-45F5-B62F-30AB788053F0} - (no file)
O2 - BHO: (no name) - {CFC90FCC-B056-4469-9596-A0C9A3B4F1DB} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {E49FC034-9BE9-440F-830C-102FB31A07F7} - (no file)
O2 - BHO: (no name) - {E5EC2310-72B4-48B0-BFFA-568404C24DA8} - (no file)
O2 - BHO: (no name) - {E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC} - (no file)
O2 - BHO: (no name) - {F0C6DB6A-E85D-461C-9247-6C3B0AB75491} - (no file)
O2 - BHO: (no name) - {F2760264-23EE-4CAA-BEAA-E06FABF5287B} - (no file)
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2425e674] ; rundll32.exe "C:\WINDOWS\system32\ijxytiks.dll",b
O4 - HKLM\..\Run: [BM2716d5e8] ; Rundll32.exe "C:\WINDOWS\system32\weihpxdx.dll",s
O4 - HKLM\..\Run: [DMXLauncher] ; "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] ; "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechVideoRepair] ; d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] ; C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] ; C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] ; "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] ; "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] ; "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SpybotSnD] ; "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] ; "d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] ; d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows update loader] ; C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22C103E-6534-4EBF-9C10-5FD44EECFCD0}: NameServer = 80.10.246.1,80.10.246.132
O20 - Winlogon Notify: gebxxuv - gebxxuv.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\internet\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 4 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

Ta machine semble touchée.

* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
* Si tu ne le trouves pas, il est là : C:\ComboFix.txt

Edite aussi un nouveau rapport Hijackthis.

