vieuxrusé
-
Compteur de contenus
91 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par vieuxrusé
-
[JALC] Visite de vos petits coins
vieuxrusé a répondu à un(e) sujet de castotwo dans J'ai vraiment rien à dire...
En Normandie ? -
oups! Salut Thanos il y eu comme un loupé voilà le rapport demandé je continue pour la suite avec le cd installation puis je te tiens au courant mais de toute façon ça commence à sentir bon. Bonne journée à toi et toute l'équipe. GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-18 09:10:49 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwClose [0xEE7991A5] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateFile [0xEE7989CC] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateKey [0xEE7950B0] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateProcess [0xEE798013] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateProcessEx [0xEE797E90] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwCreateThread [0xEE79854A] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwDeleteFile [0xEE799225] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwDeleteKey [0xEE7954E1] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwDeleteValueKey [0xEE795574] SSDT spho.sys ZwEnumerateKey [0xF772CCA2] SSDT spho.sys ZwEnumerateValueKey [0xF772D030] SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver [0xEE6118B0] SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection [0xEE611A20] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwOpenFile [0xEE798C97] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwOpenKey [0xEE795307] SSDT spho.sys ZwQueryKey [0xF772D108] SSDT spho.sys ZwQueryValueKey [0xF772CF88] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwResumeThread [0xEE7985D6] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwSetInformationFile [0xEE798F99] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwSetValueKey [0xEE79567D] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ZwWriteFile [0xEE798EF6] INT 0x62 ? 86759BF8 INT 0x63 ? 86505F00 INT 0x82 ? 86759BF8 INT 0x83 ? 867C8BF8 INT 0x94 ? 86505F00 INT 0xA4 ? 86505F00 INT 0xB4 ? 86505F00 ---- Kernel code sections - GMER 1.0.14 ---- ? spho.sys Le fichier spécifié est introuvable. ! PAGENDSM NDIS.sys!NdisMIndicateStatus F7558A5F 6 Bytes JMP EE78D35C \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) .text USBPORT.SYS!DllUnload F6A937AE 5 Bytes JMP 865054E0 .text a3k9jsji.SYS F10BB384 1 Byte [ 20 ] .text a3k9jsji.SYS F10BB386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ] .text a3k9jsji.SYS F10BB3AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ] .text a3k9jsji.SYS F10BB3C4 3 Bytes [ 00, 00, 00 ] .text a3k9jsji.SYS F10BB3C9 1 Byte [ 00 ] .text ... ---- User code sections - GMER 1.0.14 ---- .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00130DB0 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00130F54 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00130D24 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00130E3C .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00130FE0 .text E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[228] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00130EC8 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe[240] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text C:\Program Files\DAEMON Tools Lite\daemon.exe[256] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text C:\Program Files\TomTom HOME 2\HOMERunner.exe[308] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00130DB0 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00130F54 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00130D24 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00130E3C .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00130FE0 .text C:\Program Files\Siber Systems\RoboTaskBarIcon.exe[412] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00130EC8 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\WINDOWS\system32\nvsvc32.exe[532] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\WINDOWS\system32\nvsvc32.exe[532] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\WINDOWS\system32\nvsvc32.exe[532] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\WINDOWS\system32\nvsvc32.exe[532] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text E:\WINDOWS\system32\nvsvc32.exe[532] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text E:\WINDOWS\system32\nvsvc32.exe[532] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\WINDOWS\system32\oodag.exe[580] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\WINDOWS\system32\oodag.exe[580] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text E:\WINDOWS\system32\oodag.exe[580] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text E:\WINDOWS\system32\oodag.exe[580] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\WINDOWS\system32\oodag.exe[580] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\WINDOWS\system32\oodag.exe[580] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464 .text E:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608 .text E:\WINDOWS\system32\csrss.exe[716] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001607AC .text E:\WINDOWS\system32\csrss.exe[716] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00160720 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464 .text E:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608 .text E:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000707AC .text E:\WINDOWS\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00070720 .text E:\WINDOWS\system32\winlogon.exe[740] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4 .text E:\WINDOWS\system32\winlogon.exe[740] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838 .text E:\WINDOWS\system32\winlogon.exe[740] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\services.exe[784] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\services.exe[784] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\system32\services.exe[784] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\system32\services.exe[784] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\lsass.exe[796] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\svchost.exe[952] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\svchost.exe[996] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[1064] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\System32\svchost.exe[1088] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00080DB0 .text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00080F54 .text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00080D24 .text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00080E3C .text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00080FE0 .text E:\WINDOWS\System32\svchost.exe[1088] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00080EC8 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464 .text E:\WINDOWS\system32\wdfmgr.exe[1184] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608 .text E:\WINDOWS\system32\wdfmgr.exe[1184] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000707AC .text E:\WINDOWS\system32\wdfmgr.exe[1184] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00070720 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\system32\svchost.exe[1216] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00080DB0 .text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00080F54 .text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00080D24 .text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00080E3C .text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00080FE0 .text E:\WINDOWS\system32\svchost.exe[1216] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00080EC8 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe[1348] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\spoolsv.exe[1488] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\spoolsv.exe[1488] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\spoolsv.exe[1488] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\system32\spoolsv.exe[1488] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\system32\spoolsv.exe[1488] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\Explorer.EXE[1680] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\Explorer.EXE[1680] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00080DB0 .text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00080F54 .text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00080D24 .text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00080E3C .text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00080FE0 .text E:\WINDOWS\Explorer.EXE[1680] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00080EC8 .text E:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\Explorer.EXE[1680] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text c:\Program Files\a-squared Free\a2service.exe[1776] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text c:\Program Files\a-squared Free\a2service.exe[1776] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text c:\Program Files\a-squared Free\a2service.exe[1776] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\svchost.exe[1820] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text E:\Program Files\AntiVir PersonalEdition Classic\sched.exe[1852] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe[1884] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text c:\Program Files\CDBurnerXP\NMSAccessU.exe[1920] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00030004 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0003011C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0003057C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0003034C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00030464 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00030608 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000307AC .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00030720 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00030DB0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00030F54 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00030D24 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00030E3C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00030FE0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe[1968] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00030EC8 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\RUNDLL32.EXE[2028] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe[2036] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text C:\Program Files\Spamihilator\spamihilator.exe[2044] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Spamihilator\spamihilator.exe[2044] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\System32\alg.exe[2236] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\System32\alg.exe[2236] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\System32\alg.exe[2236] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text E:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text E:\WINDOWS\System32\alg.exe[2236] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe[2320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text C:\mesdocuments\rapporthijack\gmer.exe[2360] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text C:\mesdocuments\rapporthijack\gmer.exe[2360] USER32.DLL!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text C:\mesdocuments\rapporthijack\gmer.exe[2360] USER32.DLL!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464 .text E:\WINDOWS\system32\wuauclt.exe[3012] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608 .text E:\WINDOWS\system32\wuauclt.exe[3012] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 000807AC .text E:\WINDOWS\system32\wuauclt.exe[3012] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00080720 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] USER32.dll!SetWindowsHookExW 77D23DEA 5 Bytes JMP 001307AC .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] USER32.dll!SetWindowsHookExA 77D311F1 5 Bytes JMP 00130720 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenW 77AAAF69 5 Bytes JMP 00130DB0 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetConnectA 77AB34A9 5 Bytes JMP 00130F54 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenA 77AB592A 5 Bytes JMP 00130D24 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenUrlA 77AB5BF6 5 Bytes JMP 00130E3C .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetConnectW 77ABEE70 5 Bytes JMP 00130FE0 .text E:\Program Files\Mozilla Firefox\firefox.exe[3488] WININET.dll!InternetOpenUrlW 77AC5BC2 5 Bytes JMP 00130EC8 ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 867C82D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F773FC4C] spho.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F773FCA0] spho.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F770F040] spho.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F770F13C] spho.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F770F0BE] spho.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F770F7FC] spho.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F770F6D2] spho.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 865055E0 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlInitUnicodeString] 9252D2DB IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!swprintf] [804FC5C0] \WINDOWS\system32\ntoskrnl.exe (Noyau et système NT/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeSetEvent] 8E44C8C9 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoCreateSymbolicLink] A475EBF6 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoGetConfigurationInformation] AA7EE6FF IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] B863F1E4 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmFreeMappingAddress] B668FCED IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 0CB1670A IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 02BA6A03 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnmapIoSpace] 10A77D18 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 1EAC7011 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IofCompleteRequest] 349D532E IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 3A965E27 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IofCallDriver] 288B493C IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 26804435 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 7CE90F42 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoConnectInterrupt] 72E2024B IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDetachDevice] 60FF1550 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeWaitForSingleObject] 6EF41859 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeEvent] 44C53B66 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 4ACE366F IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlInitAnsiString] 58D32174 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 56D82C7D IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoQueueWorkItem] 377A0CA1 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmMapIoSpace] 397101A8 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2B6C16B3 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoReportDetectedDevice] 25671BBA IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0F563885 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 015D358C IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!NlsMbCodePageTag] 13402297 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoRequestPowerIrp] 1D4B2F9E IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 472264E9 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 492969E0 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!sprintf] 5B347EFB IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 553F73F2 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ObfDereferenceObject] 7F0E50CD IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 71055DC4 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 63184ADF IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwClose] 6D1347D6 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] D7CADC31 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] D9C1D138 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CBDCC623 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoStartNextPowerIrp] C5D7CB2A IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoCallDriver] EFE6E815 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoCreateDevice] E1EDE51C IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] F3F0F207 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlQueryRegistryValues] FDFBFF0E IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwOpenKey] A792B479 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlFreeUnicodeString] A999B970 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoStartTimer] BB84AE6B IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeTimer] B58FA362 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInitializeTimer] 9FBE805D IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeDpc] 91B58D54 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInitializeSpinLock] 83A89A4F IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoInitializeIrp] 8DA39746 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwCreateKey] 00000063 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 0000007C IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 00000077 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ZwSetValueKey] 0000007B IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000F2 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 0000006B IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoStartPacket] 0000006F IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 000000C5 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 00000030 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeMdl] 00000001 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnlockPages] 00000067 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 0000002B IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 000000FE IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 000000D7 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000AB IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000076 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoStartNextPacket] 000000CA IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeBugCheckEx] 00000082 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 000000C9 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeSetTimer] 0000007D IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeCancelTimer] 000000FA IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_allmul] 00000059 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000047 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_except_handler3] 000000F0 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!PoSetPowerState] 000000AD IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000D4 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000A2 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_aulldiv] 000000AF IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!strstr] 0000009C IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!