Sujet Précédent Sujet Suivant

Processus tmp0.exe

Résolu/Fermé
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008 - 25 mars 2008 à 14:28
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008 - 23 avril 2008 à 22:49
Bonjour,


j'ai decouvert dans le gestionnaire des taches plusieur processus
tmp0.exe
tmp1.exe
tmp2.exe ........

apres des recherhe je n'ai pas trouver a quoi ca corespond quelqu'un peut il me renseigner ?

Merci
A voir également:

10 réponses

Réponse 1 / 10
Utilisateur anonyme
25 mars 2008 à 14:37
Salut,

1./
Télécharger CCleaner (installe pas la barre de Yahoo ) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

lance le, dans nettoyeur clique sur lancer le nettoyage puis dans Registre fait chercher et répare les erreurs autant de fois qu'il y en n'a.

2/
On enlève le plus gros :

fait un scan en ligne avec internet explore, si tu as firefox fait:
démarrer -> executer -> tape : iexplore (puis valide)

(coche toutes les cases à chaque fois) :
https://www.eset.com/

à la fin colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

si ta besoin d'aide tu as un tutoriel ici : http://bibou0007.com/tutos-et-lexique-f45/tutorial-nod32-online-scanner-t128.htm

3/
Ensuite une fois fini fait un rapport hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

tu le télécharges, tu le lances et tu cliquera sur le premier bouton en haut "Do a system scan and save a logfile"
tu colleras le fichier texte ici ;).

PS : Ne fermes pas le programme
0
Réponse 2 / 10
Utilisateur anonyme
25 mars 2008 à 14:47
Fait un scan avec cet anti-rootkit:
Gmer: http://www.gmer.net

Clique sur l'onglet flèches, puis tu auras plusieurs autres onglets qui s'ouvriront, une fois ton scan terminer regarde les éléments en rouge dans les différents onglets...

Poste aussi le rapport de Gmer sur le forum...

Il semblerais que ce programme soit du groupe Dropper.Agent.HHKet pourrait être un dropper d'un rootkit actif sur ton ordi!

Par la suite, ce que tu devrais faire...

Télécharge Spybot S&D, il est connu de sa base d'information.
Installe le, met le à jour, fait un scan et corrige les problèmes qu'il trouve.
Spybot S&D: https://www.safer-networking.org/download/

Ensuite, fait un scan avec ect anti-virus:
Dr. Web: https://free.drweb.com/cureit/
(un scan complet serait préférable qu'un scan rapide, pour cela, clique sur le carré vert lorsque tu en auras la possibilité et choisi le scan complet!)

Télécharge Hijackthis: http://www.hijackthis.de/fr (en haut à droite de l'écran)
Fait un scan et poste le rapport dans ton prochain poste en plus de celui de Gmer.
0
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
25 mars 2008 à 15:56
voila le raport de gmer

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-03-25 11:56:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 8A588020 ZwAllocateVirtualMemory
SSDT 8A587240 ZwCreateKey
SSDT 8A5BA8B0 ZwCreateProcess
SSDT 8A5BA838 ZwCreateProcessEx
SSDT 8A502270 ZwCreateThread
SSDT 8A5BA0E8 ZwDeleteKey
SSDT 8A4C52F0 ZwDeleteValueKey
SSDT 8A59B408 ZwQueueApcThread
SSDT 8A5880F8 ZwReadVirtualMemory
SSDT 8A51A0D0 ZwRenameKey
SSDT 8A59B4F8 ZwSetContextThread
SSDT 8A51A058 ZwSetInformationKey
SSDT 8A5038C0 ZwSetInformationProcess
SSDT 8A4D4938 ZwSetInformationThread
SSDT 8A4C5368 ZwSetValueKey
SSDT 8A5022E8 ZwSuspendProcess
SSDT 8A59B480 ZwSuspendThread
SSDT 8A503938 ZwTerminateProcess
SSDT 8A4D49B0 ZwTerminateThread
SSDT 8A588170 ZwWriteVirtualMemory