FillPCA
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
re

voici les 2 rapports
Merci
Ketmie


ComboFix 08-04-12.1 - internet 2008-04-12 23:11:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.226 [GMT 2:00]
Endroit: C:\Documents and Settings\internet\Bureau\VERIFICATION\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\menu.bat
C:\WINDOWS\BM2716d5e8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 17:21 . 2008-04-12 17:21 10,106,251 --a------ C:\upload_moi_FAMILLE-DAUGAN.tar.gz
2008-04-12 14:18 . 2008-04-12 19:55 <REP> d-------- C:\Program Files\Navilog1
2008-04-10 09:33 . 2008-04-10 09:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 09:33 . 2008-04-10 09:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 09:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 09:47 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-03 16:29 . 2008-04-03 16:38 3,932,214 --a------ C:\WINDOWS\Papier-peint-PhotoFiltre.bmp
2008-04-02 10:05 . 2008-04-02 10:05 <REP> d-------- C:\Program Files\Futuroscope Experience ADF
2008-03-31 18:33 . 2008-03-31 18:33 <REP> d-------- C:\Documents and Settings\internet\Application Data\.BitTornado
2008-03-29 17:27 . 2008-03-29 17:30 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-03-27 16:05 . 2008-03-27 16:48 1,681 --a------ C:\WINDOWS\[u]0[/u]
2008-03-27 16:05 . 2008-03-27 16:48 220 --a------ C:\WINDOWS\Faux
2008-03-27 16:05 . 2008-03-27 16:48 102 --a------ C:\WINDOWS\Times New Roman
2008-03-25 17:20 . 2008-03-26 13:13 1,254 ---hs---- C:\WINDOWS\system32\bmvbppkp.ini
2008-03-25 16:20 . 2008-03-25 16:20 1,014 ---hs---- C:\WINDOWS\system32\gdmyhpxt.ini
2008-03-25 14:16 . 2008-04-07 14:13 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-24 16:20 . 2008-03-25 14:59 954 ---hs---- C:\WINDOWS\system32\clwmuijp.ini
2008-03-23 16:18 . 2008-03-24 16:19 654 ---hs---- C:\WINDOWS\system32\ttrindja.ini
2008-03-23 14:22 . 2008-03-23 14:22 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-03-23 14:22 . 2008-03-23 14:22 <REP> d-------- C:\Program Files\Ahead
2008-03-23 14:22 . 2001-07-06 15:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-03-23 14:22 . 2001-07-06 13:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-03-23 14:22 . 2001-07-06 19:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-03-23 14:22 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-23 14:22 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-23 14:22 . 2001-06-26 09:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-03-23 14:19 . 2002-12-11 21:11 37,916 --a------ C:\WINDOWS\WMPrfFRA.prx
2008-03-23 14:18 . 2008-03-23 14:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-22 20:06 . 2008-03-22 20:06 100 --a------ C:\index.ini
2008-03-22 16:13 . 2008-03-23 11:36 534 ---hs---- C:\WINDOWS\system32\iwipvnug.ini
2008-03-21 19:12 . 2008-03-21 19:41 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-21 13:15 . 2008-03-21 18:17 3,354 ---hs---- C:\WINDOWS\system32\skityxji.ini
2008-03-19 22:06 . 2008-03-21 12:36 3,174 ---hs---- C:\WINDOWS\system32\nwvmqkyc.ini
2008-03-19 20:33 . 2008-03-19 20:33 294 ---hs---- C:\WINDOWS\system32\rpkencbp.ini
2008-03-19 17:47 . 2008-03-19 17:47 <REP> d-------- C:\Program Files\VSO
2008-03-19 17:47 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-19 17:47 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-19 17:47 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-19 17:47 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-19 17:47 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-19 13:10 . 2008-03-19 22:06 2,754 ---hs---- C:\WINDOWS\system32\bctahkus.ini
2008-03-19 13:02 . 2008-03-19 13:02 <REP> d-------- C:\Documents and Settings\internet\Application Data\InterVideo
2008-03-19 13:01 . 2008-03-19 13:01 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
2008-03-19 12:57 . 2008-03-19 12:57 <REP> d-------- C:\Program Files\InterVideo
2008-03-19 12:57 . 2008-03-19 12:57 <REP> d-------- C:\Program Files\Creative
2008-03-19 12:57 . 2003-01-27 17:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2008-03-19 12:57 . 2003-09-11 11:52 315,376 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-03-19 12:57 . 2003-07-14 17:49 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2008-03-19 12:57 . 2003-09-11 11:52 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2008-03-19 12:21 . 2008-03-19 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-18 23:22 . 2008-03-19 17:47 87,608 --a------ C:\Documents and Settings\internet\Application Data\inst.exe
2008-03-18 15:49 . 2004-05-26 07:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-03-18 15:49 . 2006-09-16 05:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-03-18 15:36 . 2008-03-18 15:42 <REP> d-------- C:\Documents and Settings\internet\Application Data\Pegasys Inc
2008-03-18 15:34 . 2008-03-18 15:33 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-03-18 15:34 . 2008-03-18 15:33 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-03-18 15:34 . 2008-03-18 15:33 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-03-18 13:07 . 2008-03-18 18:48 <REP> d-------- C:\Program Files\DivX
2008-03-16 23:23 . 2006-03-04 14:00 241,664 --a------ C:\WINDOWS\system32\drivers\c2scsi.sys
2008-03-16 22:11 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\internet\Application Data\DeepBurner
2008-03-16 20:52 . 2008-03-19 12:19 2,514 ---hs---- C:\WINDOWS\system32\mbrdpcks.ini
2008-03-15 19:36 . 2008-03-16 20:47 834 ---hs---- C:\WINDOWS\system32\bkiqxgpf.ini
2008-03-14 23:22 . 2008-03-17 00:18 <REP> d-------- C:\Program Files\InterActual
2008-03-14 23:15 . 2008-03-14 23:15 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared
2008-03-14 20:04 . 2008-03-14 22:34 1,049,096 --a------ C:\WINDOWS\pfirewall.log.old
2008-03-14 19:53 . 2008-03-14 23:25 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-14 19:53 . 2008-03-18 19:18 <REP> d-------- C:\Documents and Settings\internet\Application Data\Roxio
2008-03-14 19:42 . 2008-03-14 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-14 19:32 . 2008-03-18 19:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-14 19:24 . 2008-03-14 19:24 <REP> d-------- C:\Program Files\SmartSound Software
2008-03-14 19:24 . 2008-03-14 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-03-14 19:23 . 2008-03-14 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-14 19:21 . 2007-03-12 17:42 3,495,784 --------- C:\WINDOWS\system32\d3dx9_33.dll
2008-03-14 19:21 . 2007-03-12 17:42 1,123,696 --------- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-14 19:21 . 2007-03-15 17:57 443,752 --------- C:\WINDOWS\system32\d3dx10_33.dll
2008-03-14 17:43 . 2008-03-15 18:18 1,734 ---hs---- C:\WINDOWS\system32\vhdqighx.ini
2008-03-14 16:43 . 2008-03-14 16:43 <REP> d-------- C:\Documents and Settings\internet\Application Data\DAEMON Tools
2008-03-14 15:50 . 2008-04-12 21:45 <REP> d-------- C:\VundoFix Backups
2008-03-13 20:09 . 2008-04-11 21:39 <REP> d-------- C:\Documents and Settings\internet\Application Data\Vso
2008-03-13 20:09 . 2008-03-18 15:50 81,920 --a------ C:\Documents and Settings\internet\Application Data\ezpinst.exe
2008-03-13 20:09 . 2008-03-19 17:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-13 20:09 . 2008-03-19 17:47 47,360 --a------ C:\Documents and Settings\internet\Application Data\pcouffin.sys
2008-03-13 19:41 . 2008-03-13 19:44 145 --------- C:\WINDOWS\system32\installerror.dat
2008-03-13 18:35 . 2008-03-14 17:40 1,314 --------- C:\WINDOWS\system32\hormmisu.ini
2008-03-13 11:43 . 2008-03-13 11:43 <REP> d-------- C:\Documents and Settings\internet\Application Data\Nero
2008-03-13 11:35 . 2008-03-18 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-12 17:10 . 2008-03-12 17:10 15,397 --a------ C:\Program Files\settings.dat
2008-03-12 14:55 . 2008-03-12 14:55 <REP> d-------- C:\Documents and Settings\internet\Application Data\FinalBurner Video DVD
2008-03-12 12:25 . 2008-03-24 17:30 <REP> d-------- C:\Documents and Settings\internet\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 20:42 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-12 15:41 49,630 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-12 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 13:29 --------- d-----w C:\Documents and Settings\internet\Application Data\uTorrent
2008-04-10 07:40 --------- d-----w C:\Program Files\Picasa2
2008-04-05 17:23 --------- d-----w C:\Documents and Settings\internet\Application Data\U3
2008-04-04 16:12 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-04 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-31 16:33 --------- d-----w C:\Documents and Settings\internet\Application Data\.BitTornado
2008-03-30 10:56 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-03-30 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 09:58 --------- d-----w C:\Program Files\JS Star
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:17 --------- d-----w C:\Program Files\Google
2008-03-23 12:18 --------- d-----w C:\Program Files\CyberLink
2008-03-20 11:10 --------- d-----w C:\Documents and Settings\internet\Application Data\OpenOffice.org2
2008-03-14 17:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-10 13:49 --------- d-----w C:\Program Files\free-downloads.net
2008-03-10 13:49 --------- d-----w C:\Program Files\Conduit
2008-03-10 13:42 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-06 15:31 716,272 ------w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-29 14:51 --------- d-----w C:\Program Files\BoontyGames
2008-02-29 13:49 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-02-29 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-02-26 19:34 --------- d-----w C:\Documents and Settings\internet\Application Data\Azureus
2008-02-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-23 12:10 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-02-23 12:06 --------- d-----w C:\Program Files\Gamenext
2008-02-23 11:43 --------- d-----w C:\Program Files\Securitoo
2008-02-17 14:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-15 08:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 17:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-09 13:59 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-09-29 12:56 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12222777-BD3B-4D34-BED7-37F79F2F0B19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1308A366-B5A7-4E04-AF70-C0CAB161CBAE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18931A5B-D1FC-436A-A93E-A3298C082C84}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A2DFDCD-4D2A-4C71-A787-B88FC18284A3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24c8e987-f6d1-45da-8ef8-c15989e7605f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49139752-B1DD-468B-862F-F92F31CBD5FA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c5b44d9-aa3f-4287-b127-3e1579acfa6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{633DF5DD-610A-4A9C-936F-C4D6B22DE595}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7523e0a7-a29b-44ca-8fe0-d3fdeea543ad}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{793fe1aa-3ef1-44f8-9caa-c2a828b094cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930D9531-8829-4508-8015-10791031CB34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D7140BF-46C7-4E9F-9CA7-037946D7FB87}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0341296-454F-4879-9A42-2B7C6CBCE10C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC155E15-0D7B-4DD2-A003-B4D8DE853F44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD236356-032D-44A3-B471-E7BDDC25CC19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD463D78-62B1-4DE3-81D5-98358094B6FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b259391c-3728-45b3-bb3a-9403011274cf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF5EDA7-C25D-45F5-B62F-30AB788053F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC90FCC-B056-4469-9596-A0C9A3B4F1DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 12:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E49FC034-9BE9-440F-830C-102FB31A07F7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5EC2310-72B4-48B0-BFFA-568404C24DA8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0C6DB6A-E85D-461C-9247-6C3B0AB75491}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2760264-23EE-4CAA-BEAA-E06FABF5287B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"PowerBar"="d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Copernic Desktop Search 2"="d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [ ]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"SpybotSD TeaTimer"="d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"2425e674"="C:\WINDOWS\system32\ijxytiks.dll" [ ]
"BM2716d5e8"="C:\WINDOWS\system32\weihpxdx.dll" [ ]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [ ]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50 221184]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"LogitechVideoRepair"="d:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="d:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"RemoteControl"="d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [ ]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SpybotSnD"="D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 13:20 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxxuv]
gebxxuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^internet^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=C:\Documents and Settings\internet\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe"=
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6653:TCP"= 6653:TCP:*:Disabled:Port TCP emule
"47071:UDP"= 47071:UDP:*:Disabled:Port UDP d'emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 10:56]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 10:56]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-23 00:32]
S1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 14:00]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\internet\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-02-29 15:49]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59b8104-1013-11dc-8b32-00112fda7a70}]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59b8105-1013-11dc-8b32-00112fda7a70}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-01 12:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 23:18:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-12 23:22:17 - machine was rebooted [internet]
ComboFix-quarantined-files.txt 2008-04-12 21:22:06
Pre-Run: 17,639,026,688 octets libres
Post-Run: 17,564,037,120 octets libres
.
2008-04-11 19:47:38 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:10, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\internet\Bureau\VERIFICATION\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12222777-BD3B-4D34-BED7-37F79F2F0B19} - (no file)
O2 - BHO: (no name) - {1308A366-B5A7-4E04-AF70-C0CAB161CBAE} - (no file)
O2 - BHO: (no name) - {18931A5B-D1FC-436A-A93E-A3298C082C84} - (no file)
O2 - BHO: (no name) - {1A2DFDCD-4D2A-4C71-A787-B88FC18284A3} - (no file)
O2 - BHO: {f5067e98-951c-8fe8-ad54-1d6f789e8c42} - {24c8e987-f6d1-45da-8ef8-c15989e7605f} - (no file)
O2 - BHO: (no name) - {49139752-B1DD-468B-862F-F92F31CBD5FA} - (no file)
O2 - BHO: (no name) - {4c5b44d9-aa3f-4287-b127-3e1579acfa6d} - (no file)
O2 - BHO: (no name) - {633DF5DD-610A-4A9C-936F-C4D6B22DE595} - (no file)
O2 - BHO: (no name) - {7523e0a7-a29b-44ca-8fe0-d3fdeea543ad} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {793fe1aa-3ef1-44f8-9caa-c2a828b094cc} - (no file)
O2 - BHO: (no name) - {930D9531-8829-4508-8015-10791031CB34} - (no file)
O2 - BHO: (no name) - {9D7140BF-46C7-4E9F-9CA7-037946D7FB87} - (no file)
O2 - BHO: (no name) - {A0341296-454F-4879-9A42-2B7C6CBCE10C} - (no file)
O2 - BHO: (no name) - {A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD} - (no file)
O2 - BHO: (no name) - {AC155E15-0D7B-4DD2-A003-B4D8DE853F44} - (no file)
O2 - BHO: (no name) - {AD236356-032D-44A3-B471-E7BDDC25CC19} - (no file)
O2 - BHO: (no name) - {AD463D78-62B1-4DE3-81D5-98358094B6FB} - (no file)
O2 - BHO: (no name) - {b259391c-3728-45b3-bb3a-9403011274cf} - (no file)
O2 - BHO: (no name) - {BEF5EDA7-C25D-45F5-B62F-30AB788053F0} - (no file)
O2 - BHO: (no name) - {CFC90FCC-B056-4469-9596-A0C9A3B4F1DB} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: (no name) - {E49FC034-9BE9-440F-830C-102FB31A07F7} - (no file)
O2 - BHO: (no name) - {E5EC2310-72B4-48B0-BFFA-568404C24DA8} - (no file)
O2 - BHO: (no name) - {E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC} - (no file)
O2 - BHO: (no name) - {F0C6DB6A-E85D-461C-9247-6C3B0AB75491} - (no file)
O2 - BHO: (no name) - {F2760264-23EE-4CAA-BEAA-E06FABF5287B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2425e674] ; rundll32.exe "C:\WINDOWS\system32\ijxytiks.dll",b
O4 - HKLM\..\Run: [BM2716d5e8] ; Rundll32.exe "C:\WINDOWS\system32\weihpxdx.dll",s
O4 - HKLM\..\Run: [DMXLauncher] ; "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] ; "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] ; d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] ; C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] ; C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] ; "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] ; "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] ; "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SpybotSnD] ; "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] ; "d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] ; d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22C103E-6534-4EBF-9C10-5FD44EECFCD0}: NameServer = 80.10.246.1,80.10.246.132
O20 - Winlogon Notify: gebxxuv - gebxxuv.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\internet\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 6 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Bonjour,