_strupr] 000000A4 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeQuerySystemTime] 00000072 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000C0 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!KeTickCount] 000000B7 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 000000FD IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoDeleteDevice] 00000093 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 00000026 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000036 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateIrp] 0000003F IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoAllocateMdl] 000000F7 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000CC IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmLockPagableDataSection] 00000034 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 000000A5 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 000000E5 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!ExFreePoolWithTag] 000000F1 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeIrp] 00000071 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000D8 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!InitSafeBootMode] 00000031 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlCompareMemory] 00000015 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 00000004 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!memmove] 000000C7 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[ntoskrnl.exe!MmHighestUserAddress] 00000023 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfRaiseIrql] 1879CE14 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfLowerIrql] 3248ED2B IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!HalGetInterruptVector] 3C43E022 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!READ_PORT_USHORT] F017AD88 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081 IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC IAT \SystemRoot\System32\Drivers\a3k9jsji.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5 IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F771F048] spho.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EE78D1B0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EE78D1CB] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EE78D24F] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EE78D272] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EE78D24F] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EE78D1CB] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EE78D1B0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EE78D24F] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EE78D272] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EE78D1B0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EE78D1CB] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Software) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 867571F8 AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Antivir H+BEDV Datentechnik GmbH File Filter Driver Manager (XP/2003)/H+BEDV Datentechnik GmbH) Device \FileSystem\Fastfat \FatCdrom 858A6500 Device \FileSystem\Udfs \UdfsCdRom 865C7500 Device \FileSystem\Udfs \UdfsDisk 865C7500 AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (Noyau et système NT/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-0 865011F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 867C61F8 Device \Driver\dmio \Device\DmControl\DmConfig 867C61F8 Device \Driver\dmio \Device\DmControl\DmPnP 867C61F8 Device \Driver\dmio \Device\DmControl\DmInfo 867C61F8 Device \Driver\usbuhci \Device\USBPDO-1 865011F8 Device \Driver\usbehci \Device\USBPDO-2 864EA1F8 Device \Driver\usbuhci \Device\USBPDO-3 865011F8 Device \Driver\PCI_PNP9756 \Device\00000047 spho.sys Device \Driver\usbuhci \Device\USBPDO-4 865011F8 AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 8675A1F8 Device \Driver\USBSTOR \Device\00000071 863E0500 Device \Driver\Ftdisk \Device\HarddiskVolume2 8675A1F8 Device \Driver\Cdrom \Device\CdRom0 864DC1F8 Device \Driver\Cdrom \Device\CdRom1 864DC1F8 Device \Driver\atapi \Device\Ide\IdePort0 867591F8 Device \Driver\atapi \Device\Ide\IdePort1 867591F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 867591F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 867591F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 867591F8 Device \Driver\USBSTOR \Device\00000073 863E0500 Device \Driver\NetBT \Device\NetBt_Wins_Export 863DF500 Device \Driver\NetBT \Device\NetbiosSmb 863DF500 AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (Noyau et système NT/Microsoft Corporation) Device \Driver\usbuhci \Device\USBFDO-0 865011F8 Device \Driver\sptd \Device\904464756 spho.sys Device \Driver\usbuhci \Device\USBFDO-1 865011F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 863CE500 Device \Driver\usbehci \Device\USBFDO-2 864EA1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 863CE500 Device \Driver\usbuhci \Device\USBFDO-3 865011F8 Device \Driver\usbuhci \Device\USBFDO-4 865011F8 Device \Driver\Ftdisk \Device\FtControl 8675A1F8 Device \Driver\a3k9jsji \Device\Scsi\a3k9jsji1 86540500 Device \Driver\a3k9jsji \Device\Scsi\a3k9jsji1Port3Path0Target0Lun0 86540500 Device \Driver\aic78xx \Device\Scsi\aic78xx1 867C51F8 Device \FileSystem\Fastfat \Fat 858A6500 AttachedDevice \FileSystem\Fastfat \Fat avgntmgr.sys (Antivir H+BEDV Datentechnik GmbH File Filter Driver Manager (XP/2003)/H+BEDV Datentechnik GmbH) Device \FileSystem\Cdfs \Cdfs 856C6500 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 c:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3C 0x62 0xD5 0xCC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0xD1 0xC7 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x26 0x01 0x4C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 c:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3C 0x62 0xD5 0xCC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x44 0xD1 0xC7 0xDA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x26 0x01 0x4C ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 81DD39FE5F3B3F80E4C325EDDE9C95B9EA510222DBF737BBB215D6E7477152A16E77F144B64C8CB3 8D37EA7BDB11875C783EA8E1FC08F4DED53E0A8215023F616EA30D13E8EF43520ED691B8C24B8D8A8 4C7A59CB14E3DD2AB56644EDBFEDDAA05FA637C5F83E6E6E34DB5F4CA4EC01DA54FF4FD1793D76080 14E1F34295C4D0572814C56BB905722D5BB6B30AF0BCDE15C9D665AD741340C6BFC55052C69419B26 A8069BF172AE92ED5362A7E5E2015AFC050E7DC5DBE2095BA13737AE76D408415CF147276E834CF24 9C43089410F07450A74BEB16AFA3A47494238D21F4F3DE8EEB278006D9AC9C43949E6AE6329D0BAAE A0C09FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC C74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C8EDD5E5BE2F6E667A6A0AC4980AC7 93304F0971F8A917233AD17EBBD942BDA574A510E6384224722A0E6D21160EDC6972AD7F563D65093 F73CE204D697E372C3FC1E180BECBACFCBB11AE523310CB8D3519D9B2B0DF31AC7EFE4061586C0DC7 DF88095C3E5D1C30133B226A4E008A0031EEF1C5921405E4015DC51F48C654E88CCE7D2C26F8C5153 1B726BA3E327CB5D89027F771B3CE860490D3C18E5B9AC50DCCA94E21AD45F33301D0753C074BC7E6 40BC2B09833780DFE3E90C2E46B94A1619F8D210ED6857711FE3 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.14 ----
-
:P j'ai essayé plusieurs fois udapte comme tu l'indique mais rien y fait grrrrrrrrr.... voici le message qui s'affiche: No connection to the Internet could be produced. More information in the report file +toujours ces messages windows comme précédemment annoncé. Merci
-
1°) Le PC est relancé antivir MAJ toujours impossible Kerio(version d'essai) me dit qu'il y a une nouvelle version voulez vous mettre à jour et tout comme antivir rien. 2°)au redemarage 2 fenêtres apparaissent :[Protection des fichiers windows.] des fichiers necessaires au fonctionnement windows ont été remplacés par des fichiers d'une version non reconnu..etc. La seconde =[Protection des fichiers windows.] Veuillez patienter pendant que windows vérifie que tout les fichiers windows protégés sont intacts et dans leur version originale. [annuler]
-
Les manipulations sont terminées je relance le PC et je retente l'adapte antivir.
-
Mes salutations du matin 1°) ComboFix 08-10-15.01 - DEMARAIS 2008-10-17 9:02:22.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.614 [GMT 2:00] Lancé depuis: C:\telecharfirefox\ComboFix.exe Commutateurs utilisés :: C:\telecharfirefox\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\telecharfirefox\fp2006-final-3.00-setup.zip C:\WINDOWS\system32\YUR4.exe C:\WINDOWS\system32\YUR5.exe C:\x E:\WINDOWS\system32\Process.exe E:\WINDOWS\system32\SrchSTS.exe E:\WINDOWS\system32\VCCLSID.exe E:\WINDOWS\system32\WS2Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\telecharfirefox\fp2006-final-3.00-setup.zip C:\WINDOWS\system32\YUR4.exe C:\WINDOWS\system32\YUR5.exe C:\x E:\Documents and Settings\All Users\Application Data\jwbwtsfi E:\Documents and Settings\All Users\Application Data\jwbwtsfi\tgpgjqrm.exe E:\WINDOWS\system32\Process.exe E:\WINDOWS\system32\SrchSTS.exe E:\WINDOWS\system32\VCCLSID.exe E:\WINDOWS\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-17 au 2008-10-17 )))))))))))))))))))))))))))))))))))) . 2008-10-17 08:27 . 2008-10-17 09:30 <REP> d-------- E:\WINDOWS\system32\AVGUARD_48fbff97 2008-10-16 22:31 . 2008-10-17 08:35 <REP> d-------- E:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-10-16 09:40 . 2008-10-16 09:40 <REP> d-------- E:\WINDOWS\system32\Kaspersky Lab 2008-10-14 21:55 . 2008-10-14 21:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\0000005738 2008-10-14 09:43 . 2008-10-14 09:43 <REP> d-------- E:\rsit 2008-10-14 09:08 . 2008-10-14 09:08 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 09:08 . 2008-09-10 00:04 38,528 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 09:08 . 2008-09-10 00:03 17,200 --a------ E:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 21:57 . 2008-10-15 08:40 3,304 --a------ E:\WINDOWS\system32\tmp.reg 2008-10-13 21:54 . 2008-05-18 21:40 82,944 --a------ E:\WINDOWS\system32\IEDFix.exe 2008-10-13 21:54 . 2004-07-31 18:50 51,200 --a------ E:\WINDOWS\system32\dumphive.exe 2008-10-13 20:58 . 2008-10-13 20:58 <REP> d-------- E:\Program Files\Panda Security 2008-10-13 19:52 . 2008-10-14 09:26 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\sp2 2008-10-13 18:48 . 2008-10-13 18:52 <REP> d-------- E:\WINDOWS\system32\AVGUARD_48fa09da 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage réseau 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage d'impression 2008-10-13 17:57 . 2008-05-15 02:12 <REP> d--h----- E:\Documents and Settings\Administrateur\Modèles 2008-10-13 17:57 . 2008-10-14 08:27 <REP> d-------- E:\Documents and Settings\Administrateur\Mes documents 2008-10-13 17:57 . 2008-05-14 23:20 <REP> dr------- E:\Documents and Settings\Administrateur\Menu Démarrer 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d-------- E:\Documents and Settings\Administrateur\Favoris 2008-10-13 17:57 . 2008-10-14 08:39 <REP> d-------- E:\Documents and Settings\Administrateur\Bureau 2008-10-13 17:57 . 2008-10-13 17:57 <REP> d-------- E:\Documents and Settings\Administrateur 2008-10-13 17:56 . 2008-10-15 08:37 334 --a------ E:\WINDOWS\system32\drivers\fwdrv.err 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Malwarebytes 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-09 17:59 . 2008-10-10 18:14 <REP> d-------- E:\Program Files\Intuisphere 2008-10-09 17:09 . 2008-10-12 17:13 54,156 --ah----- E:\WINDOWS\QTFont.qfn 2008-10-09 17:09 . 2008-10-09 17:09 1,409 --a------ E:\WINDOWS\QTFont.for 2008-10-09 16:12 . 2008-10-09 16:13 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\DeepBurner 2008-10-08 18:55 . 2008-10-08 18:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Acoustica 2008-10-08 14:10 . 2008-10-08 14:10 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Canneverbe_Limited 2008-10-06 18:19 . 2008-10-06 19:18 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Nero 2008-10-04 13:15 . 2008-10-04 13:15 4,767 --a------ E:\WINDOWS\Irremote.ini 2008-10-04 12:36 . 2008-10-04 13:43 <REP> d-------- E:\Program Files\Fichiers communs\Nero 2008-10-04 12:36 . 2008-10-04 13:02 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 05:51 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\Spamihilator 2008-10-13 14:09 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-13 13:12 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 15:13 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\gtk-2.0 2008-10-06 15:43 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\dvdcss 2008-10-04 11:12 --------- d-----w E:\Program Files\Nero 2008-10-03 12:33 --------- d-----w E:\Program Files\Fichiers communs\Ahead 2008-10-03 12:30 --------- d--h--w E:\Program Files\InstallShield Installation Information 2008-10-03 12:30 --------- d-----w E:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-09-13 18:28 --------- d-----w E:\Program Files\Fichiers communs\Adobe 2008-09-13 11:42 --------- d-----w E:\Program Files\Fichiers communs\Macrovision Shared 2008-08-18 16:45 --------- d-----w E:\Program Files\Microsoft Silverlight 2008-07-18 20:10 94,920 ----a-w E:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w E:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w E:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w E:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w E:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w E:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w E:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w E:\WINDOWS\system32\wuaueng.dll 2008-06-21 07:23 47,360 ----a-w E:\Documents and Settings\DEMARAIS\Application Data\pcouffin.sys . ------- Sigcheck ------- 2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb E:\WINDOWS\system32\user32.dll 2006-06-21 00:22 2059008 5311776074b6c13f983dc75baeac9c0c E:\WINDOWS\system32\ntkrnlpa.exe 2006-06-21 00:05 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a E:\WINDOWS\system32\ntoskrnl.exe 2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 E:\WINDOWS\explorer.exe 2006-06-21 00:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 E:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "RoboForm"="C:\Program Files\Siber Systems\RoboTaskBarIcon.exe" [2008-09-11 160592] "TomTomHOME.exe"="c:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 86016] "HPDJ Taskbar Utility"="E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416] "Spamihilator"="c:\Program Files\Spamihilator\spamihilator.exe" [2008-04-05 1060864] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "avgnt"="E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 266280] "nwiz"="nwiz.exe" [2005-06-15 E:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMFUprogramsList"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "NoInstrumentation"= 0 (0x0) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "vidc.dvsd"= pdvcodec.