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA4491978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA4491AB5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA4491A9F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA44919B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA4491AE1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA44919FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA4491900]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA4491914]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA449198C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA4491B1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA4491A89]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA4491A73]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA4491B09]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA4491AF5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA4491ACB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA44919CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA44919A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 805040F8 7 Bytes JMP A44919A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577F46 5 Bytes JMP A449197C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0BC4 7 Bytes JMP A44919BC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B19D2 5 Bytes JMP A44919D2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6F98 7 Bytes JMP A4491990 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C9EBA 5 Bytes JMP A4491904 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CA146 5 Bytes JMP A4491918 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 8062038C 7 Bytes JMP A4491A77 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806206DA 5 Bytes JMP A4491AF9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620C5A 7 Bytes JMP A4491ACF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806214A0 7 Bytes JMP A4491A8D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622B12 7 Bytes JMP A4491AB9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80622D7C 7 Bytes JMP A4491AA3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80623668 5 Bytes JMP A44919FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 8062398C 7 Bytes JMP A4491B21 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80623EB2 5 Bytes JMP A4491B0D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623FCC 5 Bytes JMP A4491AE5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[492] ntdll.dll!KiUserExceptionDispatcher + 9 7C91EAF5 5 Bytes JMP 00016190 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[492] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000168D0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[492] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00017130 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[492] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 000168D0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[492] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 000170E0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[492] kernel32.dll!VirtualFree 7C809AE4 5 Bytes JMP 00017110 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FD006F
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FD0F7A
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FD0054
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FD0043
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FD00A5
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FD0F69
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FD0F1D
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FD0F38
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00FD00D1
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00FD0094
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00FD0FB9
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00FD00C0
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 009E002F
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 009E0FA8
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 009E006F
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 009E0054
.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!socket 719F3B91 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E30F83
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E30F9E
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E30FAF
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E3006C
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E30036
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E300B7
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E300A6
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E30F39
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E300D2
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E300E3
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E30051
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E3001B
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E30089
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E30FCA
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E30FDB
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E30F54
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00E2001B
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00E20F94
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00E2000A
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00E20FCA
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00E20047
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00E20FA5
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00E2002C
.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A600A8
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A60097
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A60070
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A6005F
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A6003D
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A600FB
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A600D4
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A60131
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A60F98
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A60142
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A6004E
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A600C3
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A60022
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A60011
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A60116
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00A50025
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00A50F8A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00A50FD4
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00A50FAF
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00A50051
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00A50036
.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E90093
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E90F9E
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E90FAF
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E9006C
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E90FCA
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E90F81
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E900C9
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E900EB
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E90F52
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00E90106
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00E90051
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00E9001B
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00E900AE
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00E900DA
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00E80014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00E80F72
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00E80FC3
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00E8002F
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00E80F97
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00E80FA8
.text C:\WINDOWS\system32\svchost.exe[1036] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 04EB0000
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 04EB0F97
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 04EB0FA8
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 04EB0082
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 04EB0065
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 04EB0FD4
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 04EB0F5F
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 04EB0F7C
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 04EB0F3A
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 04EB00D3
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 04EB00F8
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 04EB0FB9
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 04EB0FEF
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 04EB00A7
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 04EB0036
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 04EB0025
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 04EB00C2
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 04EA001E
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 04EA0F97
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 04EA0FC3
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 04EA0FDE
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 04EA0FB2
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 04EA004A
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 04EA0FEF
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 04EA0039
.text C:\WINDOWS\System32\svchost.exe[1132] WS2_32.dll!socket 719F3B91 5 Bytes JMP 04E80FEF
.text C:\WINDOWS\System32\svchost.exe[1132] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 04E70FEF
.text C:\WINDOWS\System32\svchost.exe[1132] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 04E70FDE
.text C:\WINDOWS\System32\svchost.exe[1132] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 04E70014
.text C:\WINDOWS\System32\svchost.exe[1132] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 04E70FB9
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00740FE5
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00740084
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00740F8F
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00740FB6
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00740069
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0074003D
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007400D7
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007400C6
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00740F59
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007400F2
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0074010D
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0074004E
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00740000
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 007400A9
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0074002C
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0074001B
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00740F74
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00730040
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00730FA1
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 0073001B
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00730FE5
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00730FB2
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00730FC3
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00730FD4
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AB00A4
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AB0FAF
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AB0089
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AB006C
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AB0040
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AB00D0
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AB0F94
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AB0106
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AB00F5
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00AB0121
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00AB0051
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00AB000A
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00AB00B5
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00AB002F
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00AB0FDE
.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00AB0F77
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00AA0FAF
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00AA0040
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00AA0FC0
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00AA0F83
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00AA0F94
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1260] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A90FA5
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A90090
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A90FB6
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A90073
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A9004E
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A900DC
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 7C801EEE 3 Bytes JMP 00A900C1
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA + 4 7C801EF2 1 Byte [ 84 ]
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A90108
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A900F7
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A90F5E
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A90FC7
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A90011
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A90F8A
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A9003D
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A90F79
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00820FAF
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00820F68
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00820FD4
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00820F79
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00820F8A
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 0082001B
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00800FEF
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 007F0FE5
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 007F001B
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 007F002C
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0080
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F81
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00B8
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F70
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00D3
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0F1F
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A004A
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A009B
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\system32\dllhost.exe[1620] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F4B
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00290040
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 0029007D
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00290025
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00290062
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00290FCA
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[1620] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00290051
.text C:\WINDOWS\system32\dllhost.exe[1620] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00790000
.text c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe[2548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe[2548] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F59
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A004E
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A003D
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F80
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F32
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A007A
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0EE1
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0EFC
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A008B
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A002C
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0069
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A000A
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\Explorer.EXE[2740] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F0D
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00280047
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00280084
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00280036
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 0028001B
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00280073
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00280FD1
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00280000
.text C:\WINDOWS\Explorer.EXE[2740] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00280058
.text C:\WINDOWS\Explorer.EXE[2740] WININET.dll!InternetOpenA 4409C8A1 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\Explorer.EXE[2740] WININET.dll!InternetOpenW 4409CED1 5 Bytes JMP 002B0000
.text C:\WINDOWS\Explorer.EXE[2740] WININET.dll!InternetOpenUrlA 440A0BFA 5 Bytes JMP 002B001B
.text C:\WINDOWS\Explorer.EXE[2740] WININET.dll!InternetOpenUrlW 440EAC51 5 Bytes JMP 002B0FC0
.text C:\WINDOWS\Explorer.EXE[2740] WS2_32.dll!socket 719F3B91 5 Bytes JMP 016D0000
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A30F83
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A30F9E
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A30078
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A3005B
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A30F5C
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A300A4
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A300DA
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A300C9
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00A300F5
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00A30FB9
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00A30FE5
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00A30093
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00A3001B
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00A30FCA
.text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00A30F4B
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00A20F83
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00A20036
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00A20F9E
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00A20FAF
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\system32\svchost.exe[3144] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009A00A7
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009A008C
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009A007B
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009A005E
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009A0039
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009A0F7A
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009A00C2
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009A0F4E
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009A0F5F
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009A010C
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 009A0FBC
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 009A0FDE
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009A0F97
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 009A0FCD
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 009A001E
.text C:\WINDOWS\system32\svchost.exe[3184] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009A00DD
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00990025
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00990076
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00990FD4
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00990014
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00990FAF
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00990051
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[3184] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00990040
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3512] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ FF, FB, C3, 83 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250000
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00250F4E
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250F5F
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250F8D
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F22
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0025005E
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00250096
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00250EFD
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00250EE2
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00250F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00250FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00250F33
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00250025
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00250FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0025007B
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegOpenKeyExW 77DA6A78 5 Bytes JMP 00330FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegCreateKeyExW 77DA7535 5 Bytes JMP 00330F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegOpenKeyExA 77DA761B 5 Bytes JMP 00330011
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegOpenKeyW 77DA770F 5 Bytes JMP 00330000
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 5 Bytes JMP 00330051
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegCreateKeyW 77DC8F7D 5 Bytes JMP 00330036
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegOpenKeyA 77DCC41B 5 Bytes JMP 00330FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ADVAPI32.dll!RegCreateKeyA 77DCD5BB 5 Bytes JMP 00330FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 445117EF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 44511770 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 445117B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 445116FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 44511736 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 4451182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectW 7E3
0
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
25 mars 2008 à 16:42
Pour le scan avec eset nod 32
IE a planter apres 2h de scan mais n'a pas fini
0
Réponse 3 / 10
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
25 mars 2008 à 16:44
donc j'ai continuer la proposition de Charly00

