Syrius
-
Compteur de contenus
47 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Syrius
-
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, Maintenant, qu'est ce que je dois faire ? Merci -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, Voici le rapport de gmer.exe que tu demandais : GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-05 22:29:38 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xB723A110] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xB7239920] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xB7235EE0] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xB7238F20] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xB7238D90] SSDT BAF9460C ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xB723A190] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xB7236320] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xB72363C0] SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xB70889A0] SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Kerio Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xB7088B30] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xB7239BF0] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xB7236140] SSDT BAF945F8 ZwOpenProcess SSDT BAF945FD ZwOpenThread SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xB7239510] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xB7239F00] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xB72364D0] SSDT BAF94607 ZwTerminateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xB7239E50] SSDT BAF94602 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- PAGENDSM NDIS.sys!NdisMIndicateStatus BA5C4A5F 6 Bytes JMP B722DED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\nvsvc32.exe[284] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\nvsvc32.exe[284] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\nvsvc32.exe[284] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\nvsvc32.exe[284] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\WINDOWS\system32\nvsvc32.exe[284] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\WINDOWS\system32\nvsvc32.exe[284] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[436] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\RUNDLL32.EXE[572] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe[624] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[648] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[648] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[648] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[648] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[648] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[648] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\apps\ABoard\ABoard.exe[688] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\apps\ABoard\ABoard.exe[688] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\apps\ABoard\ABoard.exe[688] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[712] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[796] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[796] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[796] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[824] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[868] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe[1016] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1096] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe[1140] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1184] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1184] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[1184] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00080EC8 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\eHome\ehmsas.exe[1228] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\WINDOWS\eHome\ehmsas.exe[1228] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\eHome\ehmsas.exe[1228] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\apps\ABoard\AOSD.exe[1244] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\apps\ABoard\AOSD.exe[1244] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\apps\ABoard\AOSD.exe[1244] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[1264] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838 .text C:\WINDOWS\ehome\mcrdsvc.exe[1300] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1372] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00080EC8 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe[1436] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1500] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[1604] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[1604] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[1604] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1648] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\a-squared Free\a2service.exe[1852] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\a-squared Free\a2service.exe[1852] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\a-squared Free\a2service.exe[1852] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1884] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1896] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\eHome\ehRecvr.exe[1928] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838 .text C:\WINDOWS\eHome\ehRecvr.exe[1928] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\eHome\ehSched.exe[1956] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\WINDOWS\eHome\ehSched.exe[1956] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\eHome\ehSched.exe[1956] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00030F54 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00030FE0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00030D24 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00030DB0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00030E3C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[2020] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00030EC8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2092] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] USER32.DLL!