1/ * Sélectionne le texte suivant :

Driver::
SessionLauncher

Registry::
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1308A366-B5A7-4E04-AF70-C0CAB161CBAE}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18931A5B-D1FC-436A-A93E-A3298C082C84}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A2DFDCD-4D2A-4C71-A787-B88FC18284A3}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5067e98-951c-8fe8-ad54-1d6f789e8c42}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49139752-B1DD-468B-862F-F92F31CBD5FA}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c5b44d9-aa3f-4287-b127-3e1579acfa6d}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{633DF5DD-610A-4A9C-936F-C4D6B22DE595}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7523e0a7-a29b-44ca-8fe0-d3fdeea543ad}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{793fe1aa-3ef1-44f8-9caa-c2a828b094cc}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12222777-BD3B-4D34-BED7-37F79F2F0B19}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930D9531-8829-4508-8015-10791031CB34}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D7140BF-46C7-4E9F-9CA7-037946D7FB87}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0341296-454F-4879-9A42-2B7C6CBCE10C}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC155E15-0D7B-4DD2-A003-B4D8DE853F44}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD236356-032D-44A3-B471-E7BDDC25CC19}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD463D78-62B1-4DE3-81D5-98358094B6FB}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b259391c-3728-45b3-bb3a-9403011274cf}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEF5EDA7-C25D-45F5-B62F-30AB788053F0}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFC90FCC-B056-4469-9596-A0C9A3B4F1DB}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E49FC034-9BE9-440F-830C-102FB31A07F7}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5EC2310-72B4-48B0-BFFA-568404C24DA8}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0C6DB6A-E85D-461C-9247-6C3B0AB75491}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2760264-23EE-4CAA-BEAA-E06FABF5287B}]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2425e674"=-
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM2716d5e8"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebxxuv]

File::
C:\WINDOWS\system32\bmvbppkp.ini
C:\WINDOWS\system32\gdmyhpxt.ini
C:\WINDOWS\system32\clwmuijp.ini
C:\WINDOWS\system32\ttrindja.ini
C:\WINDOWS\system32\iwipvnug.ini
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\system32\skityxji.ini
C:\WINDOWS\system32\nwvmqkyc.ini
C:\WINDOWS\system32\rpkencbp.ini
C:\WINDOWS\system32\mbrdpcks.ini
C:\WINDOWS\system32\bkiqxgpf.ini
C:\WINDOWS\system32\vhdqighx.ini
C:\WINDOWS\system32\ijxytiks.dll
C:\WINDOWS\system32\weihpxdx.dll

Folder::
C:\Program Files\Search Settings

DirLook::
C:\WINDOWS\0

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img443.imageshack.us/img443/1839/cfscriptgo1.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Edite aussi un rapport Hijackthis.

FillPCA
0
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour,

Voici les rapports

Merci
Ketmie

P. S.
dans la version de ComboFix que j'ai téléchargé il existe une différence dans l'interface :
* Une fenêtre bleue va apparaître: (au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.)
-> une fenêtre propose lien vers info sur ComboFix
-> boutons Oui (continuer) Non (Stoper)

==========================
ComboFix 08-04-12.1 - internet 2008-04-13 11:06:19.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.226 [GMT 2:00]
Endroit: C:\Documents and Settings\internet\Bureau\VERIFICATION\ComboFix.exe
Command switches used :: C:\Documents and Settings\internet\Bureau\cfscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color

