Pc qui plante/antivir qui ce désactive virus?
Forum Sécurité - Virus : Pc qui plante/antivir qui ce désactive virus?
Bonsoir.
Donc voilà je vient d'aquérir un pc portable il n'y a pas longtemps.
J'ai fais un scan antivir il trouve 50virus.
J'ai plusieurs problème avec déjà quand je veut l'eteindre il ne s'éteint pas.Il plante souvent.
Et antivir c'est désactivé tout seul.Je n'arrive plus à le reactivé.
Donc je voudrais savoir si c'est un virus et si oui le supprimé.Sinon je dois reformaté.
Voici mon rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:12, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ddf\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 1767311484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1767493187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 7014 bytes
Merci.
Bonjour,
T'as le rapport du scan ?
Répondre à Angeldark
Non désolé.
Mais antivir je ne peut plus le réactivé.
Et pour les virus c'était à cause des crack de l'ancien proprio que j'ai supprimé.
Tu vois quelque chose sur le rapport?
Répondre à djej68
Apparemment propre.
Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.
Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Répondre à Angeldark
Donc quand le scan est fini sa me met ça:
http://hiboox.com/lang-fr/image.php?img=al4j7mse.jpg
Ensuite quand je fais copy et que je le colle dans le bloc note il n'y a rien.
Répondre à djej68
Je vient d'essayer avec tout de coché.Sa a marché.
Voici le rapport:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-11 19:44:51
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT F8B6F2B4 ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT F8B6F2A0 ZwOpenProcess
SSDT F8B6F2A5 ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT F8B6F2AF ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
SSDT F8B6F2AA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD8029.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
PAGENDSM NDIS.sys!NdisMIndicateStatus F814FA5F 3 Bytes [ FF, 25, B0 ]
PAGENDSM NDIS.sys!NdisMIndicateStatus + 4 F814FA63 2 Bytes [ EB, AA ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
---- User code sections - GMER 1.0.13 ----
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\WINDOWS\System32\igfxtray.exe[456] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\WINDOWS\System32\igfxtray.exe[456] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\WINDOWS\System32\igfxtray.exe[456] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\WINDOWS\System32\hkcmd.exe[464] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\WINDOWS\System32\hkcmd.exe[464] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\WINDOWS\System32\hkcmd.exe[464] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[472] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[480] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\WINDOWS\System32\WLTRAY.exe[488] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\WINDOWS\System32\WLTRAY.exe[488] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\WINDOWS\System32\WLTRAY.exe[488] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Atheros\ACU.exe[496] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Atheros\ACU.exe[496] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\Program Files\Atheros\ACU.exe[496] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\Program Files\Atheros\ACU.exe[496] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001408C4
.text C:\Program Files\Atheros\ACU.exe[496] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00140838
.text C:\Program Files\Atheros\ACU.exe[496] WS2_32.dll!connect 719F406A 5 Bytes JMP 00140950
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00140F54
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00140D24
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00140E3C
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00140FE0
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00140DB0
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[532] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00140EC8
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[552] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[552] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\Program Files\Messenger\msmsgs.exe[612] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\Program Files\Messenger\msmsgs.exe[612] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\Program Files\Messenger\msmsgs.exe[612] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\Program Files\Messenger\msmsgs.exe[612] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\Program Files\Messenger\msmsgs.exe[612] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\Program Files\Messenger\msmsgs.exe[612] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Messenger\msmsgs.exe[612] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00080F54
.text C:\Program Files\Messenger\msmsgs.exe[612] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00080D24
.text C:\Program Files\Messenger\msmsgs.exe[612] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00080E3C
.text C:\Program Files\Messenger\msmsgs.exe[612] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00080FE0
.text C:\Program Files\Messenger\msmsgs.exe[612] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00080DB0
.text C:\Program Files\Messenger\msmsgs.exe[612] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00080EC8
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00140004
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0014011C
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001404F0
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0014057C
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001403D8
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0014034C
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00140464
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00140608
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001407AC
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00140720
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001408C4
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00140838
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe[692] WS2_32.dll!connect 719F406A 5 Bytes JMP 00140950
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[800] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[800] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\csrss.exe[832] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[832] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[832] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[856] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[856] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[856] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[856] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[904] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[904] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[904] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1148] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1148] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1148] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1148] WININET.dll!InternetConnectA 77AB44DB 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1148] WININET.dll!InternetOpenA 77AB6D2A 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlA 77AB6FDD 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1148] WININET.dll!InternetConnectW 77AC5D4C 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1148] WININET.dll!InternetOpenW 77AC6CF3 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1148] WININET.dll!InternetOpenUrlW 77AC7304 5 Bytes JMP 00080EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1220] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1356] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00130004
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0013011C
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 001304F0
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0013057C
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 001303D8
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0013034C
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00130464
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00130608
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 001307AC
.text C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe[1368] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualAlloc 7C809A81 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!VirtualAllocEx 7C809AA2 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateThread 7C81082F 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!CreateProcessInternalA 7C81DA9E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1432] kernel32.dll!SetThreadContext 7C862849 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 77D3E621 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 77D402B2 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!connect 719F406A 5 Bytes
Répondre à djej68
Rien. Tu peux refaire un scan AntiVir ?