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 avgntmgr;avgntmgr;E:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-06 14848] R1 avgntdd;avgntdd;E:\WINDOWS\system32\DRIVERS\avgntdd.sys [2005-08-23 31744] R1 fwdrv;Firewall Driver;E:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432] R1 khips;Kerio HIPS Driver;E:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 NMSAccessU;NMSAccessU;c:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R3 fbxusb;FreeBox USB Network Adapter;E:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac439b7a-2384-11dd-9cc8-0007cb0000ff}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Player - E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-17 09:29:51 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-17 9:35:28 ComboFix-quarantined-files.txt 2008-10-17 07:35:01 ComboFix2.txt 2008-10-16 06:34:41 Avant-CF: 9 630 568 448 octets libres Après-CF: 9,626,533,888 octets libres 179 2°) Logfile of random's system information tool 1.04 (written by random/random) Run by DEMARAIS at 2008-10-17 09:38:46 Microsoft Windows XP Professionnel Service Pack 2 System drive E: has 9 GB (47%) free of 19 GB Total RAM: 1023 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:38:57, on 17/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe c:\Program Files\a-squared Free\a2service.exe E:\Program Files\AntiVir PersonalEdition Classic\sched.exe E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe c:\Program Files\CDBurnerXP\NMSAccessU.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\oodag.exe E:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Spamihilator\spamihilator.exe E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Siber Systems\RoboTaskBarIcon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe E:\WINDOWS\system32\wuauclt.exe E:\WINDOWS\explorer.exe E:\Program Files\Mozilla Firefox\firefox.exe C:\telecharfirefox\RSIT.exe C:\logiciels\DEMARAIS.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\roboform.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [spamihilator] "c:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "c:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Srchasst" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\msagent" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU') O4 - Startup: Rapid Antivirus.lnk = E:\Program Files\Rapid Antivirus\Rapid Antivirus.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboFormComShowToolbar.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - E:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - E:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPH11 - HP - E:\WINDOWS\system32\HPHipm11.exe -- End of file - 7899 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\roboform.dll [2008-06-20 2296832] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2005-06-15 6803456] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2005-06-15 86016] "HPDJ Taskbar Utility"=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416] "Spamihilator"=c:\Program Files\Spamihilator\spamihilator.exe [2008-04-05 1060864] "SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784] "avgnt"=E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2006-01-18 266280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] "RoboForm"=C:\Program Files\Siber Systems\RoboTaskBarIcon.exe [2008-09-11 160592] "TomTomHOME.exe"=c:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] E:\Documents and Settings\DEMARAIS\Menu Démarrer\Programmes\Démarrage Rapid Antivirus.lnk - E:\Program Files\Rapid Antivirus\Rapid Antivirus.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] E:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SynchronousMachineGroupPolicy"=0 "SynchronousUserGroupPolicy"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoStrCmpLogical"=1 "NoResolveTrack"=0 "NoResolveSearch"=0 "NoSMMyPictures"=0 "NoStartMenuMFUprogramsList"=0 "NoUserNameInStartMenu"=0 "MaxRecentDocs"=15 "NoInstrumentation"=0 "MemCheckBoxInRunDlg"=1 "NoSMBalloonTip"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "ForceClassicControlPanel"= "NoSimpleStartMenu"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac439b7a-2384-11dd-9cc8-0007cb0000ff}] shell\AutoRun\command - G:\InstallTomTomHOME.exe ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2008-10-17 09:35:40 ----D---- E:\WINDOWS\temp 2008-10-17 09:35:35 ----A---- E:\ComboFix.txt 2008-10-17 08:59:16 ----AD---- E:\Qoobox 2008-10-17 08:27:52 ----D---- E:\WINDOWS\system32\AVGUARD_48fbff97 2008-10-16 22:31:54 ----A---- E:\WINDOWS\system32\avsda.dll 2008-10-16 22:31:46 ----D---- E:\Program Files\AntiVir PersonalEdition Classic 2008-10-16 22:31:46 ----D---- E:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-10-16 09:40:51 ----D---- E:\WINDOWS\system32\Kaspersky Lab 2008-10-14 21:55:38 ----A---- E:\WINDOWS\zip.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\VFIND.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\SWXCACLS.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\SWSC.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\SWREG.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\sed.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\NIRCMD.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\grep.exe 2008-10-14 21:55:38 ----A---- E:\WINDOWS\fdsv.exe 2008-10-14 21:55:18 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\0000005738 2008-10-14 21:52:29 ----D---- E:\WINDOWS\ERDNT 2008-10-14 09:43:33 ----D---- E:\rsit 2008-10-14 09:08:15 ----D---- E:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 08:18:21 ----D---- E:\WINDOWS\Minidump 2008-10-13 21:57:09 ----A---- E:\WINDOWS\system32\tmp.txt 2008-10-13 21:55:36 ----A---- E:\rapport.txt 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\IEDFix.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\dumphive.exe 2008-10-13 20:58:28 ----D---- E:\Program Files\Panda Security 2008-10-13 20:53:29 ----A---- E:\WINDOWS\system32\4b7d216b-.txt 2008-10-13 19:52:55 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\sp2 2008-10-13 18:48:29 ----D---- E:\WINDOWS\system32\AVGUARD_48fa09da 2008-10-13 17:33:29 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Malwarebytes 2008-10-13 17:33:12 ----D---- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-10 18:07:39 ----A---- E:\WINDOWS\system32\BASSMOD.dll 2008-10-09 17:59:26 ----D---- E:\Program Files\Intuisphere 2008-10-09 16:12:12 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\DeepBurner 2008-10-08 18:55:07 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Acoustica 2008-10-08 14:10:24 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Canneverbe_Limited 2008-10-06 18:19:34 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Nero 2008-10-04 13:15:58 ----A---- E:\WINDOWS\Irremote.ini 2008-10-04 12:36:26 ----D---- E:\Documents and Settings\All Users\Application Data\Nero 2008-10-04 12:36:22 ----D---- E:\Program Files\Fichiers communs\Nero ======List of files/folders modified in the last 1 months====== 2008-10-17 09:38:53 ----D---- E:\WINDOWS\Prefetch 2008-10-17 09:36:21 ----D---- E:\Program Files\Mozilla Firefox 2008-10-17 09:35:47 ----D---- E:\WINDOWS\system32 2008-10-17 09:35:40 ----D---- E:\WINDOWS 2008-10-17 09:29:45 ----A---- E:\WINDOWS\system.ini 2008-10-17 09:26:53 ----D---- E:\WINDOWS\system32\drivers 2008-10-17 09:26:52 ----D---- E:\WINDOWS\AppPatch 2008-10-17 09:26:52 ----D---- E:\Program Files\Fichiers communs 2008-10-17 09:00:31 ----A---- E:\WINDOWS\SchedLgU.Txt 2008-10-17 08:28:17 ----D---- E:\WINDOWS\system32\CatRoot2 2008-10-16 22:40:02 ----D---- E:\WINDOWS\system32\oodag 2008-10-16 22:31:46 ----RD---- E:\Program Files 2008-10-16 22:30:05 ----RSHDC---- E:\WINDOWS\system32\dllcache 2008-10-16 09:40:53 ----SD---- E:\WINDOWS\Downloaded Program Files 2008-10-16 09:40:51 ----HD---- E:\WINDOWS\inf 2008-10-15 09:07:02 ----A---- E:\WINDOWS\ntbtlog.txt 2008-10-15 07:51:41 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Spamihilator 2008-10-14 22:12:07 ----D---- E:\WINDOWS\system32\config 2008-10-14 22:05:08 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Adobe 2008-10-14 10:18:27 ----SHD---- E:\System Volume Information 2008-10-14 08:13:13 ----D---- E:\WINDOWS\system32\Restore 2008-10-13 20:26:46 ----D---- E:\TEMP 2008-10-13 17:57:48 ----D---- E:\Documents and Settings 2008-10-13 16:09:26 ----D---- E:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-13 15:43:13 ----SHD---- E:\WINDOWS\Installer 2008-10-13 15:12:32 ----AD---- E:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 17:13:41 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\gtk-2.0 2008-10-06 17:43:18 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\dvdcss 2008-10-04 13:12:32 ----D---- E:\Program Files\Nero 2008-10-04 12:36:11 ----D---- E:\WINDOWS\WinSxS 2008-10-04 12:35:36 ----D---- E:\Program Files\Fichiers communs\Microsoft Shared 2008-10-03 14:33:07 ----D---- E:\Program Files\Fichiers communs\Ahead 2008-10-03 14:30:32 ----HD---- E:\Program Files\InstallShield Installation Information 2008-10-03 14:30:32 ----D---- E:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-09-30 17:01:10 ----A---- E:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgArCln;Avg Anti-Rootkit Clean Driver; E:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968] R1 avgntdd;avgntdd; E:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2005-08-23 31744] R1 fwdrv;Firewall Driver; E:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432] R1 khips;Kerio HIPS Driver; E:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920] R1 PCLEPCI;PCLEPCI; \??\E:\WINDOWS\system32\drivers\pclepci.sys [] R2 Aspi32;Aspi32; E:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); E:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 ASAPIW2K;ASAPIW2K; \??\E:\WINDOWS\system32\Drivers\asapiW2k.sys [] R3 Dot4 HPH11;Dot4 HPH11; E:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896] R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; E:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112] R3 Dot4Usb HPH11;Dot4Usb HPH11; E:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928] R3 fbxusb;FreeBox USB Network Adapter; E:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] R3 hidusb;Pilote de classe HID Microsoft; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-28 9600] R3 MarvinBus;Pinnacle Marvin Bus; E:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-06-15 3200256] R3 usbhub;Concentrateur USB2; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbscan;Pilote de scanneur USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-06-21 20608] S3 ae54auhn;ae54auhn; E:\WINDOWS\system32\drivers\ae54auhn.sys [] S3 catchme;catchme; \??\E:\ComboFix\catchme.sys [] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; E:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 pcouffin;VSO Software pcouffin; E:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-20 47360] S3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-06-21 30080] S3 usbprint;Classe d'imprimantes USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 vncdrv;vncdrv; E:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736] S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; c:\Program Files\a-squared Free\a2service.exe [2008-10-12 418936] R2 AntiVirScheduler;AntiVir Scheduler; E:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2006-01-18 31784] R2 AntiVirService;AntiVir PersonalEdition Classic Service; E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2006-01-20 353832] R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe [2005-12-19 1368064] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 NMSAccessU;NMSAccessU; c:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2005-06-15 127043] R2 O&O Defrag;O&O Defrag; E:\WINDOWS\system32\oodag.exe [2006-08-31 340992] R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [] S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-13 654848] S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPH11;Pml Driver HPH11; E:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824] S3 WMConnectCDS;Service Windows Media Connect; E:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064] -----------------EOF-----------------
-
J'ai désinstallé antivir relancé le PC puis réinstallé antivir le parapluie c'est bien ouvert par contre impossible d'effectuer MAJ j'ai le message suivant: invalid user agent. J'ai tenté le coup en désactivant kério et toujours rien. Il se fait tard je vais certainement continuer demain matin
-
Me voici de retours du boulot et là... surpprise le rapport ,par contre impossible de me conecter via mozilla firefox ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, October 16, 2008 10:09:17 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.84.2 Dernière mise à jour de la base antivirus Kaspersky : 16/10/2008 Enregistrements dans la base antivirus Kaspersky : 1176645 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ Statistiques de l'analyse: Total d'objets analysés: 87590 Nombre de virus trouvés: 8 Nombre d'objets infectés: 20 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 09:47:59 Nom de l'objet infecté / Nom du virus / Dernière action C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall 4\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP11\change.log L'objet est verrouillé ignoré C:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0003550.exe Infecté : Backdoor.Win32.Frauder.mr ignoré C:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0003553.exe Infecté : Backdoor.Win32.Frauder.mo ignoré C:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0003554.exe Infecté : Backdoor.Win32.Frauder.mb ignoré C:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0003566.exe Infecté : Backdoor.Win32.Frauder.mo ignoré C:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0003567.exe Infecté : Backdoor.Win32.Frauder.mb ignoré C:\telecharfirefox\fp2006-final-3.00-setup.zip/fp2006-final-3.00-setup.exe/file1626 Infecté : Hoax.JS.BadJoke.RJump ignoré C:\telecharfirefox\fp2006-final-3.00-setup.zip/fp2006-final-3.00-setup.exe Infecté : Hoax.JS.BadJoke.RJump ignoré C:\telecharfirefox\fp2006-final-3.00-setup.zip ZIP: infecté - 2 ignoré C:\WINDOWS\system32\YUR4.exe Infecté : Backdoor.Win32.Frauder.mo ignoré C:\WINDOWS\system32\YUR5.exe Infecté : Backdoor.Win32.Frauder.mb ignoré C:\x Infecté : Backdoor.Win32.Frauder.mb ignoré E:\Documents and Settings\All Users\Application Data\jwbwtsfi\tgpgjqrm.exe Infecté : Trojan-Downloader.Win32.Obfuscated.dvc ignoré E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré E:\Documents and Settings\All Users\Application Data\Nero\Nero BackItUp 4\Cache\BIU1.txt L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Application Data\Mozilla\Firefox\Profiles\idaufaqv.default\places.sqlite L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Application Data\Mozilla\Firefox\Profiles\idaufaqv.default\places.sqlite-journal L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Cookies\index.dat L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Local Settings\temp\etilqs_hOoYNdP6vvhmwkGHwhom L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Local Settings\temp\hsperfdata_DEMARAIS\1188 L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Local Settings\temp\hsperfdata_DEMARAIS\3084 L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\NTUSER.DAT L'objet est verrouillé ignoré E:\Documents and Settings\DEMARAIS\ntuser.dat.LOG L'objet est verrouillé ignoré E:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré E:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré E:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré E:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré E:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré E:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP11\change.log L'objet est verrouillé ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP6\A0002318.sys Infecté : Backdoor.Win32.UltimateDefender.a ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP6\A0002328.sys Infecté : Backdoor.Win32.UltimateDefender.a ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP6\A0002329.sys Infecté : Backdoor.Win32.UltimateDefender.a ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP6\A0002331.exe Infecté : Trojan-Downloader.Win32.Small.afcl ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0002511.exe Infecté : Backdoor.Win32.Frauder.mr ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0002513.exe Infecté : Backdoor.Win32.Frauder.mo ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0002516.exe Infecté : Backdoor.Win32.Frauder.mb ignoré E:\System Volume Information\_restore{FC376516-F458-462F-A7DC-B438450729A3}\RP8\A0002518.exe Infecté : Trojan-Downloader.Win32.Delf.pdx ignoré E:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré E:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré E:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré E:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré E:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré E:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré E:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré E:\WINDOWS\system32\config\default L'objet est verrouillé ignoré E:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré E:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré E:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré E:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré E:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré E:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré E:\WINDOWS\system32\config\software L'objet est verrouillé ignoré E:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré E:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré E:\WINDOWS\system32\config\system L'objet est verrouillé ignoré E:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré E:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré E:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré E:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré E:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.