FILE ::
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\system32\bkiqxgpf.ini
C:\WINDOWS\system32\bmvbppkp.ini
C:\WINDOWS\system32\clwmuijp.ini
C:\WINDOWS\system32\gdmyhpxt.ini
C:\WINDOWS\system32\ijxytiks.dll
C:\WINDOWS\system32\iwipvnug.ini
C:\WINDOWS\system32\mbrdpcks.ini
C:\WINDOWS\system32\nwvmqkyc.ini
C:\WINDOWS\system32\rpkencbp.ini
C:\WINDOWS\system32\skityxji.ini
C:\WINDOWS\system32\ttrindja.ini
C:\WINDOWS\system32\vhdqighx.ini
C:\WINDOWS\system32\weihpxdx.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\internet\Application Data\inst.exe
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
C:\Program Files\Search Settings\kb125\res\help.gif
C:\Program Files\Search Settings\kb125\res\pixel.gif
C:\Program Files\Search Settings\kb125\res\tab_icon.png
C:\Program Files\Search Settings\kb125\res\tabdata.js
C:\Program Files\Search Settings\kb125\res\tablib.js
C:\Program Files\Search Settings\kb125\res\tabwelcome_en.html
C:\Program Files\Search Settings\kb125\res\toolbar_background.gif
C:\Program Files\Search Settings\kb125\res\vista_directions.png
C:\Program Files\Search Settings\kb125\res\xp_directions.png
C:\Program Files\Search Settings\kb125\res\yahoo_search.gif
C:\Program Files\Search Settings\kb125\SearchSettings.dll
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\bkiqxgpf.ini
C:\WINDOWS\system32\bmvbppkp.ini
C:\WINDOWS\system32\clwmuijp.ini
C:\WINDOWS\system32\gdmyhpxt.ini
C:\WINDOWS\system32\iwipvnug.ini
C:\WINDOWS\system32\mbrdpcks.ini
C:\WINDOWS\system32\nwvmqkyc.ini
C:\WINDOWS\system32\rpkencbp.ini
C:\WINDOWS\system32\skityxji.ini
C:\WINDOWS\system32\ttrindja.ini
C:\WINDOWS\system32\vhdqighx.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 17:21 . 2008-04-12 17:21 10,106,251 --a------ C:\upload_moi_FAMILLE-DAUGAN.tar.gz
2008-04-12 14:18 . 2008-04-12 19:55 <REP> d-------- C:\Program Files\Navilog1
2008-04-10 09:33 . 2008-04-10 09:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 09:33 . 2008-04-10 09:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 09:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 09:47 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-03 16:29 . 2008-04-03 16:38 3,932,214 --a------ C:\WINDOWS\Papier-peint-PhotoFiltre.bmp
2008-04-02 10:05 . 2008-04-02 10:05 <REP> d-------- C:\Program Files\Futuroscope Experience ADF
2008-03-31 18:33 . 2008-03-31 18:33 <REP> d-------- C:\Documents and Settings\internet\Application Data\.BitTornado
2008-03-29 17:27 . 2008-03-29 17:30 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-03-27 16:05 . 2008-03-27 16:48 1,681 --a------ C:\WINDOWS\[u]0/u
2008-03-27 16:05 . 2008-03-27 16:48 220 --a------ C:\WINDOWS\Faux
2008-03-27 16:05 . 2008-03-27 16:48 102 --a------ C:\WINDOWS\Times New Roman
2008-03-25 14:16 . 2008-04-07 14:13 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-23 14:22 . 2008-03-23 14:22 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-03-23 14:22 . 2008-03-23 14:22 <REP> d-------- C:\Program Files\Ahead
2008-03-23 14:22 . 2001-07-06 15:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-03-23 14:22 . 2001-07-06 13:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-03-23 14:22 . 2001-07-06 19:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-03-23 14:22 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-23 14:22 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-23 14:22 . 2001-06-26 09:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-03-23 14:19 . 2002-12-11 21:11 37,916 --a------ C:\WINDOWS\WMPrfFRA.prx
2008-03-23 14:18 . 2008-03-23 14:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-22 20:06 . 2008-03-22 20:06 100 --a------ C:\index.ini
2008-03-21 19:12 . 2008-03-21 19:41 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-19 17:47 . 2008-03-19 17:47 <REP> d-------- C:\Program Files\VSO
2008-03-19 17:47 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-19 17:47 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-19 17:47 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-19 17:47 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-19 17:47 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-19 13:10 . 2008-03-19 22:06 2,754 ---hs---- C:\WINDOWS\system32\bctahkus.ini
2008-03-19 13:02 . 2008-03-19 13:02 <REP> d-------- C:\Documents and Settings\internet\Application Data\InterVideo
2008-03-19 13:01 . 2008-03-19 13:01 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
2008-03-19 12:57 . 2008-03-19 12:57 <REP> d-------- C:\Program Files\InterVideo
2008-03-19 12:57 . 2008-03-19 12:57 <REP> d-------- C:\Program Files\Creative
2008-03-19 12:57 . 2003-01-27 17:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2008-03-19 12:57 . 2003-09-11 11:52 315,376 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-03-19 12:57 . 2003-07-14 17:49 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2008-03-19 12:57 . 2003-09-11 11:52 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2008-03-19 12:21 . 2008-03-19 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-18 15:49 . 2004-05-26 07:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-03-18 15:49 . 2006-09-16 05:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-03-18 15:36 . 2008-03-18 15:42 <REP> d-------- C:\Documents and Settings\internet\Application Data\Pegasys Inc
2008-03-18 15:34 . 2008-03-18 15:33 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-03-18 15:34 . 2008-03-18 15:33 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-03-18 15:34 . 2008-03-18 15:33 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-03-18 13:07 . 2008-03-18 18:48 <REP> d-------- C:\Program Files\DivX
2008-03-16 23:23 . 2006-03-04 14:00 241,664 --a------ C:\WINDOWS\system32\drivers\c2scsi.sys
2008-03-16 22:11 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\internet\Application Data\DeepBurner
2008-03-14 23:22 . 2008-03-17 00:18 <REP> d-------- C:\Program Files\InterActual
2008-03-14 23:15 . 2008-03-14 23:15 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared
2008-03-14 20:04 . 2008-03-14 22:34 1,049,096 --a------ C:\WINDOWS\pfirewall.log.old
2008-03-14 19:53 . 2008-03-14 23:25 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-14 19:53 . 2008-03-18 19:18 <REP> d-------- C:\Documents and Settings\internet\Application Data\Roxio
2008-03-14 19:42 . 2008-03-14 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-14 19:32 . 2008-03-18 19:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-14 19:24 . 2008-03-14 19:24 <REP> d-------- C:\Program Files\SmartSound Software
2008-03-14 19:24 . 2008-03-14 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-03-14 19:23 . 2008-03-14 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-14 19:21 . 2007-03-12 17:42 3,495,784 --------- C:\WINDOWS\system32\d3dx9_33.dll
2008-03-14 19:21 . 2007-03-12 17:42 1,123,696 --------- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-14 19:21 . 2007-03-15 17:57 443,752 --------- C:\WINDOWS\system32\d3dx10_33.dll
2008-03-14 16:43 . 2008-03-14 16:43 <REP> d-------- C:\Documents and Settings\internet\Application Data\DAEMON Tools
2008-03-14 15:50 . 2008-04-12 21:45 <REP> d-------- C:\VundoFix Backups
2008-03-13 20:09 . 2008-04-11 21:39 <REP> d-------- C:\Documents and Settings\internet\Application Data\Vso
2008-03-13 20:09 . 2008-03-18 15:50 81,920 --a------ C:\Documents and Settings\internet\Application Data\ezpinst.exe
2008-03-13 20:09 . 2008-03-19 17:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-13 20:09 . 2008-03-19 17:47 47,360 --a------ C:\Documents and Settings\internet\Application Data\pcouffin.sys
2008-03-13 19:41 . 2008-03-13 19:44 145 --------- C:\WINDOWS\system32\installerror.dat
2008-03-13 18:35 . 2008-03-14 17:40 1,314 --------- C:\WINDOWS\system32\hormmisu.ini
2008-03-13 11:43 . 2008-03-13 11:43 <REP> d-------- C:\Documents and Settings\internet\Application Data\Nero
2008-03-13 11:35 . 2008-03-18 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 21:26 49,760 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-12 20:42 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-12 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 13:29 --------- d-----w C:\Documents and Settings\internet\Application Data\uTorrent
2008-04-10 07:40 --------- d-----w C:\Program Files\Picasa2
2008-04-05 17:23 --------- d-----w C:\Documents and Settings\internet\Application Data\U3
2008-04-04 16:12 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-04 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-31 16:33 --------- d-----w C:\Documents and Settings\internet\Application Data\.BitTornado
2008-03-30 10:56 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-03-30 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 09:58 --------- d-----w C:\Program Files\JS Star
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-29 17:17 --------- d-----w C:\Program Files\Google
2008-03-29 09:16 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-29 09:16 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-29 09:16 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-24 15:30 --------- d-----w C:\Documents and Settings\internet\Application Data\CyberLink
2008-03-23 12:18 --------- d-----w C:\Program Files\CyberLink
2008-03-20 11:10 --------- d-----w C:\Documents and Settings\internet\Application Data\OpenOffice.org2
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\win32k.sys
2008-03-14 17:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-12 15:10 15,397 ----a-w C:\Program Files\settings.dat
2008-03-12 12:55 --------- d-----w C:\Documents and Settings\internet\Application Data\FinalBurner Video DVD
2008-03-10 13:49 --------- d-----w C:\Program Files\free-downloads.net
2008-03-10 13:49 --------- d-----w C:\Program Files\Conduit
2008-03-10 13:42 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-06 15:31 716,272 ------w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 14:51 --------- d-----w C:\Program Files\BoontyGames
2008-02-29 13:49 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-02-29 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-02-26 19:34 --------- d-----w C:\Documents and Settings\internet\Application Data\Azureus
2008-02-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-23 12:10 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-02-23 12:06 --------- d-----w C:\Program Files\Gamenext
2008-02-23 11:54 81,920 ------w C:\WINDOWS\system32\W32N50.dll
2008-02-23 11:54 17,134 ------w C:\WINDOWS\system32\PCANDIS5.sys
2008-02-23 11:43 --------- d-----w C:\Program Files\Securitoo
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 14:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-15 08:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-05-09 13:59 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-09-29 12:56 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\[u]0/u ----

C:\WINDOWS\[u]0/u\


((((((((((((((((((((((((((((( snapshot@2008-04-12_23.21.06.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 08:51:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_654.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"PowerBar"="d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Copernic Desktop Search 2"="d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [ ]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"SpybotSD TeaTimer"="d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"2425e674"="C:\WINDOWS\system32\ijxytiks.dll" [ ]
"BM2716d5e8"="C:\WINDOWS\system32\weihpxdx.dll" [ ]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [ ]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50 221184]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"LogitechVideoRepair"="d:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="d:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"RemoteControl"="d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [ ]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SpybotSnD"="D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 12:43 5146448]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 13:20 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^internet^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=C:\Documents and Settings\internet\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe"=
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6653:TCP"= 6653:TCP:*:Disabled:Port TCP emule
"47071:UDP"= 47071:UDP:*:Disabled:Port UDP d'emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 10:56]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 10:56]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 14:00]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\internet\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-02-29 15:49]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-23 00:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59b8104-1013-11dc-8b32-00112fda7a70}]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59b8105-1013-11dc-8b32-00112fda7a70}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-01 12:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 11:11:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-13 11:12:51
ComboFix-quarantined-files.txt 2008-04-13 09:12:43
ComboFix2.txt 2008-04-12 21:22:19
Pre-Run: 17,538,904,064 octets libres
Post-Run: 17,526,767,616 octets libres
.
2008-04-11 19:47:38 --- E O F ---