Répondre à Angeldark
Antivir quand je veut le mettre à jour avant le scan:
http://hiboox.com/lang-fr/image.php?img=c95pwyww.jpg
Il plante.
Quand je veut faire un scan il me met "License file is avaible,but no valide license"
J'ai essayer de le désinstallé réinstallé c'est pareil.
Pourtant sa fait pas longtemps que je l'ai installé.
Répondre à djej68
Bizarre...
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
Bizarre sa tu l'a dit,j'ai toujours des fichier endomagé et pour eteindre le pc je dois l'eteindre avec le bouton d'arrêt sinon sa ne marche pas.
Voici le rapport:
ComboFix 07-11-08.1 - ddf 2007-11-11 20:02:33.2 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.266 [GMT 1:00]
Running from: C:\Documents and Settings\ddf\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.
2007-10-30 21:22 <REP> d--hs---- C:\FOUND.015
2007-10-29 03:49 <REP> d-------- C:\Documents and Settings\ddf\Application Data\LogoMaker
2007-10-29 03:20 <REP> d-------- C:\Program Files\Sunbelt Software
2007-10-27 22:59 <REP> d-------- C:\Program Files\Opera
2007-10-24 12:28 <REP> d-------- C:\Program Files\Google
2007-10-24 00:29 <REP> d-------- C:\Program Files\Avira
2007-10-24 00:29 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2007-10-23 20:48 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-10-23 20:48 <REP> d-------- C:\Documents and Settings\ddf\Application Data\teamspeak2
2007-10-20 17:39 <REP> d--hs---- C:\FOUND.014
2007-10-15 12:39 <REP> d--hs---- C:\FOUND.013
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 11:34 1,444 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-09 17:54 --------- d-----w C:\Documents and Settings\ddf\Application Data\X-Chat 2
2007-10-09 17:53 --------- d-----w C:\Program Files\xchat
2007-10-07 21:44 --------- d-----w C:\Program Files\Winamp
2007-10-05 12:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-05 11:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2007-10-03 13:48 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-09-29 20:45 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-09-29 20:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-29 20:45 --------- d-----w C:\Documents and Settings\ddf\Application Data\TuneUp Software
2007-09-29 20:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2007-09-29 12:18 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-29 12:18 --------- d-----w C:\Documents and Settings\ddf\Application Data\Stardock
2007-09-28 23:36 --------- d-----w C:\Program Files\Valve
2007-09-28 19:21 --------- d-----w C:\Program Files\BitComet
2007-09-26 20:34 --------- d-----w C:\Program Files\Web Media Player
2007-09-26 16:49 --------- d-----w C:\Program Files\adslTV
2007-09-26 16:49 --------- d-----w C:\Documents and Settings\ddf\Application Data\vlc
2007-09-26 16:18 --------- d-----w C:\Program Files\Skype
2007-09-26 16:18 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-09-26 16:18 --------- d-----w C:\Documents and Settings\ddf\Application Data\Skype
2007-09-26 16:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2007-09-25 19:59 --------- d-----w C:\Program Files\Lavalys
2007-09-25 14:42 --------- d-----w C:\Program Files\eChanblard
2007-09-25 14:26 --------- d-----w C:\Program Files\eMule
2007-09-24 19:53 --------- d-----w C:\Program Files\Java
2007-09-24 19:52 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-24 15:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-09-24 15:08 --------- d-----w C:\Program Files\Yahoo!
2007-09-24 15:08 --------- d-----w C:\Program Files\CCleaner
2007-09-24 14:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-09-24 14:52 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8029.sys
2007-09-24 11:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic
2007-09-23 19:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2007-09-23 19:27 --------- d-----w C:\Program Files\Windows Live
2007-09-23 19:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-09-20 16:45 --------- d-----w C:\Program Files\Free
2007-09-15 20:54 --------- d-----w C:\Documents and Settings\ddf\Application Data\U3
2007-05-16 20:35 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-01-23 11:36]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-01-23 11:31]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 12:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 12:11]
"Broadcom Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY" []
"ACU"="C:\Program Files\Atheros\ACU.exe" [2005-01-31 08:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 11:45]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-05-31 14:29:16]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"C:\Program Files\BitComet\BitComet.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - GMER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 16:38:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 20:06:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-11 20:08:37
C:\ComboFix-quarantined-files.txt ... 2007-09-26 21:12
C:\ComboFix2.txt ... 2007-09-26 21:12
.
--- E O F ---
Répondre à djej68
Tu peux désinstaller Kerio pour voir ?
Répondre à Angeldark
Mieux ?
Répondre à Angeldark
Bah c'est pareil.
Toujours autant de mal à eteindre le pc,toujours des fichier endomagé etc...
Mais il y'a une petite amélioration 
Répondre à djej68
Tu as le cd de windows ?
Répondre à Angeldark
Et aussi quand je lance un dossier par exemple celui ci sa me met ça:
http://hiboox.com/lang-fr/image.php?img=nisjpqhl.jpg
Ensuite il y'a terminer maintenant qui s'affiche.
Répondre à djej68
J'ai posé une question
Tu as essayé en désinstallant ton pack graphique ?
Répondre à Angeldark
J'ai répondu .
Sinon pour le pack graphique je le désinstalle comment car il est intégré.
Répondre à djej68
Ah 
Tu as essayé la réparation avec cd windows ?
Répondre à Angeldark
Non.
Mais c'est sûr tout ça ne vient pas d'un virus?
Répondre à djej68
Oui.
Répondre à Angeldark
Ok.
Bon bah je vais reformaté le pc.
Merci
Répondre à djej68
Dommage.
Répondre à Angeldark
Bah y' a beaucoup trop de problème.
Je ne peut même pas accédé à certain dossier !
Je n'arrive plus à l'eteindre.
Il plante souvent
J'ai toujours des dossier endomagé.
C'est l'ancien proprio qui a fait n'inporte quoi avec.
Sur mon pc fixe j'ai aucun problème avec tout ça.
Enfin bon ce n'est pas encore sûr que formate.
Répondre à djej68
Nan mais pas de soucis
Répondre à Angeldark
Bah à part le format je vois pas
Répondre à Angeldark
Ok.
Bon bah je grave les donnés dont j'ai besoin et je formate.
Merci de ton aide.
Répondre à djej68
Bonne continuation.
Répondre à Angeldark
Salut,
Mon con de frère à accepter un virus de msn :s.
Donc maintenant tout mes contacte reçoive une archive et c'est chiant.
Voici le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:05:04, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\ddf\Bureau\dossier\sécurité\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccSvcHst.exe] C:\WINDOWS\ccSvcHst.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 1767311484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1767493187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 8319 bytes
Merci
Répondre à djej68
Re
Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Répondre à Angeldark
J'ai fais le tout,il à bien detecté une infection,j'ai redemarrer mais je ne trouve pas le rapport.
J'ai bien vérifié dans le dossier MSNFix mais il n'y est pas.
Merci
Répondre à djej68
Je vient d'avoir ce message en bas à droit:
http://hiboox.com/lang-fr/image.php?img=lfxstc8z.jpg
Répondre à djej68
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:37:39, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\ddf\Bureau\dossier\sécurité\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccSvcHst.exe] C:\WINDOWS\ccSvcHst.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 1767311484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1767493187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 8188 bytes
Répondre à djej68
Utilise la nouvelle version d'Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:14, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\ddf\Bureau\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccSvcHst.exe] C:\WINDOWS\ccSvcHst.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 1767311484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1767493187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 6777 bytes
Répondre à djej68
Re,
Fix la ligne dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
O4 - HKLM\..\Run: [ccSvcHst.exe] C:\WINDOWS\ccSvcHst.exe |
Répondre à Angeldark
Reposte un rapport Hijackthis.
Répondre à Angeldark
Je n'ai plus accès à internet sur le pc portable :s.
Donc je ne peut pas posté le rapport...
Répondre à djej68
C'est normal ou pas ?
Répondre à Angeldark
Bah justement non :s.
Et quand je lance Opera ou Firefox sa me met choisir conection carlton je sais plus trop quoi.
J'ai essayer de lancé google donc en lançant la page d'accueil de mon navigateur j'ai beau attendre 10minutes sa ne ce lance pas...
Répondre à djej68
Tu as relancé MSNFix ?
Répondre à Angeldark
Tu peux le faire ?
Répondre à Angeldark
Salut.
Désolé du retard.
Donc je l'ai relancé et j'ai mis désinfection.
Je fais quoi maintenant?
Merci.
Répondre à djej68
Je vient de redémarrez j'ai eu msn fixe qui c'est lançer et windows qui mettait fichier introuvable etc...
Tout c'est arrêter j'ai eu le log msnfixe si dessous:
MSNFix 1.586
C:\Documents and Settings\ddf\Bureau\dossier\sécurité\MSNFix
Fix exécuté le 25/11/2007 - 16:27:15,04 By ddf
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALLUSE~1.WIN\MENUDÉ~1\carlton
... C:\p6g7j3w2g3f5.exe
... C:\WINDOWS\ccSvcHst.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Dance_dec_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\Dance_dec_jpg.zip is INFECTED
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\Temporary\
... C:\PROGRA~1\WinAble\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALLUSE~1.WIN\MENUDÉ~1\carlton
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
/!\ ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\p6g7j3w2g3f5.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
************************ Suppression des dossiers
/!\ ... C:\Program Files\Fichiers communs\Carlson\
/!\ ... C:\PROGRA~1\Temporary\
/!\ ... C:\PROGRA~1\WinAble\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\system32\microsoft\backup.ftp
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 25112007_16531723.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Et je n'ai plus le carlton et je peut aller sur internet.
Je fais quoi maintenant?
Répondre à djej68
C'est normalement.
Répondre à Angeldark
Il y a 1603 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