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text D:\Documents and Settings\Didier\Bureau\gmer.exe[2220] USER32.DLL!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Apps\Softex\OmniPass\Omniserv.exe[2260] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\dllhost.exe[2272] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\dllhost.exe[2272] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\dllhost.exe[2272] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\dllhost.exe[2272] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\dllhost.exe[2272] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\dllhost.exe[2272] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\alg.exe[2428] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\alg.exe[2428] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\alg.exe[2428] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\alg.exe[2428] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\alg.exe[2428] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\alg.exe[2428] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0 .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C .text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2444] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2604] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0 .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C .text C:\Program Files\Mozilla Firefox\firefox.exe[2624] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[2656] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00130F54 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00130FE0 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00130D24 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00130DB0 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00130E3C .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00130EC8 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Apps\Softex\OmniPass\OPXPApp.exe[2720] ws2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2924] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[2952] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\APPS\SMP\SmpSys.exe[2988] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\APPS\SMP\SmpSys.exe[2988] user32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\APPS\SMP\SmpSys.exe[2988] user32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[2996] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[2996] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[2996] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\Program Files\MSN Messenger\usnsvc.exe[3404] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 037A4780 C:\Apps\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.) .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!DeleteFileW 7C831F31 5 Bytes JMP 037A4DF0 C:\Apps\Softex\OmniPass\opfolderext.dll (OpFolderExt/Softex Inc.) .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\Explorer.EXE[3472] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608 .text C:\WINDOWS\Explorer.EXE[3472] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\Explorer.EXE[3472] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00080F54 .text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00080D24 .text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00080E3C .text C:\WINDOWS\Explorer.EXE[3472] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00080EC8 .text C:\WINDOWS\Explorer.EXE[3472] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\Explorer.EXE[3472] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\Explorer.EXE[3472] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3604] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\ehome\ehtray.exe[4020] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608 .text C:\WINDOWS\ehome\ehtray.exe[4020] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\ehome\ehtray.exe[4020] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetConnectA 440949F2 5 Bytes JMP 00070F54 .text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetConnectW 44095BE0 5 Bytes JMP 00070FE0 .text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 00070D24 .text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 00070DB0 .text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 00070E3C .text C:\WINDOWS\ehome\ehtray.exe[4020] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 00070EC8 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\RTHDCPL.EXE[4040] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608 .text C:\WINDOWS\RTHDCPL.EXE[4040] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\RTHDCPL.EXE[4040] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [b722DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [b722E680] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [b722E580] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [b722E4C0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [b722E360] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [b722EBB0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [b722EE70] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [b722E210] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [b722DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [b722DD90] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [b722DDC0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [b722DCE0] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [b722DD00] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation) Device \FileSystem\Fastfat \Fat AE885C8A AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.14 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@dbmcchdedodldehpociepmppgnbamldepgknbmed 0x69 0x61 0x62 0x6F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@cbcbaebiljjdchkoeijkdcehhbpoebelancmln 0x69 0x61 0x62 0x6F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@iamcchdedodldehpoc 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@hacbaebiljjdchko 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{537FC553-3B1B-E6D1-7BC8-2AF5C15343DC}@iaibknhhcihlfcmikh 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@dbjgjdipdcanijiekicgfgibepcdgknljobcohba 0x69 0x61 0x65 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@cbphpoajccbdmankehajiekphgdncepbegphhk 0x69 0x61 0x65 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@iajgjdipdcanijieki 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@haphpoajccbdmank 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@iangjgfplmeghpbobl 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@abngjhocioniagoancdklidojckhjfkadj 0x61 0x61 0x00 0x00 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF741945-D094-BB23-8FD1-8E777B2B48DB}@maogohmdhgaffjkokmebgigdkk 0x61 0x61 0x00 0x00 ---- EOF - GMER 1.0.14 ---- -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