==========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:48, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\internet\Bureau\VERIFICATION\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12222777-BD3B-4D34-BED7-37F79F2F0B19} - (no file)
O2 - BHO: (no name) - {1308A366-B5A7-4E04-AF70-C0CAB161CBAE} - (no file)
O2 - BHO: (no name) - {18931A5B-D1FC-436A-A93E-A3298C082C84} - (no file)
O2 - BHO: (no name) - {1A2DFDCD-4D2A-4C71-A787-B88FC18284A3} - (no file)
O2 - BHO: (no name) - {24c8e987-f6d1-45da-8ef8-c15989e7605f} - (no file)
O2 - BHO: (no name) - {49139752-B1DD-468B-862F-F92F31CBD5FA} - (no file)
O2 - BHO: (no name) - {4c5b44d9-aa3f-4287-b127-3e1579acfa6d} - (no file)
O2 - BHO: (no name) - {633DF5DD-610A-4A9C-936F-C4D6B22DE595} - (no file)
O2 - BHO: (no name) - {7523e0a7-a29b-44ca-8fe0-d3fdeea543ad} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {793fe1aa-3ef1-44f8-9caa-c2a828b094cc} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85A9C42E-29DB-438A-8D09-A056493B9471} - (no file)
O2 - BHO: (no name) - {930D9531-8829-4508-8015-10791031CB34} - (no file)
O2 - BHO: (no name) - {9D7140BF-46C7-4E9F-9CA7-037946D7FB87} - (no file)
O2 - BHO: (no name) - {A0341296-454F-4879-9A42-2B7C6CBCE10C} - (no file)
O2 - BHO: (no name) - {A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AC155E15-0D7B-4DD2-A003-B4D8DE853F44} - (no file)
O2 - BHO: (no name) - {AD236356-032D-44A3-B471-E7BDDC25CC19} - (no file)
O2 - BHO: (no name) - {AD463D78-62B1-4DE3-81D5-98358094B6FB} - (no file)
O2 - BHO: (no name) - {b259391c-3728-45b3-bb3a-9403011274cf} - (no file)
O2 - BHO: (no name) - {BEF5EDA7-C25D-45F5-B62F-30AB788053F0} - (no file)
O2 - BHO: (no name) - {CFC90FCC-B056-4469-9596-A0C9A3B4F1DB} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {E49FC034-9BE9-440F-830C-102FB31A07F7} - (no file)
O2 - BHO: (no name) - {E5EC2310-72B4-48B0-BFFA-568404C24DA8} - (no file)
O2 - BHO: (no name) - {E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC} - (no file)
O2 - BHO: (no name) - {F0C6DB6A-E85D-461C-9247-6C3B0AB75491} - (no file)
O2 - BHO: (no name) - {F2760264-23EE-4CAA-BEAA-E06FABF5287B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2425e674] ; rundll32.exe "C:\WINDOWS\system32\ijxytiks.dll",b
O4 - HKLM\..\Run: [BM2716d5e8] ; Rundll32.exe "C:\WINDOWS\system32\weihpxdx.dll",s
O4 - HKLM\..\Run: [DMXLauncher] ; "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] ; "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] ; d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] ; C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] ; C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] ; "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] ; "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] ; "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SpybotSnD] ; "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] ; "d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] ; d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22C103E-6534-4EBF-9C10-5FD44EECFCD0}: NameServer = 80.10.246.1,80.10.246.132
O20 - Winlogon Notify: gebxxuv - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\internet\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 7 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

As-tu sélectionné l'ensemble du texte en gras au-dessus ? Les fichiers ont été supprimés mais pas les éléments de registre.

FillPCA
0
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
re

Il me semble avoir tout copier. Je n'arrrive plus a mettre la main sur le CFScript.txt que j'ai glissé sur ComboFix.exe.

Le teatimer de spybot était actif et m'a demander d'accepter une serie de modif de la base registre. Je les ai toutes
acceptées. A ce moment le rapport de ComboFix était déjà à l'écran.

De plus j'ai rebooter ma machine avant d'éditer le rapport Hijackthis.


Ketmie
0
Réponse 8 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

Peux-tu recommencer la manip du glisser-déposer avec ce fichier CFScript.txt ?
https://spaces.hightail.com/resolve/ufid/A786B06B344BDDC5
Edite ensuite son rapport et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 9 / 21
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
re

C'est fait ! Voici les rapports


Ketmie


ComboFix 08-04-12.1 - internet 2008-04-13 14:10:27.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.231 [GMT 2:00]
Endroit: C:\Documents and Settings\internet\Bureau\VERIFICATION\ComboFix.exe
Command switches used :: C:\Documents and Settings\internet\Bureau\VERIFICATION\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\system32\bkiqxgpf.ini
C:\WINDOWS\system32\bmvbppkp.ini
C:\WINDOWS\system32\clwmuijp.ini
C:\WINDOWS\system32\gdmyhpxt.ini
C:\WINDOWS\system32\ijxytiks.dll
C:\WINDOWS\system32\iwipvnug.ini
C:\WINDOWS\system32\mbrdpcks.ini
C:\WINDOWS\system32\nwvmqkyc.ini
C:\WINDOWS\system32\rpkencbp.ini
C:\WINDOWS\system32\skityxji.ini
C:\WINDOWS\system32\ttrindja.ini
C:\WINDOWS\system32\vhdqighx.ini
C:\WINDOWS\system32\weihpxdx.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\[u]0[/u]\