voila le rapport de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:27, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRAM FILES\ORANGE HSS\LAUNCHER\LAUNCHER.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Mes documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5070530
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5070530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5070530
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.cookingluck.com/?pid=6082&v=20
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {1768A0BA-4F4C-4231-B6D3-86E95C8F15B5} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [HerculesCamService] "C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange" HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [eaawnkbbwn] c:\documents and settings\ivan roso\local settings\application data\eaawnkbbwn.exe eaawnkbbwn (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'IVAN ROSO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: ComponentAlrt - {9a7dcc62-a8be-4b50-81f5-2cf38eba10e9} - C:\WINDOWS\Installer\{9a7dcc62-a8be-4b50-81f5-2cf38eba10e9}\ComponentAlrt.dll
O21 - SSODL: bokpkov - {753AFE03-CB1A-4201-BFB0-EC5BE2BF36C7} - (no file)
O21 - SSODL: altvxvm - {AC6FE870-4D0B-46E4-BC0B-D2AB9E667D5F} - C:\WINDOWS\altvxvm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 4 / 10
Utilisateur anonyme
25 mars 2008 à 18:57
Voici ton problème: C:\Program Files\antiviirus.exe
Pour info: http://www.prevx.com/filenames/680486912869546446-0/ANTIVIIRUS.EXE.html
Donc le problème peut être bien plus complexe...

Je sais que Dr. Web et AVG ont ce virus dans leur base de donné et peuvent l'éradiquer...

Tmp0.exe peut être un dérivé qui est venu ce joindre...mais qui n,est pas actif pour le moment....

Au fait, Gmer aurait trouver des éléments en rouge??


Ta fait un scan avec Spybot et Dr. Web?


Trouve le processus antiviirus.exe et tue le!

Passe un coup de balai avec Ccleaner( voir le message de Dorgane ci-haut)
Puis va dans les options, et change le mode de passage pour celui de Gutman, 35 fois!

Fait le nettoyage de tout ce qui est trouver, ainsi que du registre...

Tu referas un scan Hijackthis qd tu auras fini tout sa!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
25 mars 2008 à 19:43
g fai un scan avec spybot pour ce qui es de Dr Web j'ai un proleme avec IE qui plante
si j'essai avec AVG ke j'ai deja telecharger avant, le resultat serat il identique ???

et pour gmer il y avai un procesus en rouge, justemen antivirus.exe
0
Réponse 6 / 10
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
25 mars 2008 à 20:11
voila le rappor apres HijackThis netoyage avec ccleaner

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:22, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRAM FILES\ORANGE HSS\LAUNCHER\LAUNCHER.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Mes documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5070530
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5070530
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5070530
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://s2.cookingluck.com/?pid=6082&v=20
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {1768A0BA-4F4C-4231-B6D3-86E95C8F15B5} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [HerculesCamService] "C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\Orange" HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [SpybotDeletingA9175] command /c del "C:\Program Files\Spyware-Secure\skin"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9422] cmd /c del "C:\Program Files\Spyware-Secure\skin"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9160] command /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9961] cmd /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7181] command /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5357] cmd /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1289] command /c del "C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3899] cmd /c del "C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2998] command /c del "C:\Program Files\Spyware-Secure\sqlite3.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7275] cmd /c del "C:\Program Files\Spyware-Secure\sqlite3.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\RunOnce: [SpybotDeletingB338] command /c del "C:\Documents and Settings\IVAN ROSO\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9520] cmd /c del "C:\Documents and Settings\IVAN ROSO\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB661] command /c del "C:\Program Files\Spyware-Secure\skin"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5102] cmd /c del "C:\Program Files\Spyware-Secure\skin"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4624] command /c del "C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4298] cmd /c del "C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7525] command /c del "C:\Program Files\Spyware-Secure\sqlite3.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5892] cmd /c del "C:\Program Files\Spyware-Secure\sqlite3.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [eaawnkbbwn] c:\documents and settings\ivan roso\local settings\application data\eaawnkbbwn.exe eaawnkbbwn (User 'IVAN ROSO')
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'IVAN ROSO')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: ComponentAlrt - {9a7dcc62-a8be-4b50-81f5-2cf38eba10e9} - C:\WINDOWS\Installer\{9a7dcc62-a8be-4b50-81f5-2cf38eba10e9}\ComponentAlrt.dll
O21 - SSODL: bokpkov - {753AFE03-CB1A-4201-BFB0-EC5BE2BF36C7} - (no file)
O21 - SSODL: altvxvm - {86C712C6-26A7-49E4-84C3-FFFBACE3F38B} - C:\WINDOWS\altvxvm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
0
Réponse 7 / 10
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
25 mars 2008 à 20:47
j'ai redemarer l'ordinateur a la suite les processus ne ce son pa relancer.
Est ce que le raport revele autre chose d'anormal ?
0
Réponse 8 / 10
Utilisateur anonyme
26 mars 2008 à 05:55
Bon pour débuter Spybot n'a rien trouver...puisque tu semble être aussi infecté par un Websearch infection...???

Bref, va sur ce site: https://www.virustotal.com/gui/
Et vérifie l'intégrité des fichiers suivants, rend toi à l'emplacement indiqué^^
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe


Une fois cela fait, juge des résultats par toi-même....
Et rends en compte dans ton prochain poste...


Refait un scan avec Gmer vu qu'il a trouver des éléments en rouge, clique sur le bouton droit de ta souris, et clique kill process(soit dans l'onglet Malware, soit/et dans l'onglet Process, vérifie aussi qu'il n'y ait pas de module en rouge par le fait même!)

Et pour répondre à ta question de tantôt, oui AVG peut faire le même travail^^


Maintenant, on va nettoyer:
Relacne Hijackthis, puis refait un scan, ensuite coche les case suivantes:
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {1768A0BA-4F4C-4231-B6D3-86E95C8F15B5} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\RunOnce: [SpybotDeletingA9175] command /c del "C:\Program Files\Spyware-Secure\skin"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9422] cmd /c del "C:\Program Files\Spyware-Secure\skin"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9160] command /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9961] cmd /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7181] command /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5357] cmd /c del "C:\Program Files\Spyware-Secure\Spyware-Secure.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1289] command /c del "C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3899] cmd /c del "C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2998] command /c del "C:\Program Files\Spyware-Secure\sqlite3.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7275] cmd /c del "C:\Program Files\Spyware-Secure\sqlite3.dll"
O4 - HKUS\S-1-5-21-3586440638-1803070581-1099217796-1005\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'IVAN ROSO')


O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/

Une fois tout cela cocher, clique sur Fix checed items dans le bas de la fenêtre.

Par la suite, rend toi Menu Démarrer/Panneau de configuration/ Ajout Suppression de programmes
Et trouve les programmes : Websearch et toute ses dérivés, puis désinstalle les
Même chose pour la google toolbar.


Ensuite, fait un scan avec AVG 7.5 et tu l'as mis à jour avant bien évidemment^^
AVG 7.5 :http://free.grisoft.com/doc/5390/us/frt/0?prd=aff


Fait un nettoyage à l'aide de Ccleaner, le registre et les appliacations!


Puis, refait un scan de Hijackthis que tu repostera ici!


Prévention maintenant...

Utilise Firefox au lieu de IE
http://www.firefox.fr/windows.htm
Un encrypteur de mot de passe très pratique: https://addons.mozilla.org/fr/firefox/search/?q=keyscrambler&status=4

Spywareblaster qui prévient plusieurs infections du type Coolwebsearch:
http://www.brightfort.com/spywareblaster.html

Un firewall:
https://www.zonealarm.com/software/free-firewall

Bon avec sa du devrait être bon

J'attend ton prochain rapport^^
0
Réponse 9 / 10
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
27 mars 2008 à 12:45
escuse pour le temps de reponse
c'est pa mon pc a moi, j'etai chez lui mardi je vai le voir pour savoir quand on peu faire tous ca
merci pour l'aide
je poste le rapport dès que possible

Pour ce qui est de la securite il utilise Mc Afee security center et un anti spyware
et pour internet il utilise le navigateur fournis par Orange avec la livebox
0
Réponse 10 / 10
jc_mar Messages postés 18 Date d'inscription dimanche 2 mars 2008 Statut Membre Dernière intervention 23 avril 2008
23 avril 2008 à 22:49
j'ai toujours pa de nouvelles
je ferme le post
merci pour l'aide
0

Discussions similaires

comment convertir un logiciel .exe en .dmg
omnisportdieng -
Utilisateur anonyme -

3 réponses
processus inactif du systeme
edsurf64 -
mick8 -

29 réponses
Le processus ne peut pas accéder au fichier
stanly971 -
stanly971 -

2 réponses
fichier exe du scrabble
mfils -
mfils -

5 réponses