La version de Kerio est une ancienne version gratuite de sunbelt Kerio personal 4 Dans l'observateur d'événement, il n'y a pas de croix rouge erreur concernant Kerio. Les croix rouge erreur qui reviennent régulièrement concerne l'application Hang -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, J'ai toujours le problème, et j'en ai même un autre puisque maintenant le pc s'arrete et redemarre sans qu'on lui demande Merci pour votre réponse -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, J'ai donc supprimé les 2 fichiers qui étaient présents : C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE C:\WINDOWS\system32\svvwa.bak1 Les autres étaient effectivement absents. Et malheureusement, depuis le pc s'est bloqué 2 fois, le problème subsiste encore -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
donc voilà le rapport de combofix : ComboFix 08-01-18.4 - Didier 2008-01-25 19:46:39.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1508 [GMT 1:00] Running from: D:\Documents and Settings\Didier\Bureau\ComboFix.exe Command switches used :: D:\Documents and Settings\Didier\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))))))) . 2008-01-18 16:08 . 2008-01-18 16:08 <REP> d-------- C:\Program Files\Lavasoft 2008-01-18 16:08 . 2008-01-18 16:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-01-18 14:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 21:30 . 2008-01-11 21:30 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2008-01-05 15:07 . 2008-01-05 15:07 <REP> d-------- D:\Documents and Settings\Didier\Application Data\Grisoft 2008-01-05 15:07 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-05 10:46 . 2008-01-25 15:41 491 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2008-01-04 20:58 . 2008-01-04 20:58 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-04 11:32 . 2008-01-04 11:32 <REP> d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-22 19:30 --------- d-----w C:\Program Files\eMule 2008-01-19 07:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-18 15:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-18 15:05 --------- d-----w D:\Documents and Settings\Didier\Application Data\Lavasoft 2008-01-11 20:30 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-01-05 13:44 --------- d-----w C:\Program Files\Google 2008-01-05 13:31 --------- d-----w C:\Program Files\Yahoo! 2008-01-05 10:10 --------- d-----w C:\Program Files\OGSConverter 2008-01-04 10:16 --------- d-----w C:\Program Files\Hijackthis Version Française 2008-01-02 15:02 --------- d-----w C:\Program Files\Java 2007-12-29 16:29 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-19 16:02 --------- d-----w C:\Program Files\CCleaner 2007-12-19 14:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Avira 2007-12-19 14:21 --------- d-----w C:\Program Files\Avira 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-09 19:32 --------- d-----w D:\Documents and Settings\Didier\Application Data\Smart Panel 2007-12-09 19:32 --------- d-----w D:\Documents and Settings\Didier\Application Data\ArcSoft 2007-12-09 19:31 --------- d-----w C:\Program Files\Smart Panel 2007-12-09 10:59 --------- d-----w D:\Documents and Settings\Didier\Application Data\gtk-2.0 2007-12-08 14:51 --------- d-----w C:\Program Files\GIMP-2.0 2007-12-02 17:39 --------- d-----w D:\Documents and Settings\Didier\Application Data\Viewpoint 2007-11-30 23:33 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-30 23:32 --------- d-----w C:\Program Files\Windows Live Favorites 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:36 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-09-20 15:14 14 ----a-w D:\Documents and Settings\Didier\getfile.dat 2006-08-07 01:36 303,104 ----a-w C:\Program Files\ZedGraph.dll 2004-02-11 02:00 80,014 ----a-w C:\WINDOWS\Fonts\unins000.exe 2001-11-02 10:34 20,480 ------r C:\Program Files\TopPpExec.exe 2001-11-02 10:34 139,264 ------r C:\Program Files\TopPpExec.dll 2001-11-02 10:33 57,344 ------r C:\Program Files\TopPpMath.dll 2001-11-02 10:33 53,248 ------r C:\Program Files\TopPpCam.dll 2001-11-02 10:33 307,200 ------r C:\Program Files\TopPpUtil.dll 2001-11-02 10:33 196,608 ------r C:\Program Files\TopPpMain.dll 2001-11-02 10:32 15 ------r C:\Program Files\TopPpExec.ver 2001-09-19 09:22 80 ------r C:\Program Files\TopPpUnRegister.bat 2001-04-05 10:01 205 ------r C:\Program Files\TopPpRegister.bat 2001-02-01 18:37 107 ------r C:\Program Files\TopPpInstall.bat 2007-07-04 17:47 950,345 --sh--w C:\WINDOWS\system32\svvwa.bak1 . ((((((((((((((((((((((((((((( snapshot@2008-01-18_14.50.48,81 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-18 13:45:40 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000001\NTUSER.DAT + 2008-01-25 18:46:22 1,429,504 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000001\NTUSER.DAT - 2008-01-18 13:45:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000002\UsrClass.dat + 2008-01-25 18:46:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000002\UsrClass.dat - 2008-01-18 13:45:40 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000003\NTUSER.DAT + 2008-01-25 18:46:22 1,433,600 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000003\NTUSER.DAT - 2008-01-18 13:45:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000004\UsrClass.dat + 