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 17:21 . 2008-04-12 17:21 10,106,251 --a------ C:\upload_moi_FAMILLE-DAUGAN.tar.gz
2008-04-12 14:18 . 2008-04-12 19:55 <REP> d-------- C:\Program Files\Navilog1
2008-04-10 09:33 . 2008-04-13 11:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 09:33 . 2008-04-10 09:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 09:47 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-05 09:47 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-03 16:29 . 2008-04-03 16:38 3,932,214 --a------ C:\WINDOWS\Papier-peint-PhotoFiltre.bmp
2008-04-02 10:05 . 2008-04-02 10:05 <REP> d-------- C:\Program Files\Futuroscope Experience ADF
2008-03-31 18:33 . 2008-03-31 18:33 <REP> d-------- C:\Documents and Settings\internet\Application Data\.BitTornado
2008-03-29 17:27 . 2008-03-29 17:30 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-03-27 16:05 . 2008-03-27 16:48 1,681 --a------ C:\WINDOWS\[u]0[/u]
2008-03-27 16:05 . 2008-03-27 16:48 220 --a------ C:\WINDOWS\Faux
2008-03-27 16:05 . 2008-03-27 16:48 102 --a------ C:\WINDOWS\Times New Roman
2008-03-25 14:16 . 2008-04-07 14:13 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-23 14:22 . 2008-03-23 14:22 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-03-23 14:22 . 2008-03-23 14:22 <REP> d-------- C:\Program Files\Ahead
2008-03-23 14:22 . 2001-07-06 15:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-03-23 14:22 . 2001-07-06 13:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-03-23 14:22 . 2001-07-06 19:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-03-23 14:22 . 2001-07-09 12:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-23 14:22 . 2000-06-26 12:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-23 14:22 . 2001-06-26 09:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-03-23 14:19 . 2002-12-11 21:11 37,916 --a------ C:\WINDOWS\WMPrfFRA.prx
2008-03-23 14:18 . 2008-03-23 14:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-22 20:06 . 2008-03-22 20:06 100 --a------ C:\index.ini
2008-03-21 19:12 . 2008-03-21 19:41 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-19 17:47 . 2008-03-19 17:47 <REP> d-------- C:\Program Files\VSO
2008-03-19 17:47 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-19 17:47 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-03-19 17:47 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-03-19 17:47 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-03-19 17:47 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-19 13:10 . 2008-03-19 22:06 2,754 ---hs---- C:\WINDOWS\system32\bctahkus.ini
2008-03-19 13:02 . 2008-03-19 13:02 <REP> d-------- C:\Documents and Settings\internet\Application Data\InterVideo
2008-03-19 13:01 . 2008-03-19 13:01 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo
2008-03-19 12:57 . 2008-03-19 12:57 <REP> d-------- C:\Program Files\InterVideo
2008-03-19 12:57 . 2008-03-19 12:57 <REP> d-------- C:\Program Files\Creative
2008-03-19 12:57 . 2003-01-27 17:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2008-03-19 12:57 . 2003-09-11 11:52 315,376 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-03-19 12:57 . 2003-07-14 17:49 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2008-03-19 12:57 . 2003-09-11 11:52 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2008-03-19 12:21 . 2008-03-19 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-18 15:49 . 2004-05-26 07:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-03-18 15:49 . 2006-09-16 05:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-03-18 15:36 . 2008-03-18 15:42 <REP> d-------- C:\Documents and Settings\internet\Application Data\Pegasys Inc
2008-03-18 15:34 . 2008-03-18 15:33 122,512 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-03-18 15:34 . 2008-03-18 15:33 56,976 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-03-18 15:34 . 2008-03-18 15:33 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-03-18 13:07 . 2008-03-18 18:48 <REP> d-------- C:\Program Files\DivX
2008-03-16 23:23 . 2006-03-04 14:00 241,664 --a------ C:\WINDOWS\system32\drivers\c2scsi.sys
2008-03-16 22:11 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\internet\Application Data\DeepBurner
2008-03-14 23:22 . 2008-03-17 00:18 <REP> d-------- C:\Program Files\InterActual
2008-03-14 23:15 . 2008-03-14 23:15 <REP> d-------- C:\Program Files\Fichiers communs\SureThing Shared
2008-03-14 20:04 . 2008-03-14 22:34 1,049,096 --a------ C:\WINDOWS\pfirewall.log.old
2008-03-14 19:53 . 2008-03-14 23:25 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-14 19:53 . 2008-03-18 19:18 <REP> d-------- C:\Documents and Settings\internet\Application Data\Roxio
2008-03-14 19:42 . 2008-03-14 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-14 19:32 . 2008-03-18 19:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-14 19:24 . 2008-03-14 19:24 <REP> d-------- C:\Program Files\SmartSound Software
2008-03-14 19:24 . 2008-03-14 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-03-14 19:23 . 2008-03-14 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-14 19:21 . 2007-03-12 17:42 3,495,784 --------- C:\WINDOWS\system32\d3dx9_33.dll
2008-03-14 19:21 . 2007-03-12 17:42 1,123,696 --------- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-14 19:21 . 2007-03-15 17:57 443,752 --------- C:\WINDOWS\system32\d3dx10_33.dll
2008-03-14 16:43 . 2008-03-14 16:43 <REP> d-------- C:\Documents and Settings\internet\Application Data\DAEMON Tools
2008-03-14 15:50 . 2008-04-12 21:45 <REP> d-------- C:\VundoFix Backups
2008-03-13 20:09 . 2008-04-11 21:39 <REP> d-------- C:\Documents and Settings\internet\Application Data\Vso
2008-03-13 20:09 . 2008-03-18 15:50 81,920 --a------ C:\Documents and Settings\internet\Application Data\ezpinst.exe
2008-03-13 20:09 . 2008-03-19 17:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-13 20:09 . 2008-03-19 17:47 47,360 --a------ C:\Documents and Settings\internet\Application Data\pcouffin.sys
2008-03-13 19:41 . 2008-03-13 19:44 145 --------- C:\WINDOWS\system32\installerror.dat
2008-03-13 18:35 . 2008-03-14 17:40 1,314 --------- C:\WINDOWS\system32\hormmisu.ini
2008-03-13 11:43 . 2008-03-13 11:43 <REP> d-------- C:\Documents and Settings\internet\Application Data\Nero
2008-03-13 11:35 . 2008-03-18 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 11:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-12 21:26 49,760 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-12 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 13:29 --------- d-----w C:\Documents and Settings\internet\Application Data\uTorrent
2008-04-10 07:40 --------- d-----w C:\Program Files\Picasa2
2008-04-05 17:23 --------- d-----w C:\Documents and Settings\internet\Application Data\U3
2008-04-04 16:12 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-04 13:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-31 16:33 --------- d-----w C:\Documents and Settings\internet\Application Data\.BitTornado
2008-03-30 10:56 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-03-30 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 09:58 --------- d-----w C:\Program Files\JS Star
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-29 17:17 --------- d-----w C:\Program Files\Google
2008-03-29 09:16 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-29 09:16 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-29 09:16 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-24 15:30 --------- d-----w C:\Documents and Settings\internet\Application Data\CyberLink
2008-03-23 12:18 --------- d-----w C:\Program Files\CyberLink
2008-03-20 11:10 --------- d-----w C:\Documents and Settings\internet\Application Data\OpenOffice.org2
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\win32k.sys
2008-03-14 17:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-12 15:10 15,397 ----a-w C:\Program Files\settings.dat
2008-03-12 12:55 --------- d-----w C:\Documents and Settings\internet\Application Data\FinalBurner Video DVD
2008-03-10 13:49 --------- d-----w C:\Program Files\free-downloads.net
2008-03-10 13:49 --------- d-----w C:\Program Files\Conduit
2008-03-10 13:42 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-06 15:31 716,272 ------w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 14:51 --------- d-----w C:\Program Files\BoontyGames
2008-02-29 13:49 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-02-29 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-02-26 19:34 --------- d-----w C:\Documents and Settings\internet\Application Data\Azureus
2008-02-26 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-23 12:10 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Search Settings
2008-02-23 12:06 --------- d-----w C:\Program Files\Gamenext
2008-02-23 11:54 81,920 ------w C:\WINDOWS\system32\W32N50.dll
2008-02-23 11:54 17,134 ------w C:\WINDOWS\system32\PCANDIS5.sys
2008-02-23 11:43 --------- d-----w C:\Program Files\Securitoo
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 14:45 --------- d-----w C:\Program Files\MSN Messenger
2008-02-15 08:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-05-09 13:59 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-09-29 12:56 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_23.21.06.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-13 08:53:31 3,192 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{89214260-09F2-41EA-8D20-E9D9AC9623E6}.bin
+ 2008-04-13 12:15:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_678.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12222777-BD3B-4D34-BED7-37F79F2F0B19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1308A366-B5A7-4E04-AF70-C0CAB161CBAE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18931A5B-D1FC-436A-A93E-A3298C082C84}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A2DFDCD-4D2A-4C71-A787-B88FC18284A3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24c8e987-f6d1-45da-8ef8-c15989e7605f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49139752-B1DD-468B-862F-F92F31CBD5FA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4c5b44d9-aa3f-4287-b127-3e1579acfa6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{633DF5DD-610A-4A9C-936F-C4D6B22DE595}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7523e0a7-a29b-44ca-8fe0-d3fdeea543ad}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{793fe1aa-3ef1-44f8-9caa-c2a828b094cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930D9531-8829-4508-8015-10791031CB34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D7140BF-46C7-4E9F-9CA7-037946D7FB87}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0341296-454F-4879-9A42-2B7C6CBCE10C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC155E15-0D7B-4DD2-A003-B4D8DE853F44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD236356-032D-44A3-B471-E7BDDC25CC19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD463D78-62B1-4DE3-81D5-98358094B6FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b259391c-3728-45b3-bb3a-9403011274cf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF5EDA7-C25D-45F5-B62F-30AB788053F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC90FCC-B056-4469-9596-A0C9A3B4F1DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E49FC034-9BE9-440F-830C-102FB31A07F7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5EC2310-72B4-48B0-BFFA-568404C24DA8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0C6DB6A-E85D-461C-9247-6C3B0AB75491}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2760264-23EE-4CAA-BEAA-E06FABF5287B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"PowerBar"="d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Copernic Desktop Search 2"="d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [ ]
"DAEMON Tools Lite"="D:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"2425e674"="C:\WINDOWS\system32\ijxytiks.dll" [ ]
"BM2716d5e8"="C:\WINDOWS\system32\weihpxdx.dll" [ ]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [ ]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50 221184]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"LogitechVideoRepair"="d:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="d:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"RemoteControl"="d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [ ]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-06 13:20 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^internet^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=C:\Documents and Settings\internet\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2008-01-28 12:43 5146448 D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\Win32\\RpcDataSrv.exe"=
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII\\RpcSandraSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.5\\MediaManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6653:TCP"= 6653:TCP:*:Disabled:Port TCP emule
"47071:UDP"= 47071:UDP:*:Disabled:Port UDP d'emule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 10:56]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 10:56]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-23 00:32]
S1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 14:00]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\internet\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-02-29 15:49]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Setup.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59b8104-1013-11dc-8b32-00112fda7a70}]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b59b8105-1013-11dc-8b32-00112fda7a70}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-01 12:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 14:19:55
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

C:\WINDOWS\system32\verclsid.exe [2404] 0x814CF020

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-13 14:22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 12:22:22
ComboFix2.txt 2008-04-13 09:12:53
ComboFix3.txt 2008-04-12 21:22:19
Pre-Run: 17,642,733,568 octets libres
Post-Run: 17,638,424,576 octets libres
.
2008-04-11 19:47:38 --- E O F ---