-
Je n'ai rien touché au registre . Je part au boulot pendant ce temps KARSPERSKY fait son travail
-
Bonjour Thanos je n'ai pas modifier le registre mais j'ai seulement repris SmitfraudFix.exe avec le choix 2 car jétais certain de mettre planté la première fois, j'avais fait ça en mode sans echec avec prise en charge du réseau. Donc voilà les raisons des modifs. Voilà le rapport 1er Point je continu . ComboFix 08-10-15.01 - DEMARAIS 2008-10-16 8:21:19.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.604 [GMT 2:00] Lancé depuis: C:\telecharfirefox\ComboFix.exe Commutateurs utilisés :: C:\telecharfirefox\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: E:\WINDOWS\system32\404Fix.exe E:\WINDOWS\system32\AntiXPVSTFix.exe E:\WINDOWS\system32\fccaXQkK.dll E:\WINDOWS\system32\IEDFix.C.exe E:\WINDOWS\system32\o4Patch.exe E:\WINDOWS\system32\VACFix.exe E:\WINDOWS\system32\wvUmlmJD.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . E:\Documents and Settings\DEMARAIS\SmitfraudFix E:\Documents and Settings\DEMARAIS\SmitfraudFix\404Fix.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\AntiXPVSTFix.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\beep_2K_original.sys E:\Documents and Settings\DEMARAIS\SmitfraudFix\beep_XP_original.sys E:\Documents and Settings\DEMARAIS\SmitfraudFix\dumphive.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\exit.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\GenericRenosFix.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\HostsChk.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\IEDFix.C.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\IEDFix.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\o4Patch.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\Policies.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\Process.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\Reboot.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\restart.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\SmitfraudFix.cmd E:\Documents and Settings\DEMARAIS\SmitfraudFix\SmiUpdate.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\SrchSTS.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\swreg.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\swsc.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\swxcacls.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\UIFix.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\unzip.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\VACFix.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\VCCLSID.exe E:\Documents and Settings\DEMARAIS\SmitfraudFix\WS2Fix.exe E:\WINDOWS\system32\404Fix.exe E:\WINDOWS\system32\AntiXPVSTFix.exe E:\WINDOWS\system32\IEDFix.C.exe E:\WINDOWS\system32\o4Patch.exe E:\WINDOWS\system32\VACFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 )))))))))))))))))))))))))))))))))))) . 2008-10-14 21:55 . 2008-10-14 21:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\0000005738 2008-10-14 10:22 . 2008-10-14 10:22 <REP> d-------- E:\Documents and Settings\All Users\Application Data\jwbwtsfi 2008-10-14 09:43 . 2008-10-14 09:43 <REP> d-------- E:\rsit 2008-10-14 09:08 . 2008-10-14 09:08 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 09:08 . 2008-09-10 00:04 38,528 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 09:08 . 2008-09-10 00:03 17,200 --a------ E:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 21:57 . 2008-10-15 08:40 3,304 --a------ E:\WINDOWS\system32\tmp.reg 2008-10-13 21:54 . 2007-09-06 00:22 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe 2008-10-13 21:54 . 2006-04-27 17:49 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe 2008-10-13 21:54 . 2008-05-18 21:40 82,944 --a------ E:\WINDOWS\system32\IEDFix.exe 2008-10-13 21:54 . 2003-06-05 21:13 53,248 --a------ E:\WINDOWS\system32\Process.exe 2008-10-13 21:54 . 2004-07-31 18:50 51,200 --a------ E:\WINDOWS\system32\dumphive.exe 2008-10-13 21:54 . 2007-10-04 00:36 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe 2008-10-13 21:23 . 2008-10-15 10:17 <REP> d-------- E:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-10-13 20:58 . 2008-10-13 20:58 <REP> d-------- E:\Program Files\Panda Security 2008-10-13 19:52 . 2008-10-14 09:26 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\sp2 2008-10-13 18:48 . 2008-10-13 18:52 <REP> d-------- E:\WINDOWS\system32\AVGUARD_48fa09da 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage réseau 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage d'impression 2008-10-13 17:57 . 2008-05-15 02:12 <REP> d--h----- E:\Documents and Settings\Administrateur\Modèles 2008-10-13 17:57 . 2008-10-14 08:27 <REP> d-------- E:\Documents and Settings\Administrateur\Mes documents 2008-10-13 17:57 . 2008-05-14 23:20 <REP> dr------- E:\Documents and Settings\Administrateur\Menu Démarrer 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d-------- E:\Documents and Settings\Administrateur\Favoris 2008-10-13 17:57 . 2008-10-14 08:39 <REP> d-------- E:\Documents and Settings\Administrateur\Bureau 2008-10-13 17:57 . 2008-10-13 17:57 <REP> d-------- E:\Documents and Settings\Administrateur 2008-10-13 17:56 . 2008-10-15 08:37 334 --a------ E:\WINDOWS\system32\drivers\fwdrv.err 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Malwarebytes 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-09 17:59 . 2008-10-10 18:14 <REP> d-------- E:\Program Files\Intuisphere 2008-10-09 17:09 . 2008-10-12 17:13 54,156 --ah----- E:\WINDOWS\QTFont.qfn 2008-10-09 17:09 . 2008-10-09 17:09 1,409 --a------ E:\WINDOWS\QTFont.for 2008-10-09 16:12 . 2008-10-09 16:13 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\DeepBurner 2008-10-08 18:55 . 2008-10-08 18:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Acoustica 2008-10-08 14:10 . 2008-10-08 14:10 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Canneverbe_Limited 2008-10-06 18:19 . 2008-10-06 19:18 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Nero 2008-10-04 13:15 . 2008-10-04 13:15 4,767 --a------ E:\WINDOWS\Irremote.ini 2008-10-04 12:36 . 2008-10-04 13:43 <REP> d-------- E:\Program Files\Fichiers communs\Nero 2008-10-04 12:36 . 2008-10-04 13:02 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 05:51 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\Spamihilator 2008-10-13 14:09 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-13 13:12 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 15:13 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\gtk-2.0 2008-10-06 15:43 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\dvdcss 2008-10-04 11:12 --------- d-----w E:\Program Files\Nero 2008-10-03 12:33 --------- d-----w E:\Program Files\Fichiers communs\Ahead 2008-10-03 12:30 --------- d--h--w E:\Program Files\InstallShield Installation Information 2008-10-03 12:30 --------- d-----w E:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-09-13 18:28 --------- d-----w E:\Program Files\Fichiers communs\Adobe 2008-09-13 11:42 --------- d-----w E:\Program Files\Fichiers communs\Macrovision Shared 2008-08-18 16:45 --------- d-----w E:\Program Files\Microsoft Silverlight 2008-07-18 20:10 94,920 ----a-w E:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w E:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w E:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w E:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w E:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w E:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w E:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w E:\WINDOWS\system32\wuaueng.dll 2008-06-21 07:23 47,360 ----a-w E:\Documents and Settings\DEMARAIS\Application Data\pcouffin.sys . ------- Sigcheck ------- 2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb E:\WINDOWS\system32\user32.dll 2006-06-21 00:22 2059008 5311776074b6c13f983dc75baeac9c0c E:\WINDOWS\system32\ntkrnlpa.exe 2006-06-21 00:05 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a E:\WINDOWS\system32\ntoskrnl.exe 2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 E:\WINDOWS\explorer.exe 2006-06-21 00:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 E:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "RoboForm"="C:\Program Files\Siber Systems\RoboTaskBarIcon.exe" [2008-09-11 160592] "TomTomHOME.exe"="c:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] "Player"="E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 86016] "HPDJ Taskbar Utility"="E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416] "Spamihilator"="c:\Program Files\Spamihilator\spamihilator.exe" [2008-04-05 1060864] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "avgnt"="E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 266280] "nwiz"="nwiz.exe" [2005-06-15 E:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMFUprogramsList"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "NoInstrumentation"= 0 (0x0) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "DisallowCpl"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "vidc.dvsd"= pdvcodec.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"="0x00000000" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 avgntmgr;avgntmgr;E:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-06 14848] R1 avgntdd;avgntdd;E:\WINDOWS\system32\DRIVERS\avgntdd.sys [2005-08-23 31744] R1 fwdrv;Firewall Driver;E:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432] R1 khips;Kerio HIPS Driver;E:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 NMSAccessU;NMSAccessU;c:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R3 fbxusb;FreeBox USB Network Adapter;E:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac439b7a-2384-11dd-9cc8-0007cb0000ff}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-16 08:29:24 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-16 8:34:34 ComboFix-quarantined-files.txt 2008-10-16 06:34:01 ComboFix2.txt 2008-10-15 20:40:00 ComboFix3.txt 2008-10-15 08:40:25 ComboFix4.txt 2008-10-14 20:31:48 Avant-CF: 9 748 180 992 octets libres Après-CF: 9,735,000,064 octets libres 205
-
me revoili me revoilà voici le rapport prend de nouveau ton temps pour l'analyse il se fait tard. J'ai depuis ce matin une nette amélioration. ComboFix 08-10-15.01 - DEMARAIS 2008-10-15 22:27:01.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.604 [GMT 2:00] Lancé depuis: C:\telecharfirefox\ComboFix.exe Commutateurs utilisés :: C:\telecharfirefox\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Windows\system32\YUR8.exe C:\Windows\system32\YUR9.exe C:\Windows\system32\YURA.exe C:\Windows\system32\YURB.exe C:\Windows\system32\YURD.exe E:\WINDOWS\lomxeqsn.exe E:\WINDOWS\ngwstxfd.dll E:\WINDOWS\rosqxvmn.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . E:\SDFix E:\SDFix\apps\clb1.txt E:\SDFix\apps\Installed.txt E:\SDFix\apps\leg2.txt E:\SDFix\apps\legacy.txt E:\SDFix\apps\legacybk.txt E:\SDFix\apps\Rem.txt E:\SDFix\apps\Rem2.txt E:\SDFix\apps\srv2.txt E:\SDFix\apps\srv2bk.txt E:\SDFix\apps\svc.txt E:\SDFix\apps\svcbk.txt E:\SDFix\DBFix.bat E:\SDFix\RunThis.bat E:\WINDOWS\lomxeqsn.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 )))))))))))))))))))))))))))))))))))) . 2008-10-14 21:55 . 2008-10-14 21:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\0000005738 2008-10-14 10:22 . 2008-10-14 10:22 <REP> d-------- E:\Documents and Settings\All Users\Application Data\jwbwtsfi 2008-10-14 09:43 . 2008-10-14 09:43 <REP> d-------- E:\rsit 2008-10-14 09:08 . 2008-10-14 09:08 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 09:08 . 2008-09-10 00:04 38,528 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 09:08 . 2008-09-10 00:03 17,200 --a------ E:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 21:57 . 2008-10-15 08:40 3,304 --a------ E:\WINDOWS\system32\tmp.reg 2008-10-13 21:53 . 2008-10-13 22:05 <REP> d-------- E:\Documents and Settings\DEMARAIS\SmitfraudFix 2008-10-13 21:23 . 2008-10-15 10:17 <REP> d-------- E:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-10-13 20:58 . 2008-10-13 20:58 <REP> d-------- E:\Program Files\Panda Security 2008-10-13 19:52 . 2008-10-14 09:26 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\sp2 2008-10-13 18:48 . 