2008-01-25 18:46:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000004\UsrClass.dat - 2008-01-18 13:45:40 7,319,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000005\NTUSER.DAT + 2008-01-25 18:46:23 7,319,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000005\NTUSER.DAT - 2008-01-18 13:45:41 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000006\UsrClass.dat + 2008-01-25 18:46:23 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000006\UsrClass.dat + 2008-01-18 15:09:06 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe + 2008-01-18 15:09:06 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe + 2008-01-18 15:09:06 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe + 2008-01-18 15:09:06 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe - 2008-01-18 05:49:55 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-01-25 18:42:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-01-18 05:49:55 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-01-25 18:42:42 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-01-18 05:49:55 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-25 18:42:42 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys - 2007-06-09 08:53:20 112,384 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys + 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys - 2007-06-09 08:53:20 9,472 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys + 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51 975360] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504] "nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 23:47 86016] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15 102400] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576] "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 14:14 476160] "EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe" [2003-09-12 04:00 99840] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-19 15:23 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-11 21:30 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Magnify"="Magnify.exe" [2004-08-10 13:00 73216 C:\WINDOWS\system32\magnify.exe] D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-10-13 20:37:59] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Apps\Softex\OmniPass\opxpgina.dll 2006-01-30 07:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 11:02] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 11:02] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-17 11:25] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45] S0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-05-29 11:03] S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [2007-07-11 13:37] S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 23:53] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518233d5-b48a-11dc-ab6a-00038a000015}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-25 18:09:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-25 19:50:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Que dois je faire maintenant ? -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Voici le rapport de Combofix : ComboFix 08-01-18.4 - Didier 2008-01-18 14:46:32.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1410 [GMT 1:00] Running from: D:\Documents and Settings\Didier\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\Didier\new.txt . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))))))) . 2008-01-18 14:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 21:30 . 2008-01-11 21:30 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2008-01-10 00:23 . 2008-01-10 00:23 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-01-05 15:07 . 2008-01-05 15:07 <REP> d-------- D:\Documents and Settings\Didier\Application Data\Grisoft 2008-01-05 15:07 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-05 10:46 . 2008-01-05 16:02 326 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2008-01-04 20:58 . 2008-01-04 20:58 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-04 11:32 . 2008-01-04 11:32 <REP> d-------- C:\Program Files\Trend Micro 2007-12-19 17:01 . 2007-12-19 17:02 <REP> d-------- C:\Program Files\CCleaner 2007-12-19 15:21 . 2007-12-19 15:21 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira 2007-12-19 15:21 . 2007-12-19 15:21 <REP> d-------- C:\Program Files\Avira . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 20:30 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-01-05 16:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-05 13:44 --------- d-----w C:\Program Files\Google 2008-01-05 13:31 --------- d-----w C:\Program Files\Yahoo! 2008-01-05 10:10 --------- d-----w C:\Program Files\OGSConverter 2008-01-04 10:16 --------- d-----w C:\Program Files\Hijackthis Version Française 2008-01-02 15:02 --------- d-----w C:\Program Files\Java 2007-12-29 16:29 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-27 17:02 --------- d-----w C:\Program Files\eMule 2007-12-09 19:32 --------- d-----w D:\Documents and Settings\Didier\Application Data\Smart Panel 2007-12-09 19:32 --------- d-----w D:\Documents and Settings\Didier\Application Data\ArcSoft 2007-12-09 19:31 --------- d-----w C:\Program Files\Smart Panel 2007-12-09 10:59 --------- d-----w D:\Documents and Settings\Didier\Application Data\gtk-2.0 2007-12-08 14:51 --------- d-----w C:\Program Files\GIMP-2.0 2007-12-02 17:39 --------- d-----w D:\Documents and Settings\Didier\Application Data\Viewpoint 2007-11-30 23:33 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-11-30 23:32 --------- d-----w C:\Program Files\Windows Live Favorites 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:36 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-09-20 15:14 14 ----a-w D:\Documents and Settings\Didier\getfile.dat 2006-08-07 01:36 303,104 ----a-w C:\Program Files\ZedGraph.dll 2004-02-11 02:00 80,014 ----a-w C:\WINDOWS\Fonts\unins000.exe 2001-11-02 10:34 20,480 ------r C:\Program Files\TopPpExec.exe 2001-11-02 10:34 139,264 ------r C:\Program Files\TopPpExec.dll 2001-11-02 10:33 57,344 ------r C:\Program Files\TopPpMath.dll 2001-11-02 10:33 53,248 ------r C:\Program Files\TopPpCam.dll 2001-11-02 10:33 307,200 ------r C:\Program Files\TopPpUtil.dll 2001-11-02 10:33 196,608 ------r C:\Program Files\TopPpMain.dll 2001-11-02 10:32 15 ------r C:\Program Files\TopPpExec.ver 2001-09-19 09:22 80 ------r C:\Program Files\TopPpUnRegister.bat 2001-04-05 10:01 205 ------r C:\Program Files\TopPpRegister.bat 2001-02-01 18:37 107 ------r C:\Program Files\TopPpInstall.bat 2007-07-04 17:47 950,345 --sh--w C:\WINDOWS\system32\svvwa.bak1 . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B1C3FA-E5DA-4083-AE16-6C758B6D0285}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51 975360] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 13:00 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504] "nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 23:47 86016] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15 102400] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576] "BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 14:14 476160] "EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.exe" [2003-09-12 04:00 99840] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-19 15:23 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-11 21:30 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Magnify"="Magnify.exe" [2004-08-10 13:00 73216 C:\WINDOWS\system32\magnify.exe] D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2006-10-13 20:37:59] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvs] C:\WINDOWS\system32\awvvs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdcaw] khfdcaw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Apps\Softex\OmniPass\opxpgina.dll 2006-01-30 07:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 11:02] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 11:02] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-17 11:25] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45] S0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2006-05-29 11:03] S2 Microsoft Genuine Advantage;Microsoft Genuine Advantage;"C:\WINDOWS\system32\dllcache\winmga.exe" [] S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys [] S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 23:53] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518233d5-b48a-11dc-ab6a-00038a000015}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-18 13:09:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-18 14:50:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Apps\Softex\OmniPass\opxpgina.dll . Completion time: 2008-01-18 14:51:38 ComboFix-quarantined-files.txt 2008-01-18 13:51:33 . 2008-01-09 23:24:52 --- E O F --- -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, J'ai toujours le problème. Est ce que quelqu'un pourrait m'aider à enlever ce truc SVP Merci -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Merci a toi, je saurais attendre a++ -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Salut, J'ai paramétré Antivir comme tu me l'a dit. Je tenais à te remercier de ton aide, mais quand tu parles de "pros", tu parles de personnes d'ici sur le site ou dans le commerce ? a+ -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, J'ai reussit à faire un scan avec Kaspersky dont voici le rapport : ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, January 05, 2008 11:19:55 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 5/01/2008 Enregistrements dans la base antivirus Kaspersky : 469928 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Statistiques de l'analyse: Total d'objets analysés: 94004 Nombre de virus trouvés: 1 Nombre d'objets infectés: 2 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:47:44 Nom de l'objet infecté / Nom du virus / Dernière action C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE/300.exe Infecté : Trojan-Spy.Win32.Delf.wh ignoré C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE SetupSpecialist: infecté - 1 ignoré C:\APPS\Softex\OmniPass\btype0.dat L'objet est verrouillé ignoré C:\APPS\Softex\OmniPass\btype256.dat L'objet est verrouillé ignoré C:\APPS\Softex\OmniPass\btype259.dat L'objet est verrouillé ignoré C:\APPS\Softex\OmniPass\btype3.dat L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP339\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7205BF34-51A0-4952-97DF-BDA6D98E16F1}.crmlog L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_1966080_2610 L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_3866624_5454 L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE1.tmp L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE2.tmp L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{AE09CFD4-2023-4EF5-BEFE-725374AB84F2}.TmpSBE L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{DBDCE804-87AD-4742-A4B5-3AD68B34387C}.TmpSBE L'objet est verrouillé ignoré D:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp L'objet est verrouillé ignoré D:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\cert8.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\formhistory.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\history.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\key3.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\parent.lock L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\search.sqlite L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\urlclassifier2.sqlite L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\dfsr.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\fsr.log L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\fsrtmp.log L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\tmp.edb L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows Live Contacts\francois49_aller_psg@hotmail.fr\real\members.stg L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows Live Contacts\francois49_aller_psg@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\MSHist012008010520080106\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF1B62.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF1C07.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF30E.