======================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:24, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\internet\Bureau\VERIFICATION\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12222777-BD3B-4D34-BED7-37F79F2F0B19} - (no file)
O2 - BHO: (no name) - {1308A366-B5A7-4E04-AF70-C0CAB161CBAE} - (no file)
O2 - BHO: (no name) - {18931A5B-D1FC-436A-A93E-A3298C082C84} - (no file)
O2 - BHO: (no name) - {1A2DFDCD-4D2A-4C71-A787-B88FC18284A3} - (no file)
O2 - BHO: (no name) - {24c8e987-f6d1-45da-8ef8-c15989e7605f} - (no file)
O2 - BHO: (no name) - {49139752-B1DD-468B-862F-F92F31CBD5FA} - (no file)
O2 - BHO: (no name) - {4c5b44d9-aa3f-4287-b127-3e1579acfa6d} - (no file)
O2 - BHO: (no name) - {633DF5DD-610A-4A9C-936F-C4D6B22DE595} - (no file)
O2 - BHO: (no name) - {7523e0a7-a29b-44ca-8fe0-d3fdeea543ad} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {793fe1aa-3ef1-44f8-9caa-c2a828b094cc} - (no file)
O2 - BHO: (no name) - {930D9531-8829-4508-8015-10791031CB34} - (no file)
O2 - BHO: (no name) - {9D7140BF-46C7-4E9F-9CA7-037946D7FB87} - (no file)
O2 - BHO: (no name) - {A0341296-454F-4879-9A42-2B7C6CBCE10C} - (no file)
O2 - BHO: (no name) - {A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AC155E15-0D7B-4DD2-A003-B4D8DE853F44} - (no file)
O2 - BHO: (no name) - {AD236356-032D-44A3-B471-E7BDDC25CC19} - (no file)
O2 - BHO: (no name) - {AD463D78-62B1-4DE3-81D5-98358094B6FB} - (no file)
O2 - BHO: (no name) - {b259391c-3728-45b3-bb3a-9403011274cf} - (no file)
O2 - BHO: (no name) - {BEF5EDA7-C25D-45F5-B62F-30AB788053F0} - (no file)
O2 - BHO: (no name) - {CFC90FCC-B056-4469-9596-A0C9A3B4F1DB} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {E49FC034-9BE9-440F-830C-102FB31A07F7} - (no file)
O2 - BHO: (no name) - {E5EC2310-72B4-48B0-BFFA-568404C24DA8} - (no file)
O2 - BHO: (no name) - {E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC} - (no file)
O2 - BHO: (no name) - {F0C6DB6A-E85D-461C-9247-6C3B0AB75491} - (no file)
O2 - BHO: (no name) - {F2760264-23EE-4CAA-BEAA-E06FABF5287B} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2425e674] ; rundll32.exe "C:\WINDOWS\system32\ijxytiks.dll",b
O4 - HKLM\..\Run: [BM2716d5e8] ; Rundll32.exe "C:\WINDOWS\system32\weihpxdx.dll",s
O4 - HKLM\..\Run: [DMXLauncher] ; "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] ; "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] ; d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] ; C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] ; C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] ; "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] ; "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] ; "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] ; "d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22C103E-6534-4EBF-9C10-5FD44EECFCD0}: NameServer = 80.10.246.1,80.10.246.132
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\internet\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 10 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

Je ne comprends pas pourquoi CFscript n'a pas supprimé les clés. As-tu autorisé définitivement les changements avec spybot ?

1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O2 - BHO: (no name) - {12222777-BD3B-4D34-BED7-37F79F2F0B19} - (no file)
O2 - BHO: (no name) - {1308A366-B5A7-4E04-AF70-C0CAB161CBAE} - (no file)
O2 - BHO: (no name) - {18931A5B-D1FC-436A-A93E-A3298C082C84} - (no file)
O2 - BHO: (no name) - {1A2DFDCD-4D2A-4C71-A787-B88FC18284A3} - (no file)
O2 - BHO: (no name) - {24c8e987-f6d1-45da-8ef8-c15989e7605f} - (no file)
O2 - BHO: (no name) - {49139752-B1DD-468B-862F-F92F31CBD5FA} - (no file)
O2 - BHO: (no name) - {4c5b44d9-aa3f-4287-b127-3e1579acfa6d} - (no file)
O2 - BHO: (no name) - {633DF5DD-610A-4A9C-936F-C4D6B22DE595} - (no file)
O2 - BHO: (no name) - {7523e0a7-a29b-44ca-8fe0-d3fdeea543ad} - (no file)
O2 - BHO: (no name) - {793fe1aa-3ef1-44f8-9caa-c2a828b094cc} - (no file)
O2 - BHO: (no name) - {930D9531-8829-4508-8015-10791031CB34} - (no file)
O2 - BHO: (no name) - {9D7140BF-46C7-4E9F-9CA7-037946D7FB87} - (no file)
O2 - BHO: (no name) - {A0341296-454F-4879-9A42-2B7C6CBCE10C} - (no file)
O2 - BHO: (no name) - {A8BC5D43-3D56-49C2-B1FA-ADE3822CB2DD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AC155E15-0D7B-4DD2-A003-B4D8DE853F44} - (no file)
O2 - BHO: (no name) - {AD236356-032D-44A3-B471-E7BDDC25CC19} - (no file)
O2 - BHO: (no name) - {AD463D78-62B1-4DE3-81D5-98358094B6FB} - (no file)
O2 - BHO: (no name) - {b259391c-3728-45b3-bb3a-9403011274cf} - (no file)
O2 - BHO: (no name) - {BEF5EDA7-C25D-45F5-B62F-30AB788053F0} - (no file)
O2 - BHO: (no name) - {CFC90FCC-B056-4469-9596-A0C9A3B4F1DB} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {E49FC034-9BE9-440F-830C-102FB31A07F7} - (no file)
O2 - BHO: (no name) - {E5EC2310-72B4-48B0-BFFA-568404C24DA8} - (no file)
O2 - BHO: (no name) - {E8E0D5A0-FCB1-45C3-A987-B6EF5CE941EC} - (no file)
O2 - BHO: (no name) - {F0C6DB6A-E85D-461C-9247-6C3B0AB75491} - (no file)
O2 - BHO: (no name) - {F2760264-23EE-4CAA-BEAA-E06FABF5287B} - (no file)
O4 - HKLM\..\Run: [2425e674] ; rundll32.exe "C:\WINDOWS\system32\ijxytiks.dll",b
O4 - HKLM\..\Run: [BM2716d5e8] ; Rundll32.exe "C:\WINDOWS\system32\weihpxdx.dll",s

Clique sur fix/réparer.

2/ Clique sur démarrer>Exécuter>cmd et tape ceci :
sc stop SessionLauncher
sc delete SessionLauncher

3/ Redémarre le pc.

4/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite le rapport Kaspersky et un rapport Hijackthis.

FillPCA
0
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
re

J'ai autorisé tous les changement sans lui demander de s'en souvenir.
Voici les 2 nouveaux rapports

Ketmie

======================================================================
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 9:20:39 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702086
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 92814
Number of viruses found 4
Number of infected objects 12
Number of suspicious objects 0
Duration of the scan process 01:52:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\internet\Bureau\VERIFICATION\Navilog1.exe/file10 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\internet\Bureau\VERIFICATION\Navilog1.exe Inno: infected - 1 skipped
C:\Documents and Settings\internet\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Historique\History.IE5\MSHist012008041320080414\index.dat Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\internet\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\internet\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\internet\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP312\A0069629.exe Infected: not-virus:Hoax.Win32.Renos.bep skipped
C:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP363\A0079937.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP366\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{89214260-09F2-41EA-8D20-E9D9AC9623E6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_658.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
D:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
D:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP301\A0066980.exe/data0000.cab/LUXECA~1.EXE Infected: Packed.Win32.Monder.gen skipped
D:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP301\A0066980.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
D:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP301\A0066980.exe Rsrc-Package: infected - 2 skipped
D:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP363\A0079956.exe/file10 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP363\A0079956.exe Inno: infected - 1 skipped
D:\System Volume Information\_restore{5B2EB962-4140-4C7C-A688-64E776A06545}\RP366\change.log Object is locked skipped
D:\téléchargement\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
D:\téléchargement\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
D:\téléchargement\daemon4121-lite.exe NSIS: infected - 2 skipped
Scan process completed.

========================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:00, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\a-squared Free\a2service.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\internet\Bureau\VERIFICATION\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] ; "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] ; "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] ; d:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] ; d:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] ; C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] ; C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RemoteControl] ; "d:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] ; "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] ; "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] ; "d:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "d:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B22C103E-6534-4EBF-9C10-5FD44EECFCD0}: NameServer = 80.10.246.1,80.10.246.132
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 11 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

Supprime ceci :

C:\Documents and Settings\internet\Bureau\VERIFICATION\Navilog1.exe
D:\téléchargement\daemon4121-lite.exe

* Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
* Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
* Ton Bureau va peut-être disparaître. Ceci est normal.
* S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

As-tu toujours des soucis ? Sinon, je te donne les derniers conseils.

FillPCA
0
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
re,

Ma machine a gagner en rapidité mais quand je lance AVG anti rootKit Free il trouve une autre
hiden drive file : abt9uxtm.sys

Ketmie
0
Réponse 12 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Bonjour,

* Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici) : http://www2.gmer.net/gmer.zip
* Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
* Clique sur l'onglet "rootkit", puis clique sur scan.
* A la fin du scan, clique sur le bouton copy.
* Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
* Edite ce rapport dans ta prochaine réponse.