2008-10-13 18:52 <REP> d-------- E:\WINDOWS\system32\AVGUARD_48fa09da 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage réseau 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage d'impression 2008-10-13 17:57 . 2008-05-15 02:12 <REP> d--h----- E:\Documents and Settings\Administrateur\Modèles 2008-10-13 17:57 . 2008-10-14 08:27 <REP> d-------- E:\Documents and Settings\Administrateur\Mes documents 2008-10-13 17:57 . 2008-05-14 23:20 <REP> dr------- E:\Documents and Settings\Administrateur\Menu Démarrer 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d-------- E:\Documents and Settings\Administrateur\Favoris 2008-10-13 17:57 . 2008-10-14 08:39 <REP> d-------- E:\Documents and Settings\Administrateur\Bureau 2008-10-13 17:57 . 2008-10-13 17:57 <REP> d-------- E:\Documents and Settings\Administrateur 2008-10-13 17:56 . 2008-10-15 08:37 334 --a------ E:\WINDOWS\system32\drivers\fwdrv.err 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Malwarebytes 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-09 17:59 . 2008-10-10 18:14 <REP> d-------- E:\Program Files\Intuisphere 2008-10-09 17:09 . 2008-10-12 17:13 54,156 --ah----- E:\WINDOWS\QTFont.qfn 2008-10-09 17:09 . 2008-10-09 17:09 1,409 --a------ E:\WINDOWS\QTFont.for 2008-10-09 16:12 . 2008-10-09 16:13 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\DeepBurner 2008-10-08 18:55 . 2008-10-08 18:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Acoustica 2008-10-08 14:10 . 2008-10-08 14:10 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Canneverbe_Limited 2008-10-06 18:19 . 2008-10-06 19:18 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Nero 2008-10-04 13:15 . 2008-10-04 13:15 4,767 --a------ E:\WINDOWS\Irremote.ini 2008-10-04 12:36 . 2008-10-04 13:43 <REP> d-------- E:\Program Files\Fichiers communs\Nero 2008-10-04 12:36 . 2008-10-04 13:02 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 05:51 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\Spamihilator 2008-10-13 14:09 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-13 13:12 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP 2008-10-10 06:58 82,944 ----a-w E:\WINDOWS\system32\o4Patch.exe 2008-10-10 06:58 82,944 ----a-w E:\WINDOWS\system32\IEDFix.C.exe 2008-10-07 15:13 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\gtk-2.0 2008-10-06 15:43 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\dvdcss 2008-10-04 11:12 --------- d-----w E:\Program Files\Nero 2008-10-03 12:33 --------- d-----w E:\Program Files\Fichiers communs\Ahead 2008-10-03 12:30 --------- d--h--w E:\Program Files\InstallShield Installation Information 2008-10-03 12:30 --------- d-----w E:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-10-01 13:51 87,552 ----a-w E:\WINDOWS\system32\VACFix.exe 2008-09-13 18:28 --------- d-----w E:\Program Files\Fichiers communs\Adobe 2008-09-13 11:42 --------- d-----w E:\Program Files\Fichiers communs\Macrovision Shared 2008-09-08 21:38 88,576 ----a-w E:\WINDOWS\system32\AntiXPVSTFix.exe 2008-08-18 16:45 --------- d-----w E:\Program Files\Microsoft Silverlight 2008-08-18 10:19 82,432 ----a-w E:\WINDOWS\system32\404Fix.exe 2008-07-18 20:10 94,920 ----a-w E:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w E:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w E:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w E:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w E:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w E:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w E:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w E:\WINDOWS\system32\wuaueng.dll 2008-06-21 07:23 47,360 ----a-w E:\Documents and Settings\DEMARAIS\Application Data\pcouffin.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . E:\WINDOWS\system32\AVGUARD_48fa09da -- Invalid filepath or file no longer exist ------- Sigcheck ------- 2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb E:\WINDOWS\system32\user32.dll 2006-06-21 00:22 2059008 5311776074b6c13f983dc75baeac9c0c E:\WINDOWS\system32\ntkrnlpa.exe 2006-06-21 00:05 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a E:\WINDOWS\system32\ntoskrnl.exe 2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 E:\WINDOWS\explorer.exe 2006-06-21 00:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 E:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93105498-AF47-40B8-A48C-441DFA6C4774}] E:\WINDOWS\system32\fccaXQkK.dll [bU] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6}] E:\WINDOWS\system32\wvUmlmJD.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "RoboForm"="C:\Program Files\Siber Systems\RoboTaskBarIcon.exe" [2008-09-11 160592] "TomTomHOME.exe"="c:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] "Player"="E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 86016] "HPDJ Taskbar Utility"="E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416] "Spamihilator"="c:\Program Files\Spamihilator\spamihilator.exe" [2008-04-05 1060864] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "avgnt"="E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 266280] "nwiz"="nwiz.exe" [2005-06-15 E:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMFUprogramsList"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "NoInstrumentation"= 0 (0x0) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "DisallowCpl"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6}"= "E:\WINDOWS\system32\wvUmlmJD.dll" [bU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pMDUnLDw] pMDUnLDw.dll [bU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "vidc.dvsd"= pdvcodec.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"="0x00000000" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 avgntmgr;avgntmgr;E:\WINDOWS\system32\drivers\avgntmgr.sys [2005-07-06 14848] R1 fwdrv;Firewall Driver;E:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432] R1 khips;Kerio HIPS Driver;E:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 NMSAccessU;NMSAccessU;c:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R3 fbxusb;FreeBox USB Network Adapter;E:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] R3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S1 avgntdd;avgntdd;E:\WINDOWS\system32\DRIVERS\avgntdd.sys [2005-08-23 31744] S3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac439b7a-2384-11dd-9cc8-0007cb0000ff}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-15 22:34:35 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-15 22:39:50 ComboFix-quarantined-files.txt 2008-10-15 20:39:18 ComboFix2.txt 2008-10-15 08:40:25 ComboFix3.txt 2008-10-14 20:31:48 Avant-CF: 9 771 180 032 octets libres Après-CF: 9,761,964,032 octets libres 199
-
Ok ça marche Je bosse de nouveau cet AM alors je verrais au retours. au fait j'ai réutilisé combo et je l'ai laissé redémarer en mode normal après son travail . Les messages alerte virus n'apparaissent plus, l'image de de fond avec un antispiware disparu également. Veux tu que je poste le dernier rapport? Antivir est installé mais je ne parviens pas à le mettre en action ni à faire de mise à jour. Chaque chose en son temps va tu me dire alors à tout à l'heure.
-
Bonjours à tous J'ai remis le PC en route j'attend les nouvelles instructions.
-
Je ferme denouveau pour ce soir a demain pour la suite Merci
-
Me voici de nouveau c'est toujours la même m..... ci joint le rapport combofix demandé je ne sais pas si j'ai bien fait mais le PC a redemaré est comme kerio se mettait en alerte je suis passé en mode sans echec pour ce rapport. Autre chose un anti virus (Rapid antivirus 2.7) est apparu comme par enchantement et ce met en action. Un raccourci sur le bureau également (BEST BDSM PORN) apparu je pense qu'il y a du boulot. Bonne lecture je croise les doigts ComboFix 08-10-14.03 - DEMARAIS 2008-10-14 22:00:16.1 - NTFSx86 Lancé depuis: C:\telecharfirefox\ComboFix.exe * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe E:\Documents and Settings\DEMARAIS\Application Data\inst.exe E:\Program Files\PCHealthCenter E:\Program Files\PCHealthCenter\0.exe E:\Program Files\PCHealthCenter\0.gif E:\Program Files\PCHealthCenter\1.exe E:\Program Files\PCHealthCenter\1.gif E:\Program Files\PCHealthCenter\1.ico E:\Program Files\PCHealthCenter\2.exe E:\Program Files\PCHealthCenter\2.gif E:\Program Files\PCHealthCenter\2.ico E:\Program Files\PCHealthCenter\3.exe E:\Program Files\PCHealthCenter\3.gif E:\Program Files\PCHealthCenter\4.exe E:\Program Files\PCHealthCenter\5.exe E:\Program Files\PCHealthCenter\7.exe E:\Program Files\PCHealthCenter\foo.txt E:\Program Files\PCHealthCenter\sc.html E:\WINDOWS\privacy_danger E:\WINDOWS\privacy_danger\images\body.gif E:\WINDOWS\privacy_danger\images\capt.gif E:\WINDOWS\privacy_danger\images\capt2.gif E:\WINDOWS\privacy_danger\images\red.gif E:\WINDOWS\privacy_danger\images\text.gif E:\WINDOWS\privacy_danger\index.htm E:\WINDOWS\system32\1.ico E:\WINDOWS\system32\2.ico E:\WINDOWS\system32\aptwah.dll E:\WINDOWS\system32\awtQIAtT.dll E:\WINDOWS\system32\ddcDwxuu.dll E:\WINDOWS\system32\efcAsqrQ.dll E:\WINDOWS\system32\efcBuvVl.dll E:\WINDOWS\system32\efcCvSIy.dll E:\WINDOWS\system32\fccaXQkK.dll E:\WINDOWS\system32\fykcybfg.dll E:\WINDOWS\system32\iiffETNE.dll E:\WINDOWS\system32\isabawbx.dll E:\WINDOWS\system32\KkQXaccf.ini E:\WINDOWS\system32\KkQXaccf.ini2 E:\WINDOWS\system32\kvmjgjjw.dll E:\WINDOWS\system32\lknpcp.dll E:\WINDOWS\system32\pftvusdu.dll E:\WINDOWS\system32\pmnMdEwT.dll E:\WINDOWS\system32\rjenon.dll E:\WINDOWS\system32\twuhwj.dll E:\WINDOWS\system32\udsuvtfp.ini E:\WINDOWS\system32\wefwrxan.dll E:\WINDOWS\system32\wvUmlmJD.dll ----- BITS: Il y a peut-être des sites infectés ----- hxxp://78.157.143.198 . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 )))))))))))))))))))))))))))))))))))) . 2008-10-14 21:55 . 2008-10-14 21:55 <REP> d-------- E:\Program Files\Rapid Antivirus 2008-10-14 21:55 . 2008-10-14 21:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Rapid Antivirus 2008-10-14 21:55 . 2008-10-14 21:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\0000005738 2008-10-14 10:22 . 2008-10-14 10:22 <REP> d-------- E:\Documents and Settings\All Users\Application Data\jwbwtsfi 2008-10-14 10:18 . 2008-10-14 07:31 225,280 --a------ E:\WINDOWS\ngwstxfd.dll 2008-10-14 10:18 . 2008-10-14 07:31 212,992 --a------ E:\WINDOWS\rosqxvmn.dll 2008-10-14 10:18 . 2008-10-14 07:31 86,016 --a------ E:\WINDOWS\lomxeqsn.exe 2008-10-14 09:43 . 2008-10-14 09:43 <REP> d-------- E:\rsit 2008-10-14 09:35 . 2008-10-14 09:35 <REP> d-------- E:\SDFix 2008-10-14 09:08 . 2008-10-14 09:08 <REP> d-------- E:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 09:08 . 2008-09-10 00:04 38,528 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 09:08 . 2008-09-10 00:03 17,200 --a------ E:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 21:57 . 2008-10-14 08:52 3,392 --a------ E:\WINDOWS\system32\tmp.reg 2008-10-13 21:53 . 2008-10-13 22:05 <REP> d-------- E:\Documents and Settings\DEMARAIS\SmitfraudFix 2008-10-13 21:23 . 2008-10-13 21:24 <REP> d-------- E:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-10-13 20:58 . 2008-10-13 20:58 <REP> d-------- E:\Program Files\Panda Security 2008-10-13 19:52 . 2008-10-14 09:26 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\sp2 2008-10-13 18:48 . 2008-10-13 18:52 <REP> d-------- E:\WINDOWS\system32\AVGUARD_48fa09da 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage réseau 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage d'impression 2008-10-13 17:57 . 2008-05-15 02:12 <REP> d--h----- E:\Documents and Settings\Administrateur\Modèles 2008-10-13 17:57 . 2008-10-14 08:27 <REP> d-------- E:\Documents and Settings\Administrateur\Mes documents 2008-10-13 17:57 . 2008-05-14 23:20 <REP> dr------- E:\Documents and Settings\Administrateur\Menu Démarrer 2008-10-13 17:57 . 2008-05-14 23:20 <REP> d-------- E:\Documents and Settings\Administrateur\Favoris 2008-10-13 17:57 . 2008-10-14 08:39 <REP> d-------- E:\Documents and Settings\Administrateur\Bureau 2008-10-13 17:57 . 2008-10-13 17:57 <REP> d-------- E:\Documents and Settings\Administrateur 2008-10-13 17:56 . 2008-10-13 17:56 167 --a------ E:\WINDOWS\system32\drivers\fwdrv.err 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Malwarebytes 2008-10-13 17:33 . 2008-10-13 17:33 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-09 17:59 . 2008-10-10 18:14 <REP> d-------- E:\Program Files\Intuisphere 2008-10-09 17:09 . 