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF383.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\Didier\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP339\change.log L'objet est verrouillé ignoré Analyse terminée. -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, J'ai donc passé ATF Cleaner Ensuite en mode sans échec, j'ai passé tous les anti virus que j'avais (Spyboot, ad-aware, AVG antispyware, et antivir) Voici le rapport Antivir : AntiVir PersonalEdition Classic Report file date: samedi 5 janvier 2008 16:12 Scanning for 1000802 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Didier Computer name: Pc_Bureau Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:23:50 ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 14:48:30 ANTIVIR3.VDF : 7.0.1.194 93696 Bytes 04/01/2008 19:34:36 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 19/12/2007 18:49:42 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 19/12/2007 18:49:42 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 5 janvier 2008 16:12 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'OPXPApp.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '37' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DATA> End of the scan: samedi 5 janvier 2008 17:50 Used time: 1:38:25 min The scan has been done completely. 8395 Scanning directories 319005 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 319005 Files not concerned 10454 Archives were scanned 1 Warnings 1 Notes ----------------------------------------------------------------------------------------------- Le rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14:12, on 05/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\dllhost.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\apps\ABoard\ABoard.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ogame.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {95B1C3FA-E5DA-4083-AE16-6C758B6D0285} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user') O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252 O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing) O20 - Winlogon Notify: khfdcaw - khfdcaw.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10315 bytes Par contre je n'ai pas réussit a faire un scan Kapersky pour verifier si le trojan est encore là Pourrais-je avoir votre avis? Merci -
Le PC se bloque de façon aléatoire
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Donc voilà, j'ai suivi tes instructions Antivir ne me disait rien car je pense que j'ai installé Antivir après l'infection La verification des erreurs (ChkDsk en 5 étapes) s'est bien déroulé sur les 2 partitions du disque (C et D) Ensuite j'ai fait un scan kaspersky dont voici le rapport : ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Friday, January 04, 2008 10:04:50 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 4/01/2008 Enregistrements dans la base antivirus Kaspersky : 469466 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Statistiques de l'analyse: Total d'objets analysés: 98566 Nombre de virus trouvés: 1 Nombre d'objets infectés: 2 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:47:14 Nom de l'objet infecté / Nom du virus / Dernière action C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE/300.exe Infecté : Trojan-Spy.Win32.Delf.wh ignoré C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE SetupSpecialist: infecté - 1 ignoré C:\APPS\Softex\OmniPass\btype0.dat L'objet est verrouillé ignoré C:\APPS\Softex\OmniPass\btype256.dat L'objet est verrouillé ignoré C:\APPS\Softex\OmniPass\btype259.dat L'objet est verrouillé ignoré C:\APPS\Softex\OmniPass\btype3.dat L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP338\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{17CBF0FE-4FB5-4178-8D3B-605E15E44832}.crmlog L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_17432576_11766 L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_2893563813_7208960_6971 L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE1.tmp L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE2.tmp L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{D333FE0C-079F-4B32-9AA2-7191142FCAF0}.TmpSBE L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{E6DE3280-F71A-4B94-AC7A-F53A32966EB5}.TmpSBE L'objet est verrouillé ignoré D:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp L'objet est verrouillé ignoré D:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\cert8.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\formhistory.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\history.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\key3.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\parent.lock L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\search.sqlite L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\urlclassifier2.sqlite L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\dfsr.db L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\fsr.log L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\fsrtmp.log L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Messenger\francois49_aller_psg@hotmail.fr\SharingMetadata\Working\database_82AC_7857_AC78_47A5\tmp.edb L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows Live Contacts\francois49_aller_psg@hotmail.fr\real\members.stg L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Microsoft\Windows Live Contacts\francois49_aller_psg@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yb2cf8f.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Historique\History.IE5\MSHist012008010420080105\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\hsperfdata_Didier\3568 L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF4E60.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF4EA9.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF5AB9.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF5B54.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DF77D2.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temp\~DFBA4C.tmp L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\Didier\Mes documents\Temps de vol.xls L'objet est verrouillé ignoré D:\Documents and Settings\Didier\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\Didier\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP338\change.log L'objet est verrouillé ignoré Analyse terminée. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- J'ai paramétré correctement Antivir classic à l'aide du tutos Mais maintenant, que dois je faire? Est ce que j'effectue un nettoyage avec ATF Cleaner -