FillPCA
0
Réponse 13 / 21
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour,

Voici le rapport Gmer

Ketmie

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-14 10:28:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF60D1D98]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF62A4552]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF60D1CB8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF62A3A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF62A3910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF62A3F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF62A5034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF62A0D54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF60D212A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF60D18AA]
SSDT spkc.sys ZwEnumerateKey [0xF8436CA2]
SSDT spkc.sys ZwEnumerateValueKey [0xF8437030]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF60E2F4C]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF60E3232]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF62A4906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF60D1D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF60D17C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF60D183C]
SSDT spkc.sys ZwQueryKey [0xF8437108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF60D1E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF60D1E02]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF62A40DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF62A4CE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF60D1F84]
SSDT \??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF8C61812]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF62A4BB2]

---- Kernel code sections - GMER 1.0.14 ----

? spkc.sys Le fichier spécifié est introuvable. !
PAGENDSM NDIS.sys!NdisMIndicateStatus F8277A5F 6 Bytes JMP F6298C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text USBPORT.SYS!DllUnload F769162C 5 Bytes JMP 821D14E0

---- User code sections - GMER 1.0.14 ----

.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00030F54
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00030FE0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00030D24
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00030DB0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00030E3C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00030EC8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[344] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[344] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[780] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[780] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[824] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[824] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[836] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[836] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1320] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1320] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1328] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1328] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] USER3
0
Réponse 14 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

Le rapport est incomplet car il est trop long. Peux-tu le tronçonner et l'éditer en plusieurs fois ?

FillPCA
0
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Re,

Voici qui doit être complet

Ketmie

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-14 10:28:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF60D1D98]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF62A4552]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF60D1CB8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF62A3A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF62A3910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF62A3F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF62A5034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF62A0D54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF60D212A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF60D18AA]
SSDT spkc.sys ZwEnumerateKey [0xF8436CA2]
SSDT spkc.sys ZwEnumerateValueKey [0xF8437030]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF60E2F4C]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF60E3232]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF62A4906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF60D1D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF60D17C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF60D183C]
SSDT spkc.sys ZwQueryKey [0xF8437108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF60D1E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF60D1E02]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF62A40DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF62A4CE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF60D1F84]
SSDT \??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF8C61812]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF62A4BB2]

---- Kernel code sections - GMER 1.0.14 ----

? spkc.sys Le fichier spécifié est introuvable. !
PAGENDSM NDIS.sys!NdisMIndicateStatus F8277A5F 6 Bytes JMP F6298C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text USBPORT.SYS!DllUnload F769162C 5 Bytes JMP 821D14E0

---- User code sections - GMER 1.0.14 ----

.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00030F54
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00030FE0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00030D24
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00030DB0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00030E3C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00030EC8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[344] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[344] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[780] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[780] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[824] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[824] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[836] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[836] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1320] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1320] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1328] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1328] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] USER
0
Réponse 15 / 21
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
re,

Je reprend !
voici le début :

Ketmie

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-14 10:28:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF60D1D98]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF62A4552]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF60D1CB8]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF62A3A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF62A3910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF62A3F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF62A5034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF62A0D54]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF60D212A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF60D18AA]
SSDT spkc.sys ZwEnumerateKey [0xF8436CA2]
SSDT spkc.sys ZwEnumerateValueKey [0xF8437030]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xF60E2F4C]
SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xF60E3232]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF62A4906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF60D1D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF60D17C8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF60D183C]
SSDT spkc.sys ZwQueryKey [0xF8437108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF60D1E42]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF60D1E02]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF62A40DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF62A4CE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF60D1F84]
SSDT \??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xF8C61812]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF62A4BB2]

---- Kernel code sections - GMER 1.0.14 ----

? spkc.sys Le fichier spécifié est introuvable. !
PAGENDSM NDIS.sys!NdisMIndicateStatus F8277A5F 6 Bytes JMP F6298C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
.text USBPORT.SYS!DllUnload F769162C 5 Bytes JMP 821D14E0

---- User code sections - GMER 1.0.14 ----

.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\ashWebSv.exe[164] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00030F54
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00030FE0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00030D24
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00030DB0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00030E3C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[208] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00030EC8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[248] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\nvsvc32.exe[344] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\nvsvc32.exe[344] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\nvsvc32.exe[344] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\nvsvc32.exe[344] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[500] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[756] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[756] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[780] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[780] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[780] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[780] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[824] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[824] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[824] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[836] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[836] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1200] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[1320] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[1320] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[1320] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[1320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1328] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1328] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1328] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1328] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1328] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1424] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetConnectA 4409498A 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetConnectW 44095B78 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenA 4409C851 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenW 4409CE81 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenUrlA 440A0BAA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1424] WININET.dll!InternetOpenUrlW 440EAE09 5 Bytes JMP 00080EC8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1564] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
0
Réponse 16 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

Il n'est pas complet, car le forum n'accepte les messages qu'en-dessous d'une certaine longueur.
Recommence en tronçonnant le message.

Peux-tu me dire quel est le chemin exact du fichier trouvé par AVGantirootkit ?

FillPCA
0
Réponse 17 / 21
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Et ... voici la suite

Ketmie


.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\ashServ.exe[1632] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1816] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1884] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1884] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1884] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\a-squared Free\a2service.exe[2008] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\a-squared Free\a2service.exe[2008] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\a-squared Free\a2service.exe[2008] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[2032] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2444] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\LVComsX.exe[2768] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\LVComsX.exe[2768] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\LVComsX.exe[2768] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] USER32.DLL!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\internet\Bureau\gmer.exe[2908] USER32.DLL!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text D:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3000] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3072] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3088] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3088] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3088] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 823442D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F844993C] spkc.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8449990] spkc.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F841A040] spkc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F841A13C] spkc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F841A0BE] spkc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F841A7FC] spkc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F841A6D2] spkc.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 821D15E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8429D92] spkc.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F6298B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6298B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F6298B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F6298B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F6298B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F6298B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F6298B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F6298B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F6298B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F6298B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6298B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[824] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[824] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 823411F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 821D0500
Device \Driver\usbuhci \Device\USBPDO-1 821D0500
Device \Driver\usbuhci \Device\USBPDO-2 821D0500
Device \Driver\usbuhci \Device\USBPDO-3 821D0500
Device \Driver\usbehci \Device\USBPDO-4 821D3500

AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823C91F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823C91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 823421F8
Device \Driver\atapi \Device\Ide\IdePort0 823421F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 823421F8
Device \Driver\atapi \Device\Ide\IdePort1 823421F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 823421F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 81FFF500
Device \Driver\NetBT \Device\NetbiosSmb 81FFF500

AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 821D0500
Device \Driver\usbuhci \Device\USBFDO-1 821D0500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B22C103E-6534-4EBF-9C10-5FD44EECFCD0} 81FFF500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81FDC500
Device \Driver\usbuhci \Device\USBFDO-2 821D0500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81FDC500
Device \Driver\usbuhci \Device\USBFDO-3 821D0500
Device \Driver\usbehci \Device\USBFDO-4 821D3500
Device \Driver\Ftdisk \Device\FtControl 823C91F8
Device \FileSystem\Cdfs \Cdfs 81EEF500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBA 0xCB 0x6D 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0x5F 0xED 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x97 0x66 0x57 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3D 0x85 0x29 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBA 0xCB 0x6D 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0x5F 0xED 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 d:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x97 0x66 0x57 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3D 0x85 0x29 0x78 ...

---- EOF - GMER 1.0.14 ----
0
Réponse 18 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

Le rapport ne montre rien. Peux-tu m'indiquer la localisation précise du fichier trouvé par AVGantirootkit ?

FillPCA
0
Réponse 19 / 21
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Re

Avg AntiRootKit Free ne trouve plus rien

Ceci s'explique peut-être par :
- J'ai téléchargé et lancé AVG antiSpyware
- il a trouvé Loger.Banker que je lui est demandé de supprimer
- j'ai également supprimé tout ce qui avait a voir avec le dossier qui contenait loger.banker (Alcohol 120%)
- j'ai ensuite lancé CCleaner Nettoyeur et Registre

Je n'avait pas relancé AntiRootKit Free depuis

Ketmie
0
Réponse 20 / 21
FillPCA Messages postés 2242 Date d'inscription   Statut Contributeur sécurité Dernière intervention   123
 
Re,

1/ * Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
* Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
* Ton Bureau va peut-être disparaître. Ceci est normal.
* S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

2/ Comment se porte le pc ? Son fonctionnement est-il normal ?

FillPCA
0
Ketmie Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Re

Le pc se porte bien, son fonctionnement est normal.

Merci pour tout

J'aimerais recevoir les derniers conseils

Ketmie
0

Discussions similaires

Rootkit sur pc windows 10
mic42 -
bazfile -

1 réponse
Rootkit : chacun son tour !!! HELP ! Help !
Reciff -
verni29 -

23 réponses
WIN32 KAMSO PUIS DETECTION D'UN ROOTKIT
BACARA -
BACARA -

61 réponses