2008-10-12 17:13 54,156 --ah----- E:\WINDOWS\QTFont.qfn 2008-10-09 17:09 . 2008-10-09 17:09 1,409 --a------ E:\WINDOWS\QTFont.for 2008-10-09 16:12 . 2008-10-09 16:13 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\DeepBurner 2008-10-08 18:55 . 2008-10-08 18:55 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Acoustica 2008-10-08 14:10 . 2008-10-08 14:10 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Canneverbe_Limited 2008-10-06 18:19 . 2008-10-06 19:18 <REP> d-------- E:\Documents and Settings\DEMARAIS\Application Data\Nero 2008-10-04 13:15 . 2008-10-04 13:15 4,767 --a------ E:\WINDOWS\Irremote.ini 2008-10-04 12:36 . 2008-10-04 13:43 <REP> d-------- E:\Program Files\Fichiers communs\Nero 2008-10-04 12:36 . 2008-10-04 13:02 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 19:48 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\Spamihilator 2008-10-13 14:09 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-13 13:12 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 15:13 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\gtk-2.0 2008-10-06 15:43 --------- d-----w E:\Documents and Settings\DEMARAIS\Application Data\dvdcss 2008-10-04 11:12 --------- d-----w E:\Program Files\Nero 2008-10-03 12:33 --------- d-----w E:\Program Files\Fichiers communs\Ahead 2008-10-03 12:30 --------- d--h--w E:\Program Files\InstallShield Installation Information 2008-10-03 12:30 --------- d-----w E:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-09-13 18:28 --------- d-----w E:\Program Files\Fichiers communs\Adobe 2008-09-13 11:42 --------- d-----w E:\Program Files\Fichiers communs\Macrovision Shared 2008-08-18 16:45 --------- d-----w E:\Program Files\Microsoft Silverlight 2008-06-21 07:23 47,360 ----a-w E:\Documents and Settings\DEMARAIS\Application Data\pcouffin.sys . ------- Sigcheck ------- 2006-06-21 00:05 578048 c34920eb988ce98910bd6b0417f334eb E:\WINDOWS\system32\user32.dll 2006-06-21 00:22 2059008 5311776074b6c13f983dc75baeac9c0c E:\WINDOWS\system32\ntkrnlpa.exe 2006-06-21 00:05 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a E:\WINDOWS\system32\ntoskrnl.exe 2006-05-17 00:39 1036288 76b3d5a12e1008fd656921d3035783f1 E:\WINDOWS\explorer.exe 2006-06-21 00:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 E:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5DEF05FD-97CC-4EAE-A4E9-000062CB0C25}"= "E:\WINDOWS\rosqxvmn.dll" [2008-10-14 212992] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "RoboForm"="C:\Program Files\Siber Systems\RoboTaskBarIcon.exe" [2008-09-11 160592] "TomTomHOME.exe"="c:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] "\YUR8.exe"="C:\Windows\system32\YUR8.exe" [2008-10-10 25088] "\YUR9.exe"="C:\Windows\system32\YUR9.exe" [2008-10-10 25088] "\YURA.exe"="C:\Windows\system32\YURA.exe" [2008-10-10 24064] "\YURB.exe"="C:\Windows\system32\YURB.exe" [2008-10-10 24064] "\YURD.exe"="C:\Windows\system32\YURD.exe" [2008-10-10 74752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 86016] "HPDJ Taskbar Utility"="E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416] "Spamihilator"="c:\Program Files\Spamihilator\spamihilator.exe" [2008-04-05 1060864] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "\YUR8.exe"="C:\Windows\system32\YUR8.exe" [2008-10-10 25088] "\YUR9.exe"="C:\Windows\system32\YUR9.exe" [2008-10-10 25088] "\YURA.exe"="C:\Windows\system32\YURA.exe" [2008-10-10 24064] "\YURB.exe"="C:\Windows\system32\YURB.exe" [2008-10-10 24064] "\YURD.exe"="C:\Windows\system32\YURD.exe" [2008-10-10 74752] "nwiz"="nwiz.exe" [2005-06-15 E:\WINDOWS\system32\nwiz.exe] E:\Documents and Settings\DEMARAIS\Menu D‚marrer\Programmes\D‚marrage\ Rapid Antivirus.lnk - E:\Program Files\Rapid Antivirus\Rapid Antivirus.exe [2008-10-14 701952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMFUprogramsList"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "NoInstrumentation"= 0 (0x0) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "DisallowCpl"= 1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "ngwstxfd"= {7883E292-6B3E-43C2-82A7-9B6AFB2E710A} - E:\WINDOWS\ngwstxfd.dll [2008-10-14 225280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "vidc.dvsd"= pdvcodec.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"="0x00000000" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 fwdrv;Firewall Driver;E:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432] R3 fbxusb;FreeBox USB Network Adapter;E:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S0 avgntmgr;avgntmgr;E:\WINDOWS\system32\drivers\avgntmgr.sys [ ] S1 avgntdd;avgntdd;E:\WINDOWS\system32\DRIVERS\avgntdd.sys [ ] S1 khips;Kerio HIPS Driver;E:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920] S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] S2 NMSAccessU;NMSAccessU;c:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] S3 usbscan;Pilote de scanneur USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac439b7a-2384-11dd-9cc8-0007cb0000ff}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . - - - - ORPHELINS SUPPRIMES - - - - BHO-{7ae89399-001c-4557-93e9-98b3277000e0} - E:\WINDOWS\system32\lknpcp.dll BHO-{93105498-AF47-40B8-A48C-441DFA6C4774} - E:\WINDOWS\system32\fccaXQkK.dll BHO-{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - E:\WINDOWS\system32\wvUmlmJD.dll Toolbar-{6366459B-45A6-489C-9726-429617BB05C2} - (no file) HKCU-Run-Player - E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe HKLM-Run-avgnt - E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe HKLM-Run-405ee515 - E:\WINDOWS\system32\pftvusdu.dll ShellExecuteHooks-{36DC214C-02C4-4341-8A84-997F4772E1E5} - (no file) ShellExecuteHooks-{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - E:\WINDOWS\system32\wvUmlmJD.dll Notify-pMDUnLDw - pMDUnLDw.dll . ------- Examen supplémentaire ------- . FireFox -: Profile - E:\Documents and Settings\DEMARAIS\Application Data\Mozilla\Firefox\Profiles\idaufaqv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.free.fr/ FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF -: plugin - E:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - E:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-14 22:21:22 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . Heure de fin: 2008-10-14 22:31:46 - La machine a redémarré ComboFix-quarantined-files.txt 2008-10-14 20:30:41 Avant-CF: 7 666 700 288 octets libres Après-CF: 9,822,244,864 octets libres 246
-
Ci joint le rapport manquant, oui j'ai désinstaller avast pare contre impossible d'installer antivir .Pour la suite prenez votre temps je serais de retours sur mon PC vers 22h00min il faut tout de même bien gagner ça vie bonne journée à tous . SmitFraudFix v2.359 Rapport fait à 8:51:12,34, 14/10/2008 Executé à partir de C:\telecharfirefox\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri E:\WINDOWS\vortsgbqtpr.dll deleted. E:\WINDOWS\olnmraew.dll deleted. E:\WINDOWS\qmafxprs.dll deleted. »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés E:\WINDOWS\lfstbwvd.dll supprimé Deleting [HKEY_CLASSES_ROOT\CLSID\{50A17A9B-237B-4364-8558-F13C778F8D49}] Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{50A17A9B-237B-4364-8558-F13C778F8D49}] E:\WINDOWS\privacy_danger\ supprimé E:\WINDOWS\qkeftmxn.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: FreeBox USB Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.240 DNS Server Search Order: 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4ECDDCD-EDA3-4E17-A6B9-A45836173F17}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4ECDDCD-EDA3-4E17-A6B9-A45836173F17}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E4ECDDCD-EDA3-4E17-A6B9-A45836173F17}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
-
Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1267 Windows 5.1.2600 Service Pack 2 14/10/2008 09:26:12 mbam-log-2008-10-14 (09-26-12).txt Type de recherche: Examen rapide Eléments examinés: 47257 Temps écoulé: 14 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 17 Valeur(s) du Registre infectée(s): 9 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 21 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): E:\WINDOWS\system32\iifdebBU.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d65bb153-79ec-45e5-b72f-e6be00a2f9ec} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{d65bb153-79ec-45e5-b72f-e6be00a2f9ec} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\qaccess.tchongabho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a34fa88d-8437-4634-8a60-e913011ef2e5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{36dc214c-02c4-4341-8a84-997f4772e1e5} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\olnmraew.baok (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f8de4182-0328-438e-b5ec-0a5f5e57fa2e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f8de4182-0328-438e-b5ec-0a5f5e57fa2e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhcjsjj0et61 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnsjj0et61 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qmafxprs (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\iifdebbu -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\iifdebbu info.txt logfile of random's system information tool 1.04 2008-10-14 09:43:55 ======Uninstall list====== -->C:\Program Files\Acoustica CD Label Maker\uisurvey.exe -->E:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3-->E:\Program Files\Fichiers communs\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->E:\Program Files\Fichiers communs\Adobe\Installers\0812c1e9d47122aff0003d974b5b524\Setup.exe Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002} Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9} Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\rfwipeout.exe" AntiVir PersonalEdition Classic Windows-->E:\Program Files\AntiVir PersonalEdition Classic\setup.exe /REMOVE Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Archiveur WinRAR-->c:\Program Files\WinRAR\uninstall.exe Artweaver 0.5-->"c:\Program Files\Artweaver 0.5\unins000.exe" a-squared Free 3.1-->"c:\Program Files\a-squared Free\unins000.exe" Audacity 1.2.6-->"E:\Program Files\Audacity\unins000.exe" avast! Antivirus-->c:\Program Files\Alwil Software\Avast4\aswRunDll.exe "c:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup AVG Anti-Rootkit Free-->c:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe AviSynth 2.5-->"c:\Program Files\AviSynth 2.5\Uninstall.exe" Cariboost 2.0-->"E:\Program Files\Intuisphere\Cariboost 2.0\unins000.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP-->"c:\Program Files\CDBurnerXP\unins000.exe" Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Compel Adaptec WinASPI-->"c:\Program Files\WinASPI\unins000.exe" Correctif Windows XP - KB867282-->E:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Correctif Windows XP - KB885894-->E:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe FileZilla Client 3.0.9.3-->c:\Program Files\FileZilla FTP Client\uninstall.exe GIMP 2.4.5-->"E:\Program Files\GIMP-2.0\setup\unins000.exe" GrabIt 1.7.1 Beta (build 960)-->"c:\Program Files\GrabIt\unins000.exe" HijackThis 2.0.2-->"C:\logiciels\HijackThis.exe" /uninstall Hotfix for Windows Media Format SDK (KB902344)-->"E:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" Inkscape 0.46-->c:\Program Files\Inkscape\Uninstall.exe Jaquette Express 1.8.0.0-->"c:\Program Files\Jaquette Express\uninstall.exe" Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} jetAudio Basic-->E:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe -runfromtemp -l0x0c0c -removeonly Lecteur Windows Media 10-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D} Macromedia Flash Player 8-->E:\WINDOWS\system32\Macromed\Flash\UninstFl.exe Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\wmv9vcm.inf, Uninstall Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"E:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"E:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913433)-->E:\WINDOWS\system32\MacroMed\Flash\genuinst.exe E:\WINDOWS\system32\MacroMed\Flash\KB913433.inf Mise à jour de sécurité pour Windows XP (KB917953)-->"E:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Mozilla Firefox (3.0.3)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NounouPaye-->MsiExec.exe /X{170D4256-37B2-4A9A-8C65-8092F16A7E54} NVIDIA Drivers-->E:\WINDOWS\system32\nvudisp.exe UninstallGUI O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PDFCreator-->c:\Program Files\PDFCreator\unins000.exe Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} Photosmart 130,230,7150,7345,7350,7550 (Supprimer uniquement)-->E:\Program Files\HP Photosmart 11\Printer\hphuni04.exe QuickPar 0.9-->c:\Program Files\QuickPar\uninst.exe QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RAPID-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C} RealPlayer-->E:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Rippack v3 beta 16.1-->"c:\Program Files\Rippackv3\Uninstall.exe" "c:\Program Files\Rippackv3\install.log" SmartSound Quicktracks Plugin-->E:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Spamihilator-->"c:\Program Files\Spamihilator\uninstall.exe" SpywareBlaster 4.1-->"c:\Program Files\SpywareBlaster\unins000.exe" Studio 10-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe" -l0x40c UNINSTALL Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{A990EAA7-8941-4621-BC27-4F16261D3180} TomTom HOME-->c:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe VideoLAN VLC media player 0.8.6f-->c:\Program Files\VideoLAN\VLC\uninstall.exe Virtual VCR-->"c:\Program Files\Virtual VCR\Uninstall.exe" "c:\Program Files\Virtual VCR\install.log" Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} Visual C++ CRT 8.0-->MsiExec.exe /I{B2395631-54D5-481E-B9A8-74B269546F40} Web Acappella-->"E:\Program Files\Intuisphere\Web Acappella\unins000.exe" Windows Media Format Runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10 Hotfix - KB888656-->"E:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe" Windows Messenger 5.1-->MsiExec.exe /I{9D1C26BD-E792-4159-9D16-07EA222D8EF0} ZebHelpProcess 2.26-->"c:\Program Files\ZebHelpProcess 2\unins000.exe" Securitycenter WMI appears to be broken ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;E:\Program Files\Fichiers communs\Ulead Systems\MPEG "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0103 "NUMBER_OF_PROCESSORS"=1 "TEMP"=%USERPROFILE%\Local Settings\Temp "TMP"=%USERPROFILE%\Local Settings\Temp "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "SAFEBOOT_OPTION"=NETWORK -----------------EOF----------------- Logfile of random's system information tool 1.04 (written by random/random) Run by DEMARAIS at 2008-10-14 09:43:33 Microsoft Windows XP Professionnel Service Pack 2 System drive E: has 7 GB (38%) free of 19 GB Total RAM: 1023 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:43:49, on 14/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe E:\WINDOWS\system32\NOTEPAD.EXE E:\Program Files\Mozilla Firefox\firefox.exe E:\WINDOWS\system32\rundll32.exe E:\WINDOWS\system32\rundll32.exe C:\telecharfirefox\RSIT.exe C:\logiciels\DEMARAIS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {f7ad714f-2603-f66b-34e4-2f00c1064839} - {9384601c-00f2-4e43-b66f-3062f417da7f} - E:\WINDOWS\system32\rjenon.dll O2 - BHO: (no name) - {B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - E:\WINDOWS\system32\wvUmlmJD.dll O2 - BHO: (no name) - {d65bb153-79ec-45e5-b72f-e6be00a2f9ec} - E:\WINDOWS\system32\iifdebBU.dll (file missing) O2 - BHO: (no name) - {E0AE96FF-84D3-45DD-866C-2F94CB8BD338} - E:\WINDOWS\system32\fccbBQJy.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\roboform.dll O3 - Toolbar: olnmraew - {6366459B-45A6-489C-9726-429617BB05C2} - E:\WINDOWS\olnmraew.dll (file missing) O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [spamihilator] "c:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "c:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Player] E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Srchasst" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\msagent" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboFormComShowToolbar.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: rjenon.dll O20 - Winlogon Notify: pMDUnLDw - pMDUnLDw.dll (file missing) O20 - Winlogon Notify: wvUmlmJD - E:\WINDOWS\SYSTEM32\wvUmlmJD.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Unknown owner - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Unknown owner - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - E:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - E:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPH11 - HP - E:\WINDOWS\system32\HPHipm11.exe -- End of file - 8021 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384601c-00f2-4e43-b66f-3062f417da7f}] E:\WINDOWS\system32\rjenon.dll [2008-10-14 111616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6}] E:\WINDOWS\system32\wvUmlmJD.dll [2008-10-13 37888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d65bb153-79ec-45e5-b72f-e6be00a2f9ec}] E:\WINDOWS\system32\iifdebBU.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0AE96FF-84D3-45DD-866C-2F94CB8BD338}] E:\WINDOWS\system32\fccbBQJy.dll [2008-10-14 265728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\roboform.dll [2008-06-20 2296832] {6366459B-45A6-489C-9726-429617BB05C2} - olnmraew - E:\WINDOWS\olnmraew.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast!"=c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2005-06-15 6803456] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2005-06-15 86016] "HPDJ Taskbar Utility"=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416] "Spamihilator"=c:\Program Files\Spamihilator\spamihilator.exe [2008-04-05 1060864] "SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784] "avgnt"=E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe /min [] "KernelFaultCheck"=E:\WINDOWS\system32\dumprep 0 -k [] "Malwarebytes Anti-Malware (reboot)"=E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-10 1253040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] "RoboForm"=C:\Program Files\Siber Systems\RoboTaskBarIcon.exe [2008-09-11 160592] "TomTomHOME.exe"=c:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] "Player"=E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe [2008-10-13 16896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="rjenon.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pMDUnLDw] pMDUnLDw.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] E:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUmlmJD] E:\WINDOWS\system32\wvUmlmJD.dll [2008-10-13 37888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{36DC214C-02C4-4341-8A84-997F4772E1E5}"= [] "{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6}"=E:\WINDOWS\system32\wvUmlmJD.dll [2008-10-13 37888] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 E:\WINDOWS\system32\fccbBQJy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SynchronousMachineGroupPolicy"=0 "SynchronousUserGroupPolicy"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=219 "NoStrCmpLogical"=1 "NoResolveTrack"=0 "NoResolveSearch"=0 "NoRun"=0 "NoFind"=0 "NoSMMyPictures"=0 "NoStartMenuMFUprogramsList"=0 "NoUserNameInStartMenu"=0 "MaxRecentDocs"=15 "NoInstrumentation"=0 "MemCheckBoxInRunDlg"=1 "NoSMBalloonTip"=0 "DisallowCpl"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "ForceClassicControlPanel"= "NoSimpleStartMenu"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager" "C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio" "C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile" "C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac439b7a-2384-11dd-9cc8-0007cb0000ff}] shell\AutoRun\command - G:\InstallTomTomHOME.exe ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2008-10-14 09:43:33 ----D---- E:\rsit 2008-10-14 09:39:17 ----SH---- E:\WINDOWS\system32\jelaawrt.ini 2008-10-14 09:39:04 ----A---- E:\WINDOWS\system32\trwaalej.dll 2008-10-14 09:38:52 ----A---- E:\WINDOWS\system32\rjenon.dll 2008-10-14 09:38:50 ----A---- E:\WINDOWS\system32\wefwrxan.dll 2008-10-14 09:36:14 ----ASH---- E:\WINDOWS\system32\yJQBbccf.ini2 2008-10-14 09:36:13 ----ASH---- E:\WINDOWS\system32\yJQBbccf.ini 2008-10-14 09:35:58 ----A---- E:\WINDOWS\system32\fccbBQJy.dll 2008-10-14 09:35:01 ----D---- E:\SDFix 2008-10-14 09:28:37 ----D---- E:\Avenger 2008-10-14 09:28:36 ----A---- E:\avenger.txt 2008-10-14 09:08:15 ----D---- E:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 08:26:28 ----A---- E:\WINDOWS\system32\twuhwj.dll 2008-10-14 08:26:27 ----A---- E:\WINDOWS\system32\isabawbx.dll 2008-10-14 08:18:21 ----D---- E:\WINDOWS\Minidump 2008-10-13 21:57:09 ----A---- E:\WINDOWS\system32\tmp.txt 2008-10-13 21:55:36 ----A---- E:\rapport.txt 2008-10-13 21:54:04 ----A---- E:\WINDOWS\system32\o4Patch.exe 2008-10-13 21:54:04 ----A---- E:\WINDOWS\system32\IEDFix.C.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\WS2Fix.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\VCCLSID.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\VACFix.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\swxcacls.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\swsc.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\swreg.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\SrchSTS.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\Process.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\IEDFix.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\dumphive.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\AntiXPVSTFix.exe 2008-10-13 21:54:03 ----A---- E:\WINDOWS\system32\404Fix.exe 2008-10-13 21:35:09 ----A---- E:\WINDOWS\system32\ddcDwxuu.dll 2008-10-13 21:35:08 ----A---- E:\WINDOWS\system32\efcAsqrQ.dll 2008-10-13 21:23:59 ----D---- E:\Program Files\AntiVir PersonalEdition Classic 2008-10-13 21:23:59 ----D---- E:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2008-10-13 20:58:28 ----D---- E:\Program Files\Panda Security 2008-10-13 20:55:06 ----A---- E:\WINDOWS\system32\aptwah.dll 2008-10-13 20:55:04 ----A---- E:\WINDOWS\system32\fykcybfg.dll 2008-10-13 20:53:29 ----A---- E:\WINDOWS\system32\4b7d216b-.txt 2008-10-13 20:51:59 ----A---- E:\WINDOWS\system32\awtQIAtT.dll 2008-10-13 20:51:56 ----A---- E:\WINDOWS\system32\efcCvSIy.dll 2008-10-13 19:58:20 ----A---- E:\WINDOWS\system32\iiffETNE.dll 2008-10-13 19:58:19 ----A---- E:\WINDOWS\system32\wvUmlmJD.dll 2008-10-13 19:52:55 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\sp2 2008-10-13 18:48:29 ----D---- E:\WINDOWS\system32\AVGUARD_48fa09da 2008-10-13 17:47:19 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\TmpRecentIcons 2008-10-13 17:33:29 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Malwarebytes 2008-10-13 17:33:12 ----D---- E:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-10 18:07:39 ----A---- E:\WINDOWS\system32\BASSMOD.dll 2008-10-09 17:59:26 ----D---- E:\Program Files\Intuisphere 2008-10-09 16:12:12 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\DeepBurner 2008-10-08 18:55:07 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Acoustica 2008-10-08 14:10:24 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Canneverbe_Limited 2008-10-06 18:19:34 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Nero 2008-10-04 13:15:58 ----A---- E:\WINDOWS\Irremote.ini 2008-10-04 12:36:26 ----D---- E:\Documents and Settings\All Users\Application Data\Nero 2008-10-04 12:36:22 ----D---- E:\Program Files\Fichiers communs\Nero ======List of files/folders modified in the last 1 months====== 2008-10-14 09:39:25 ----D---- E:\WINDOWS\system32 2008-10-14 09:35:30 ----D---- E:\Program Files\Mozilla Firefox 2008-10-14 09:33:23 ----A---- E:\WINDOWS\ntbtlog.txt 2008-10-14 09:28:37 ----RD---- E:\Program Files 2008-10-14 09:26:56 ----D---- E:\WINDOWS\system32\drivers 2008-10-14 09:26:10 ----D---- E:\WINDOWS 2008-10-14 08:13:13 ----SHD---- E:\System Volume Information 2008-10-14 08:13:13 ----D---- E:\WINDOWS\system32\Restore 2008-10-13 22:25:33 ----A---- E:\WINDOWS\SchedLgU.Txt 2008-10-13 21:29:33 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Spamihilator 2008-10-13 21:26:28 ----D---- E:\WINDOWS\system32\CatRoot2 2008-10-13 20:26:46 ----D---- E:\TEMP 2008-10-13 18:42:04 ----SHD---- E:\RECYCLER 2008-10-13 17:57:48 ----D---- E:\Documents and Settings 2008-10-13 17:27:11 ----D---- E:\WINDOWS\Prefetch 2008-10-13 17:24:00 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\Adobe 2008-10-13 16:09:26 ----D---- E:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-13 15:48:08 ----A---- E:\WINDOWS\system.ini 2008-10-13 15:43:13 ----SHD---- E:\WINDOWS\Installer 2008-10-13 15:13:34 ----D---- E:\Program Files\Fichiers communs 2008-10-13 15:13:32 ----HD---- E:\WINDOWS\inf 2008-10-13 15:13:24 ----D---- E:\WINDOWS\Temp 2008-10-13 15:12:32 ----AD---- E:\Documents and Settings\All Users\Application Data\TEMP 2008-10-07 17:13:41 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\gtk-2.0 2008-10-06 17:43:18 ----D---- E:\Documents and Settings\DEMARAIS\Application Data\dvdcss 2008-10-06 11:42:18 ----D---- E:\WINDOWS\system32\oodag 2008-10-04 13:12:32 ----D---- E:\Program Files\Nero 2008-10-04 12:36:11 ----D---- E:\WINDOWS\WinSxS 2008-10-04 12:35:36 ----D---- E:\Program Files\Fichiers communs\Microsoft Shared 2008-10-03 14:33:07 ----D---- E:\Program Files\Fichiers communs\Ahead 2008-10-03 14:30:32 ----HD---- E:\Program Files\InstallShield Installation Information 2008-10-03 14:30:32 ----D---- E:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-09-30 17:01:10 ----A---- E:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 AvgArCln;Avg Anti-Rootkit Clean Driver; E:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968] R1 fwdrv;Firewall Driver; E:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432] R3 ASAPIW2K;ASAPIW2K; \??\E:\WINDOWS\system32\Drivers\asapiW2k.sys [] R3 fbxusb;FreeBox USB Network Adapter; E:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] R3 hidusb;Pilote de classe HID Microsoft; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-28 9600] R3 MarvinBus;Pinnacle Marvin Bus; E:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-06-21 30080] R3 usbhub;Concentrateur USB2; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-06-21 20608] S1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] S1 aswSP;avast! Self Protection; E:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] S1 avgntdd;avgntdd; E:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [] S1 khips;Kerio HIPS Driver; E:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920] S1 PCLEPCI;PCLEPCI; \??\E:\WINDOWS\system32\drivers\pclepci.sys [] S2 Aspi32;Aspi32; E:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] S2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] S3 a5z56k5t;a5z56k5t; E:\WINDOWS\system32\drivers\a5z56k5t.sys [] S3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); E:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] S3 Dot4 HPH11;Dot4 HPH11; E:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896] S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; E:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112] S3 Dot4Usb HPH11;Dot4Usb HPH11; E:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; E:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944] S3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-06-15 3200256] S3 pcouffin;VSO Software pcouffin; E:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-20 47360] S3 usbprint;Classe d'imprimantes USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;Pilote de scanneur USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 vncdrv;vncdrv; E:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736] S3 WpdUsb;WpdUsb; E:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 a2free;a-squared Free Service; c:\Program Files\a-squared Free\a2service.exe [2008-10-12 418936] S2 AntiVirScheduler;AntiVir Scheduler; E:\Program Files\AntiVir PersonalEdition Classic\sched.exe [] S2 AntiVirService;AntiVir PersonalEdition Classic Service; E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [] S2 aswUpdSv;avast! iAVS4 Control Service; c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] S2 avast! Antivirus;avast! Antivirus; c:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; E:\Program Files\Bonjour\mDNSResponder.exe [] S2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe [2005-12-19 1368064] S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] S2 NMSAccessU;NMSAccessU; c:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] S2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2005-06-15 127043] S2 O&O Defrag;O&O Defrag; E:\WINDOWS\system32\oodag.exe [2006-08-31 340992] S2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 avast! Mail Scanner;avast! Mail Scanner; c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] S3 avast! Web Scanner;avast! Web Scanner; c:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-13 654848] S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPH11;Pml Driver HPH11; E:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824] S3 WMConnectCDS;Service Windows Media Connect; E:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064] -----------------EOF-----------------
-
Bonjour me voici de retours, j'ai été obligé de redémarer le PC en mode sans echec avec prise en charge du réseau,celui-ci plantant. J'enregistre les instructions données et je me met au boulot.
-
Prenez votre temps je deconnecte debout depuis 03h30 j'vé au pieu retour demain matin merci pour tout bonne nuit
-
SmitFraudFix v2.359 Rapport fait à 21:55:36,15, 13/10/2008 Executé à partir de E:\Documents and Settings\DEMARAIS\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe c:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spamihilator\spamihilator.exe E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe E:\WINDOWS\system32\lphcnsjj0et61.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Siber Systems\RoboTaskBarIcon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe E:\WINDOWS\system32\spoolsv.exe c:\Program Files\a-squared Free\a2service.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe c:\Program Files\CDBurnerXP\NMSAccessU.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\oodag.exe E:\WINDOWS\system32\svchost.exe c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe c:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe E:\WINDOWS\system32\cmd.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\WINDOWS\system32\cmd.exe E:\WINDOWS\explorer.exe E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE E:\WINDOWS\system32\HPHipm11.exe E:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» E:\ »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS E:\WINDOWS\lfstbwvd.dll PRESENT ! E:\WINDOWS\privacy_danger PRESENT ! E:\WINDOWS\qkeftmxn.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\DEMARAIS »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\DEMARAIS\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\DEMARAIS\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///E:\\WINDOWS\\privacy_danger\\index.htm" "SubscribedURL"="" "FriendlyName"="Privacy Protection" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri +--------------------------------------------------+ [!] Suspicious: vortsgbqtpr.dll BHO: QXK Olive - {F8DE4182-0328-438E-B5EC-0A5F5E57FA2E} TypeLib: {FEC11AA8-D826-4562-9223-A9A901A06B56} Interface: {73E37705-8560-4541-A9DB-C8DE64D7CD00} Interface: {AFE3DAB2-8795-45E5-BF5B-89F21F7FEBA0} [!] Suspicious: olnmraew.dll Toolbar: olnmraew - {6366459B-45A6-489C-9726-429617BB05C2} TypeLib: {7D00A8F3-409C-4512-BC77-2BD681C35A41} Interface: {12C2E31D-06A2-4592-A39D-3BC6E8C02AF0} Classe: olnmraew.baok Classe: olnmraew.ToolBar.1 [!] Suspicious: qmafxprs.dll SSODL: qmafxprs - {B81B8578-4A24-43AC-85A0-E94F685071B9} »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="aptwah.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="E:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: FreeBox USB Network Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.240 DNS Server Search Order: 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E4ECDDCD-EDA3-4E17-A6B9-A45836173F17}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E4ECDDCD-EDA3-4E17-A6B9-A45836173F17}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E4ECDDCD-EDA3-4E17-A6B9-A45836173F17}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
-
J'ajoute en plus dans la barre d'état a coté de l'heure est affiché Virus ALERT ! de l'autre coté une espèce de petite croix clignote
-
bonjour avast a découvert des virus et ne peut les supprimer. Sur mon bureau c'est affiché Spyware detected on your computer. Un autre message vient s'inscrire dans une fenêtre worm.win32.netbooster detected in your computer est il trop tard si joint rapport HijackThis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14: VIRUS ALERT!, on 13/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe c:\Program Files\Alwil Software\Avast4\ashServ.exe E:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spamihilator\spamihilator.exe E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe E:\WINDOWS\system32\lphcnsjj0et61.exe E:\Documents and Settings\DEMARAIS\Local Settings\Temp\.tt18.tmp.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Siber Systems\RoboTaskBarIcon.exe E:\WINDOWS\system32\drivers\svchost.exe E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe E:\WINDOWS\system32\spoolsv.exe c:\Program Files\a-squared Free\a2service.exe E:\Program Files\AntiVir PersonalEdition Classic\sched.exe E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe c:\Program Files\CDBurnerXP\NMSAccessU.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\oodag.exe E:\WINDOWS\system32\svchost.exe c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe c:\Program Files\Alwil Software\Avast4\ashWebSv.exe E:\WINDOWS\system32\wuauclt.exe E:\Program Files\Mozilla Firefox\firefox.exe C:\logiciels\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - :E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: QXK Olive - {F8DE4182-0328-438E-B5EC-0A5F5E57FA2E} - E:\WINDOWS\vortsgbqtpr.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\roboform.dll O3 - Toolbar: olnmraew - {6366459B-45A6-489C-9726-429617BB05C2} - E:\WINDOWS\olnmraew.dll O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [spamihilator] "c:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [lphcnsjj0et61] E:\WINDOWS\system32\lphcnsjj0et61.exe O4 - HKLM\..\Run: [inrhcjsjj0et61] E:\Documents and Settings\DEMARAIS\Local Settings\Temp\.tt18.tmp.exe /CR=3BA05DB154E618CBD17FDED283BEBE98E835146A20BACEE4F6B505536351A3CC8646DA1A6169E 20B1CC20C72729CDC6719B881700D137EA9EFD8D39C45E5454D0EDF4525B800054990C7BE3DF7F6E6 0806AFE03C0262E1 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "c:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [sVCHOST.EXE] E:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [Player] E:\Documents and Settings\DEMARAIS\Application Data\Adobe\Player.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Srchasst" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\msagent" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "E:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\RoboFormComShowToolbar.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @E:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'e:\program files\bonjour\mdnsnsp.dll' missing O20 - Winlogon Notify: pMDUnLDw - pMDUnLDw.dll (file missing) O21 - SSODL: lfstbwvd - {50A17A9B-237B-4364-8558-F13C778F8D49} - E:\WINDOWS\lfstbwvd.dll O21 - SSODL: qmafxprs - {B81B8578-4A24-43AC-85A0-E94F685071B9} - E:\WINDOWS\qmafxprs.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - E:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - E:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPH11 - HP - E:\WINDOWS\system32\HPHipm11.exe O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm -- End of file - 9860 bytes
-
bonjour à tous et toutes . Me revoilà de retours sur mes sims 2 . Je tiens tout de même à tous vous remercier pour vos astuces que j'ai tester. Mais hélas rien y a fait . J'ai donc pris une décision. Formater entièrement le DD puis réinstaller win xp Ensuite j'ai réinstaller les sims 2 et ......... miracle de la technique ça fonctionne. Je ne saurais hélas toujours pas pourquoi ça ne fonctionnait pas avant. Encore merci à tous et à bientôt.
-
Bonjour à tous. Me revoilà sur le problème J'ai suivi ton dernier conseil Tornado mais hélas rien. odSen: j'ai fait une installation en mode sans echec , et .... toujours la même chose. Si ça continue je vais envoyer un mail à EA Games pour leurs expliquer le problème ainsi que mon mécontentement. Merci tout de même à tous pour votre aide.