Bonjour, Le problème que je rencontre depuis plusieurs jours, est un blocage de façon aléatoire et parfois répéter, de l'écran et des commandes (clavier et souris) lorsque je navigue sur internet. Le seul moyen de redemarrer est de fermer le pc manuellement. De plus, je remarque un net ralentissement au demarrage et a l'éxécution des taches. Malgré le passage des différents Spyboot, ad-aware et antivir, le problème subsiste. Pouvez vous m'aider à resoudre ce problème très embettant et surement pas bon pour le pc Je vous remercie d'avance et vous joints un rapprt Hijackthis --------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:18, on 04/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\dllhost.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\APPS\SMP\SmpSys.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ogame.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {95B1C3FA-E5DA-4083-AE16-6C758B6D0285} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user') O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{435896F1-AD13-400F-B035-076B42D0386A}: NameServer = 212.27.54.252,212.27.53.252 O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing) O20 - Winlogon Notify: khfdcaw - khfdcaw.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Microsoft Genuine Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\winmga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10657 bytes
-
Ouverture intempestive de fenetre de pub
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Salut styx, Je tenais par ce post à vous remercier de l'aide que vous m'avez donné pour resoudre ce probleme, à toi styx et auparavant lien rag. Cela m'a permis de découvrir votre site, dans lequel je prendrait le temps de naviguer régulierement pour avoir des informations interessantes. Encore merci et au revoir -
Ouverture intempestive de fenetre de pub
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Salut styx, j'ai appliqué les derniers conseils, donc voici le rapport BitDefender Online Scanner - Rapport virus en temps réel Généré à: Thu, Jun 14, 2007 - 11:30:37 Info d'analyse Fichiers scannés 308897 Infectés Fichiers 0 Virus Détectés Aucun virus trouvé. -
Ouverture intempestive de fenetre de pub
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour styx, Donc j'avais bien supprimé les certificats en gras mentionnés. J'ai appliqué la procedure indiquée et 'Fix checked' toutes les lignes indiquées. Déjà depuis hier, le pc fonctionne mieux et je n'avais plus l'ouverture de ces fenetres Voici le rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 12:36:55, on 13/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\apps\ABoard\ABoard.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ogame.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -
Ouverture intempestive de fenetre de pub
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonjour, Donc j'ai appliqué tes instructions et voici le rapport Hijackthis Fallait il enlever tous les certificats et notament ceux situés dans les onglets 'Autorités intremediaires' et 'Autorités principales de confiance' Merci Logfile of HijackThis v1.99.1 Scan saved at 08:41:09, on 12/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\apps\ABoard\ABoard.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60308 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ogame.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -
Ouverture intempestive de fenetre de pub
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Et maintenant, qu'est ce je dois faire ? -
Ouverture intempestive de fenetre de pub
Syrius a répondu à un(e) sujet de Syrius dans Analyses et éradication malwares
Bonsoir, Je tenais d'abord à te remercier pour ton aide Voici le rapport de Naviloq Search Navipromo version 2.0.3 commencé le 10/06/2007 à 23:13:04,06 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans D:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans D:\Documents and Settings\Didier\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : c:\WINDOWS\system32\tvxtjihz.dat C:\windows\system32\tvxtjihz.exe c:\WINDOWS\system32\tvxtjihz_nav.dat c:\WINDOWS\system32\tvxtjihz_navps.dat Processus caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\tvxtjihz.exe *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! HKEY_USERS\S-1-5-21-279688778-3788179749-3088619013-1005\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\tvxtjihz.dat trouvé ! ** C:\WINDOWS\system32\tvxtjihz.dat trouvé ! *** **** C:\WINDOWS\system32\tvxtjihz_navps.dat trouvé ! ***** ****** ******* C:\WINDOWS\system32\tvxtjihz.exe trouvé ! ******** C:\WINDOWS\system32\tvxtjihz.exe trouvé ! *** Analyse Terminé le 10/06/2007 à 23:16:32,65 *** Encore merci et vu l'heure avancée, je te dis à demain -
Ouverture intempestive de fenetre de pub
Syrius a posté un sujet dans Analyses et éradication malwares
Bonjour, J'utilise Firefox 1.5 et depuis 2 jours, j'ai des fenetres de pub, parfois pour des anti virus d'ailleurs, qui s'ouvrent de façon intempestives. Après avoir passé ad-aware, Spyboot, avast, le probleme persiste. Je me permet donc de vous contacter pour avoir de l'aide. En vous remerciant par avance, je vous joint le rapport hijacthis : Logfile of HijackThis v1.99.1 Scan saved at 21:59:10, on 10/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\apps\ABoard\ABoard.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ogame.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O5 "LPT1:" /M "Stylus Photo RX500" O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe