[Fermé] Infecté par DR/Delphi.Gen

Bonjour,

Depuis quelques jours, probablement suite à un téléchargement malencontreux mon PC a contracté le virus "DR/Delphi.Gen"
Ce dernier est détecté par Antivir qui ouvre une fenêtre d'avertissement de façon sporadique.
Un dossier windows\temp a été créé avec à l'ntérieur des dossier vides de type "iyrb.tmp" (nom différent à chaque fois).

J'ai bien essayé de désinfecter par mes propres moyens (Malwarebytes' Anti-Malware) mais rien n'y fait

Avant qu'il me prenne l'envie de tout formater, y aurait t il un moyen efficace d'éradiquer cette peste qui je pense a également désactivé la restauration système !!

Merci par avance!

bbn

Nota: Voici les rapports demandes dans "Procédure à suivre avant de poster"

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3644
Windows 5.1.2600 Service Pack 3, v.5657
Internet Explorer 7.0.5730.13

27/01/2010 12:08:04
mbam-log-2010-01-27 (12-08-04).txt

Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|)
Eléments examinés: 166754
Temps écoulé: 15 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

--------------------------------------------------------

info.txt logfile of random's system information tool 1.06 2010-01-27 12:31:46

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe"
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Agnitum Outpost Firewall Pro-->"C:\Program Files\Agnitum\Outpost Firewall Pro\unins000.exe"
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Core Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
Deezer Desktop-->msiexec /qb /x {A0CAFD1C-3A82-531C-B123-F122E19EDCD4}
Deezer Desktop-->MsiExec.exe /I{A0CAFD1C-3A82-531C-B123-F122E19EDCD4}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyBarcodelabel-->"C:\Program Files\EasybarcodelabelSha\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
encodeur Real Video Producer-->C:\Program Files\Ripp-it_AM\PRODUCER_Uninstal.exe
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Event Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x40c -u
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Ext2IFS 1.11 XP-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT501.inf
FileZilla Client 3.2.8.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GrabIt 1.7.2 Beta 4 (build 997)-->"C:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"C:\HiJackThis\HijackThis.exe" /uninstall
Img2Ozf Version 3-->"c:\OziExplorer\unins001.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IrfanView-->"C:\Program Files\IrfanView\Désinstaller.exe"
IZArc 3.81-->"C:\Program Files\IZArc\uninstall.exe"
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Micro Application - 38 Dictionnaires et Recueils de Correspondance-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\setup.exe" -l0x40c -uninst
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook 2002-->MsiExec.exe /I{911A040C-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MKVtoolnix 2.9.8-->C:\Program Files\MKVtoolnix\uninst.exe
Mobipocket Reader 6.2-->MsiExec.exe /I{342126E1-173C-4585-BFBE-3EBDD20E3E9E}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Ultra Edition-->MsiExec.exe /I{11DACFE7-DD42-4630-AB6C-47DE04BD1036}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
OziExplorer 3.95-->"c:\OziExplorer\unins000.exe"
OziExplorer Name Search Utility-->"c:\OziExplorer\Name Search\unins000.exe"
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
PerfV350 Guide d'utilisation-->C:\Program Files\EPSON\TPMANUAL\PerfV350\USE_G\DOCUNINS.EXE
Programme de gestion Camera de Logitech-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Ripp-It Codec Pack v 4.2.7-->C:\Program Files\Ripp-It Codec Pack\uninst.exe
Samsung ML-1710 Series-->C:\WINDOWS\Samsung\ML1710\Setup.exe /l40c
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sumatra PDF Reader-->"C:\Program Files\SumatraPDF\Désinstaller.exe"
Taskix-->"C:\Program Files\Taskix\Désinstaller.exe"
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VirtuaWin-->"C:\Program Files\VirtuaWin\Désinstaller.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Trust Anti-Pub-->"C:\WINDOWS\System32\Drivers\Etc\UnHosts.exe"
Windows Trust Core Codecs-->"C:\WINDOWS\System32\UnWTCC.exe"
Windows Trust Installer-->"C:\Program Files\WTInstaller\Désinstaller.exe"
WinRAR-->"C:\Program Files\WinRAR\uninstall.exe"
WinRoll-->"C:\Program Files\WinRoll\Désinstaller.exe"
XtremSplit-->"C:\Program Files\XtremSplit\Désinstaller.exe"
Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

======Hosts File======

127.0.0.1 view.atdmt.com
127.0.0.1 rad.live.com 127.0.0.1 rad.live.com

Securitycenter WMI appears to be broken

======System event log======

Computer Name: COUACCOU-05A2E2
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

Record Number: 4818
Source Name: Service Control Manager
Time Written: 20091228145822.000000+060
Event Type: Informations
User:

Computer Name: COUACCOU-05A2E2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 4817
Source Name: Service Control Manager
Time Written: 20091228145822.000000+060
Event Type: Informations
User: COUACCOU-05A2E2\Administrateur

Computer Name: COUACCOU-05A2E2
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : arrêté.

Record Number: 4816
Source Name: Service Control Manager
Time Written: 20091228090429.000000+060
Event Type: Informations
User:

Computer Name: COUACCOU-05A2E2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service RushTopDevice.

Record Number: 4815
Source Name: Service Control Manager
Time Written: 20091228090429.000000+060
Event Type: Informations
User: COUACCOU-05A2E2\Administrateur

Computer Name: COUACCOU-05A2E2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NVR0Dev.

Record Number: 4814
Source Name: Service Control Manager
Time Written: 20091228090429.000000+060
Event Type: Informations
User: COUACCOU-05A2E2\Administrateur

=====Application event log=====

Computer Name: COUACCOU-05A2E2
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091002213925.000000+120
Event Type: Informations
User:

Computer Name: COUACCOU-05A2E2
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091002213917.000000+120
Event Type: Informations
User:

Computer Name: COUACCOU-05A2E2
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091002213828.000000+120
Event Type: Informations
User:

Computer Name: COUACCOU-05A2E2
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091002213759.000000+120
Event Type: Informations
User:

Computer Name: COUACCOU-05A2E2
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091002213745.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"SysDir"=C:\WINDOWS\system32
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2010-01-27 12:31:15
Microsoft Windows XP Professionnel Service Pack 3, v.5657
System drive C: has 138 GB (69%) free of 200 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:43, on 27/01/2010
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Taskix\Taskix32.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\HiJackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start
O4 - HKLM\..\Run: [VirtuaWin] C:\Program Files\VirtuaWin\VirtuaWin.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service Google Update (gupdate1ca914f4a3df9e0) (gupdate1ca914f4a3df9e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 6816 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Taskix"=C:\Program Files\Taskix\Taskix32.exe [2008-04-02 124416]
"VirtuaWin"=C:\Program Files\VirtuaWin\VirtuaWin.exe [2008-04-24 116224]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2008-07-15 1153352]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2008-07-15 435528]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2006-07-25 1043968]
"EEventManager"=C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2006-10-12 102400]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO38]
C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe [2006-05-08 252416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\agnitum\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95
"NoDesktopCleanupWizard"=1
"NoInstrumentation"=1
"NoResolveSearch"=1
"NoResolveTrack"=1
"NoSMBalloonTip"=1
"NoSMConfigurePrograms"=1
"NoStartMenuMFUprogramsList"=1
"NoStrCmpLogical"=0
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideRunAsVerb"=
"NoActiveDesktop"=
"NoDriveTypeAutoRun"=
"NoInstrumentation"=
"NoResolveTrack"=
"NoStartMenuMFUprogramsList"=
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.reg - edit -
.reg - open -

======List of files/folders created in the last 1 months======

2010-01-24 08:55:16 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-24 08:55:16 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-24 08:55:16 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-24 08:55:12 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-01-22 23:00:29 ----D---- C:\rsit
2010-01-22 22:40:20 ----D---- C:\HiJackThis
2010-01-17 10:14:25 ----D---- C:\Program Files\EA GAMES
2010-01-14 18:43:52 ----D---- C:\WINDOWS\system32\AGEIA
2010-01-14 18:43:52 ----D---- C:\Program Files\AGEIA Technologies
2010-01-14 18:42:01 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2010-01-12 16:33:28 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2010-01-12 15:42:47 ----D---- C:\Program Files\Aspyr
2010-01-10 15:11:50 ----D---- C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX
2010-01-10 14:46:02 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-01-10 14:46:02 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-01-09 23:31:03 ----D---- C:\Program Files\AC3Filter
2010-01-09 23:28:00 ----D---- C:\TMPGEnc
2010-01-09 23:19:04 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-09 19:22:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\DivX
2010-01-09 18:21:14 ----D---- C:\Program Files\MKVtoolnix
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-01-09 18:15:48 ----N---- C:\WINDOWS\system32\px.dll
2010-01-09 18:15:02 ----D---- C:\Program Files\Google
2010-01-09 18:15:01 ----D---- C:\Program Files\Fichiers communs\DivX Shared
2010-01-09 18:15:01 ----D---- C:\Program Files\DivX
2010-01-09 18:13:50 ----D---- C:\Program Files\Ripp-It Codec Pack
2010-01-09 18:13:13 ----D---- C:\Program Files\AviSynth 2.5
2010-01-09 18:12:17 ----D---- C:\Program Files\Ripp-it_AM
2009-12-29 11:23:07 ----D---- C:\Program Files\EasybarcodelabelSha

======List of files/folders modified in the last 1 months======

2010-01-27 12:25:00 ----D---- C:\WINDOWS\Temp
2010-01-27 12:08:23 ----D---- C:\Program Files\Mozilla Firefox
2010-01-27 10:34:39 ----D---- C:\WINDOWS\Prefetch
2010-01-27 10:33:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-27 10:31:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-27 10:04:53 ----D---- C:\WINDOWS\system32\Filt
2010-01-27 09:40:06 ----D---- C:\WINDOWS
2010-01-27 09:30:46 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-27 08:46:33 ----D---- C:\Documents and Settings\Administrateur\Application Data\GrabIt
2010-01-26 22:49:35 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2010-01-24 11:04:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-24 09:16:14 ----D---- C:\WINDOWS\system32
2010-01-24 08:55:16 ----D---- C:\WINDOWS\inf
2010-01-24 08:55:13 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-24 08:55:11 ----D---- C:\WINDOWS\Help
2010-01-23 09:40:52 ----D---- C:\Program Files
2010-01-23 08:53:44 ----D---- C:\WINDOWS\system32\drivers
2010-01-20 11:45:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2010-01-17 10:19:13 ----RSD---- C:\WINDOWS\assembly
2010-01-17 10:19:13 ----D---- C:\WINDOWS\system32\DirectX
2010-01-17 10:14:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-14 18:44:00 ----SHD---- C:\WINDOWS\Installer
2010-01-14 18:42:01 ----D---- C:\Program Files\Fichiers communs
2010-01-12 10:55:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype
2010-01-12 10:54:14 ----D---- C:\Documents and Settings\Administrateur\Application Data\skypePM
2010-01-10 15:08:18 ----D---- C:\Program Files\Canon
2010-01-10 14:51:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-09 18:26:38 ----SD---- C:\WINDOWS\Tasks
2009-12-29 10:48:06 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-01-20 179584]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2007-12-29 49536]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-07-25 31488]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-07-25 33792]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-07-11 673920]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-10-05 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-15 56816]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-06-30 30864]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2008-06-30 234640]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-10-19 60800]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-10-19 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\Core Center\NTGLM7X.sys []
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-07-25 102912]
S3 a598n217;a598n217; C:\WINDOWS\system32\drivers\a598n217.sys []
S3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-07-11 33408]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-10-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-10-19 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-07-15 1238344]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-05 185089]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2006-07-25 849408]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-06 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
S2 gupdate1ca914f4a3df9e0;Service Google Update (gupdate1ca914f4a3df9e0); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-09 133104]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2008-10-19 918016]

-----------------EOF-----------------


-

J envoi le rapport GMER à la suite car les mesqsage était trop long


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 13:14:31
Windows 5.1.2600 Service Pack 3, v.5657
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aggcrfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xA71D2B4A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xA71B2C16]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xA71D514E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xA71AADA2]
SSDT BAFF9BD6 ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xA71CA646]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xA71CB15E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xA71A92FE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xA71BB682]
SSDT BAFF9BCC ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xA71B9F26]
SSDT BAFF9BDB ZwDeleteKey
SSDT BAFF9BE5 ZwDeleteValueKey
SSDT spct.sys ZwEnumerateKey [0xBA6C5CA4]
SSDT spct.sys ZwEnumerateValueKey [0xBA6C6032]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xA71C7666]
SSDT BAFF9BEA ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xA71BAD86]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xA71B10CF]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xA71BD154]
SSDT BAFF9BB8 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xA71A9D5E]
SSDT BAFF9BBD ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xA71D4342]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xA71B3C8D]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xA71BEB82]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xA71BF65E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xA71D1D92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xA71C469E]
SSDT BAFF9BF4 ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xA71D7636]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xA71D7C1A]
SSDT BAFF9BEF ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xA71C26CA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xA71C3112]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xA71D5E36]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xA71D11B6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xA71B5BDE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xA71C69C2]
SSDT BAFF9BE0 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xA71CFEE6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xA71D080E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xA71D881A]
SSDT BAFF9BC7 ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xA71CF386]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xA71C823E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xA71D35E6]

INT 0x62 ? 89DE8BF8
INT 0x63 ? 89E54BF8
INT 0x73 ? 89E54BF8
INT 0xB4 ? 89B4DBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [E6, FE, 1C, A7, 0E, 08, 1D, ...] {OUT 0xfe, AL; SBB AL, 0xa7; PUSH CS; OR [0x1d881aa7], BL; CMPSD }
? spct.sys Le fichier spécifié est introuvable. !
.rsrc C:\WINDOWS\system32\drivers\nvata.sys entry point in ".rsrc" section [0xBA5EECA4]
.text USBPORT.SYS!DllUnload B9B428AC 5 Bytes JMP 89B4D1D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95B7360, 0x24BB1D, 0xE8000020]
.text a598n217.SYS B26F8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a598n217.SYS B26F83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a598n217.SYS B26F83C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a598n217.SYS B26F83C9 1 Byte [2E]
.text a598n217.SYS B26F83C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[348] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[348] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[348] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[348] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[348] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[488] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[488] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[488] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[488] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[488] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[528] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[528] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[528] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[528] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[528] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[612] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[612] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[612] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[612] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[612] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[736] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[736] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[736] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[736] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[736] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[788] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[788] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[788] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[788] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[788] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[944] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[944] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[944] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[944] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[944] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[996] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[996] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[996] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[996] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[996] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[1004] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[1004] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[1004] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[1004] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[1004] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1016] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009CB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1016] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009CB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1016] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009CB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1016] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009CB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1016] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 009CB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1180] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1180] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1180] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1180] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1180] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1280] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1280] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1280] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1280] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1280] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1324] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1324] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1324] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1324] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1324] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1364] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1364] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1364] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1364] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1364] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1460] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1672] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 0097000A
.text C:\Program Files\Logitech\Video\LogiTray.exe[1720] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00AAB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1720] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00AAB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1720] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00AAB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1720] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00AAB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1720] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00AAB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1804] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[1940] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0104B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[1940] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0104B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[1940] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0104B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[1940] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0104B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[1940] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 0104B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\taskmgr.exe[2204] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\taskmgr.exe[2204] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\taskmgr.exe[2204] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\taskmgr.exe[2204] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\taskmgr.exe[2204] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2276] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2276] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2276] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2276] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2276] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2680] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2680] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2680] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2680] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2680] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[3204] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[3204] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[3204] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[3204] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[3204] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] spct.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] spct.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] spct.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] spct.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] spct.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B7E9C] spct.sys
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\a598n217.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\a598n217.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a598n217.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [B262C226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89E531F8

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \FileSystem\Fastfat \FatCdrom 885ED1F8
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\usbohci \Device\USBPDO-0 89B431F8
Device \Driver\usbehci \Device\USBPDO-1 89B37500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E551F8
Device \Driver\dmio \Device\DmControl\DmConfig 89E551F8
Device \Driver\dmio \Device\DmControl\DmPnP 89E551F8
Device \Driver\dmio \Device\DmControl\DmInfo 89E551F8
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DE91F8
Device \Driver\nvata \Device\00000071 89E541F8
Device \Driver\Cdrom \Device\CdRom0 89AF61F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89DE91F8
Device \Driver\Cdrom \Device\CdRom1 89AF61F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89DE91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BA5FAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [BA5FAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA5FAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 89AF61F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89A76500
Device \Driver\PCI_PNP4822 \Device\0000004a spct.sys
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{CDC42002-7DF2-44AF-B2A3-94EA49C4BEC8} 89A76500
Device \Driver\usbohci \Device\USBFDO-0 89B431F8
Device \Driver\nvata \Device\NvAta0 89E541F8
Device \Driver\USBSTOR \Device\0000007a 89BA9500
Device \Driver\usbehci \Device\USBFDO-1 89B37500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 885F91F8
Device \Driver\nvata \Device\NvAta1 89E541F8
Device \Driver\USBSTOR \Device\0000007b 89BA9500
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 885F91F8
Device \Driver\USBSTOR \Device\0000007c 89BA9500
Device \Driver\USBSTOR \Device\0000007d 89BA9500
Device \Driver\sptd \Device\3073589822 spct.sys
Device \Driver\Ftdisk \Device\FtControl 89DE91F8
Device \Driver\a598n217 \Device\Scsi\a598n2171Port4Path0Target1Lun0 899E21F8
Device \Driver\a598n217 \Device\Scsi\a598n2171 899E21F8
Device \Driver\a598n217 \Device\Scsi\a598n2171Port4Path0Target0Lun0 899E21F8
Device \FileSystem\Fastfat \Fat 885ED1F8

AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 882B81F8
Device -> \Driver\nvata \Device\Harddisk0\DR0 89C9A856

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x6B 0x53 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3E 0x52 0x91 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x39 0xC5 0xEA 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x38 0x3B 0xD4 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x6B 0x53 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3E 0x52 0x91 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x39 0xC5 0xEA 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x38 0x3B 0xD4 0xF8 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\nvata.sys suspicious modification

---- EOF - GMER 1.0.15 ---

J'ai oublié de préciser que malgré les opérations préliminaires le virus est toujours actif

Bonsoir bbn



Ok, je crois avoir repéré le souci dans le rapport gmer. On va voir si on peut confirmer ça et si on peut corriger ça.

• Clique ici pour télécharger OTL (de Old Timer) sur ton bureau
  
• Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
  
• Coche Lop Check et Purity check
  
• Sous Custom Scans (en bas), copie/colle ceci
  
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.*
  %PROGRAMFILES%\*.
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  /md5stop
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  CREATERESTOREPOINT
  
  
• Clique sur le bouton Run Scan en haut à gauche puis patiente quelques instants.
  
  
  
  • A la fin du scan, deux rapports s'ouvriront (OTL.Txt et Extras.Txt). Copie/colle ici l'ensemble des rapports.
  
  PS : Les rapport sont aussi enregistrés sur le bureau

Ils sont longs, vois si tu peux héberger le rapport sur http://cjoint.com/ et ensuite me donner le lien pour que je puisse regarder.

A plus tard

Bonsoir,
Merci beaucoup de t'occuper de mon cas apparemment c'est pas de la tarte:

En effet le scan avec OTL ne fonctionne pas:
le scan débute, puis arrivé à " scaning NT drivers32" il se bloque!!!

La dernière ligne qui figure dans "Customs scan/fixe" est: "Ntelogon.dll"

De plus j'ai essayé de faire le démarrage "sans échec" et ça ne fonctionne pas (Le PC se plante).

Disons que c'est l'infection à la mode.

Parfois OTL semble figer, mais il continue de tourner. Et parfois il se bloque vraiment.
Laisse lui un peu plus de temps svp ( environ 20 min ).

Bonne soirée

Ok
Merci bien
Je réessaierai demain

Bonne soirée

et merci encore !

Bonjour.
Suite à deux essais de OTL avec la liste joints il y avait blocage a l'endroit cité plus haut.
Après quelques tâtonnements, je me suis aperçu que c'était cette ligne qui engendrait le blocage (la dernière):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Je dois avouer que je n'active pas la mise à jour automatique de Windows
En retirant cette ligne le scan s'est déroulé normalement mais il n'a généré que le fichier OTL.Txt - Je n'ai pas trouvé le fichier Extras

http://cjoint.com/?bCodObRD11

J'espère que la clé Windows update b'est pas strictement nécessaire à cette manip

Encore merci pour le dérangement
bbn

Edit:
En fait en refaisant un scan le fichier extras a été génére :
http://cjoint.com/?bCoAKuAdd7
A+

Hello; il est 16H55 je réédite ce poste car depuis tout à l'heure je n'ai plus de fenêtres d'alerte d'antivir !
Le problème serait il réglé ??
Si c'est le cas je ne vais pas m'en plaindre!!
Cependant le démarrage en mode mode sans échec ne fonctionne toujours pas !
@+

Bonsoir

bbn a écrit:

J'espère que la clé Windows update b'est pas strictement nécessaire à cette manip

Non, on peut faire sans. Mais disons que si tu ne fais pas tes mises à jour, ton pc sera "rempli" de failles, autant dire que surfer sur le net est synonyme de suicide.

Je me demande, tu arrives à graver des cd ?


Le mode sans échec, mouais j'ai une idée du responsable ... il y a des traces de l'infection bagle. Celle ci s'attrape généralement via le réseau P2P et les cracks. Il vaut mieux éviter d'utiliser les logiciels genre Emule, on ne sait jamais sur ce quoi on va tomber. Je te conseille de désinstaller ce genre de logiciel, tout ce que je te demande pour l'instant, c'est de ne pas les utiliser (Emule et GrabIt)
Pour le moment, on va contrôler la présence ou non d'un rootkit (même si tu n'as plus d'alerte).


Télécharge TDSSKiller depuis ce lien et place le sur ton bureau.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

• Décompresse le fichier TDSSKiller et place le aussi sur ton bureau.
  
• Double clique sur TDSSKiller.exe et patiente quelques instants.
  Note : utilisateur de vista, clique droit sur le programme et sélectionne "Exécuter en tant qu'administrateur"

A la fin, un rapport sera créé à la racine du disque C: il se nomme à peu près comme ça C:\TDSSKiller.2.2.0_28.01.2010_22.10.43_log.txt. Copie ce rapport ici svp

Une aide en image ici : http://support.kaspersky.com/viruses/solutions?qid=208280684

Bonsoir,
Je viens d'effectuer la manip avec TDSSKiller
Voici le résultat

22:42:44:156 3948 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
22:42:44:156 3948 ================================================================================
22:42:44:156 3948 SystemInfo:

22:42:44:156 3948 OS Version: 5.1.2600 ServicePack: 3.0
22:42:44:156 3948 Product type: Workstation
22:42:44:156 3948 ComputerName: COUACCOU-05A2E2
22:42:44:156 3948 UserName: Administrateur
22:42:44:156 3948 Windows directory: C:\WINDOWS
22:42:44:156 3948 Processor architecture: Intel x86
22:42:44:156 3948 Number of processors: 1
22:42:44:156 3948 Page size: 0x1000
22:42:44:156 3948 Boot type: Normal boot
22:42:44:156 3948 ================================================================================
22:42:44:296 3948 UnloadDriverW: NtUnloadDriver error 2
22:42:44:296 3948 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
22:42:44:312 3948 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
22:42:44:937 3948 UtilityInit: KLMD drop and load success
22:42:44:937 3948 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
22:42:44:937 3948 UtilityInit: KLMD open success
22:42:44:937 3948 UtilityInit: Initialize success
22:42:44:937 3948
22:42:44:937 3948 Scanning Services ...
22:42:44:937 3948 CreateRegParser: Registry parser init started
22:42:44:937 3948 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
22:42:44:937 3948 CreateRegParser: DisableWow64Redirection error
22:42:44:937 3948 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
22:42:44:937 3948 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
22:42:44:937 3948 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:42:44:937 3948 wfopen_ex: Trying to KLMD file open
22:42:44:937 3948 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
22:42:44:937 3948 wfopen_ex: File opened ok (Flags 2)
22:42:44:937 3948 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 2648A0
22:42:44:937 3948 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
22:42:44:937 3948 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
22:42:44:937 3948 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:42:44:937 3948 wfopen_ex: Trying to KLMD file open
22:42:44:937 3948 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
22:42:44:937 3948 wfopen_ex: File opened ok (Flags 2)
22:42:44:937 3948 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 264948
22:42:44:937 3948 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
22:42:44:937 3948 CreateRegParser: EnableWow64Redirection error
22:42:44:937 3948 CreateRegParser: RegParser init completed
22:42:45:015 3948 GetAdvancedServicesInfo: Raw services enum returned 328 services
22:42:45:015 3948 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
22:42:45:015 3948 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
22:42:45:015 3948
22:42:45:015 3948 Scanning Kernel memory ...
22:42:45:015 3948 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
22:42:45:031 3948 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89D6F900
22:42:45:031 3948 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
22:42:45:031 3948
22:42:45:031 3948 DetectCureTDL3: DEVICE_OBJECT: 89D6EC68
22:42:45:031 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D6EC68
22:42:45:031 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D6EC68[0x38]
22:42:45:031 3948 DetectCureTDL3: DRIVER_OBJECT: 89D6F900
22:42:45:031 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D6F900[0xA8]
22:42:45:031 3948 KLMD_ReadMem: Trying to ReadMemory 0xE100C260[0x18]
22:42:45:031 3948 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:42:45:031 3948 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
22:42:45:031 3948 DetectCureTDL3: IrpHandler (1) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
22:42:45:031 3948 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
22:42:45:031 3948 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
22:42:45:031 3948 DetectCureTDL3: IrpHandler (5) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (6) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (7) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler ( addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
22:42:45:031 3948 DetectCureTDL3: IrpHandler (10) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (11) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (12) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (13) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
22:42:45:031 3948 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
22:42:45:031 3948 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
22:42:45:031 3948 DetectCureTDL3: IrpHandler (17) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (18) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (19) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (20) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (21) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
22:42:45:031 3948 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
22:42:45:031 3948 DetectCureTDL3: IrpHandler (24) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (25) addr: 804F355A
22:42:45:031 3948 DetectCureTDL3: IrpHandler (26) addr: 804F355A
22:42:45:031 3948 TDL3_FileDetect: Processing driver: Disk
22:42:45:031 3948 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:45:031 3948 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:45:218 3948 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:42:45:218 3948
22:42:45:218 3948 DetectCureTDL3: DEVICE_OBJECT: 89D96C68
22:42:45:218 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D96C68
22:42:45:218 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D96C68[0x38]
22:42:45:218 3948 DetectCureTDL3: DRIVER_OBJECT: 89D6F900
22:42:45:218 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D6F900[0xA8]
22:42:45:218 3948 KLMD_ReadMem: Trying to ReadMemory 0xE100C260[0x18]
22:42:45:218 3948 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:42:45:218 3948 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
22:42:45:218 3948 DetectCureTDL3: IrpHandler (1) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
22:42:45:218 3948 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
22:42:45:218 3948 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
22:42:45:218 3948 DetectCureTDL3: IrpHandler (5) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (6) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (7) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler ( addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
22:42:45:218 3948 DetectCureTDL3: IrpHandler (10) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (11) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (12) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (13) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
22:42:45:218 3948 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
22:42:45:218 3948 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
22:42:45:218 3948 DetectCureTDL3: IrpHandler (17) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (18) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (19) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (20) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (21) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
22:42:45:218 3948 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
22:42:45:218 3948 DetectCureTDL3: IrpHandler (24) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (25) addr: 804F355A
22:42:45:218 3948 DetectCureTDL3: IrpHandler (26) addr: 804F355A
22:42:45:218 3948 TDL3_FileDetect: Processing driver: Disk
22:42:45:218 3948 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:45:218 3948 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:45:796 3948 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:42:45:796 3948
22:42:45:796 3948 DetectCureTDL3: DEVICE_OBJECT: 89D65C68
22:42:45:796 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D65C68
22:42:45:796 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D65C68[0x38]
22:42:45:796 3948 DetectCureTDL3: DRIVER_OBJECT: 89D6F900
22:42:45:796 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D6F900[0xA8]
22:42:45:796 3948 KLMD_ReadMem: Trying to ReadMemory 0xE100C260[0x18]
22:42:45:796 3948 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
22:42:45:796 3948 DetectCureTDL3: IrpHandler (0) addr: BA90EBB0
22:42:45:796 3948 DetectCureTDL3: IrpHandler (1) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (2) addr: BA90EBB0
22:42:45:796 3948 DetectCureTDL3: IrpHandler (3) addr: BA908D1F
22:42:45:796 3948 DetectCureTDL3: IrpHandler (4) addr: BA908D1F
22:42:45:796 3948 DetectCureTDL3: IrpHandler (5) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (6) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (7) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler ( addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (9) addr: BA9092E2
22:42:45:796 3948 DetectCureTDL3: IrpHandler (10) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (11) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (12) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (13) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (14) addr: BA9093BB
22:42:45:796 3948 DetectCureTDL3: IrpHandler (15) addr: BA90CF28
22:42:45:796 3948 DetectCureTDL3: IrpHandler (16) addr: BA9092E2
22:42:45:796 3948 DetectCureTDL3: IrpHandler (17) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (18) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (19) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (20) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (21) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (22) addr: BA90AC82
22:42:45:796 3948 DetectCureTDL3: IrpHandler (23) addr: BA90F99E
22:42:45:796 3948 DetectCureTDL3: IrpHandler (24) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (25) addr: 804F355A
22:42:45:796 3948 DetectCureTDL3: IrpHandler (26) addr: 804F355A
22:42:45:796 3948 TDL3_FileDetect: Processing driver: Disk
22:42:45:796 3948 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:45:796 3948 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:45:812 3948 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:42:45:812 3948
22:42:45:812 3948 DetectCureTDL3: DEVICE_OBJECT: 89D93AB8
22:42:45:812 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D93AB8
22:42:45:812 3948 DetectCureTDL3: DEVICE_OBJECT: 89D94F18
22:42:45:812 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D94F18
22:42:45:812 3948 DetectCureTDL3: DEVICE_OBJECT: 89D92030
22:42:45:812 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D92030
22:42:45:812 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D92030[0x38]
22:42:45:812 3948 DetectCureTDL3: DRIVER_OBJECT: 89D79A08
22:42:45:812 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D79A08[0xA8]
22:42:45:812 3948 KLMD_ReadMem: Trying to ReadMemory 0xE1021BA8[0x1A]
22:42:45:812 3948 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvata, Driver Name: nvata
22:42:45:812 3948 DetectCureTDL3: IrpHandler (0) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (1) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (2) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (3) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (4) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (5) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (6) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (7) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler ( addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (9) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (10) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (11) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (12) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (13) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (14) addr: BA5D88AE
22:42:45:812 3948 DetectCureTDL3: IrpHandler (15) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (16) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (17) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (18) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (19) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (20) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (21) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (22) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (23) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (24) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (25) addr: 89DE81F8
22:42:45:812 3948 DetectCureTDL3: IrpHandler (26) addr: 89DE81F8
22:42:45:812 3948 KLMD_ReadMem: Trying to ReadMemory 0x89C92701[0x400]
22:42:45:812 3948 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
22:42:45:812 3948 Driver "nvata" StartIo handler infected by TDSS rootkit ... 22:42:45:812 3948 TDL3_StartIoHookCure: Number of patches 1
22:42:45:812 3948 KLMD_WriteMem: Trying to WriteMemory 0x89C9280A[0x6]
22:42:45:812 3948 cured
22:42:45:812 3948 TDL3_FileDetect: Processing driver: nvata
22:42:45:812 3948 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\nvata.sys
22:42:45:812 3948 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\nvata.sys
22:42:45:828 3948 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\nvata.sys - Verdict: Clean
22:42:45:828 3948
22:42:45:828 3948 DetectCureTDL3: DEVICE_OBJECT: 89D6BAB8
22:42:45:828 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D6BAB8
22:42:45:828 3948 DetectCureTDL3: DEVICE_OBJECT: 89DC5938
22:42:45:828 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DC5938
22:42:45:828 3948 DetectCureTDL3: DEVICE_OBJECT: 89D93030
22:42:45:828 3948 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D93030
22:42:45:828 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D93030[0x38]
22:42:45:828 3948 DetectCureTDL3: DRIVER_OBJECT: 89DE5250
22:42:45:828 3948 KLMD_ReadMem: Trying to ReadMemory 0x89DE5250[0xA8]
22:42:45:828 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D6B030[0x38]
22:42:45:828 3948 KLMD_ReadMem: Trying to ReadMemory 0x89D79A08[0xA8]
22:42:45:828 3948 KLMD_ReadMem: Trying to ReadMemory 0xE1021BA8[0x1A]
22:42:45:828 3948 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvata, Driver Name: nvata
22:42:45:828 3948 DetectCureTDL3: IrpHandler (0) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (1) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (2) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (3) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (4) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (5) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (6) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (7) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler ( addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (9) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (10) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (11) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (12) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (13) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (14) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (15) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (16) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (17) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (18) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (19) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (20) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (21) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (22) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (23) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (24) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (25) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: IrpHandler (26) addr: 89C92856
22:42:45:828 3948 DetectCureTDL3: All IRP handlers pointed to one addr: 89C92856
22:42:45:828 3948 KLMD_ReadMem: Trying to ReadMemory 0x89C92856[0x400]
22:42:45:828 3948 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
22:42:45:828 3948 Driver "nvata" Irp handler infected by TDSS rootkit ... 22:42:45:828 3948 KLMD_WriteMem: Trying to WriteMemory 0x89C928CF[0xD]
22:42:45:828 3948 cured
22:42:45:828 3948 KLMD_ReadMem: Trying to ReadMemory 0x89C92701[0x400]
22:42:45:828 3948 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 0
22:42:45:828 3948 TDL3_FileDetect: Processing driver: nvata
22:42:45:828 3948 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\nvata.sys
22:42:45:828 3948 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\nvata.sys
22:42:45:843 3948 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\nvata.sys - Verdict: Infected
22:42:45:843 3948 File C:\WINDOWS\system32\DRIVERS\nvata.sys infected by TDSS rootkit ... 22:42:45:843 3948 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\nvata.sys
22:42:45:843 3948 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
22:42:45:843 3948 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
22:42:45:875 3948 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
22:42:45:921 3948 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\ServicePackFiles\*) error 3
22:42:45:921 3948 TDL3_FileCure: Backup copy not found, trying to cure infected file..
22:42:45:921 3948 TDL3_FileCure: Cure success, using it..
22:42:45:921 3948 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tskA1.tmp
22:42:45:921 3948 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskA1.tmp, system32\drivers\nvata.sys)
22:42:45:921 3948 TDL3_FileCure: KLMD jobs schedule success
22:42:45:921 3948 will be cured on next reboot
22:42:45:921 3948 UtilityBootReinit: Reboot required for cure complete..
22:42:45:921 3948 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
22:42:45:937 3948 UtilityBootReinit: KLMD drop success
22:42:45:953 3948 KLMD_ApplyPendList: Pending buffer(EA0_7D47, 608) dropped successfully
22:42:45:953 3948 UtilityBootReinit: Cure on reboot scheduled successfully
22:42:45:953 3948
22:42:45:953 3948 Completed
22:42:45:953 3948
22:42:45:953 3948 Results:
22:42:45:953 3948 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
22:42:45:953 3948 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:42:45:953 3948 File objects infected / cured / cured on reboot: 1 / 0 / 1
22:42:45:953 3948
22:42:45:984 3948 UnloadDriverW: NtUnloadDriver error 1
22:42:45:984 3948 KLMD_Unload: UnloadDriverW(klmd21) error 1
22:42:45:984 3948 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
22:42:45:984 3948 UtilityDeinit: KLMD(ARK) unloaded successfully

J'ai testé le démarrage en mode sans échec : ça fonctionne !

Si tu n'as pas redémarré après avoir utilisé TDSSKiller, fais le puis poste un nouveau rapport gmer svp

Ok
j'avais redémarré
je viens de refaire un scan Gmer

Voila le résultat:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 23:34:34
Windows 5.1.2600 Service Pack 3, v.5657
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aggcrfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xA7798B4A]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xA7778C16]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xA779B14E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xA7770DA2]
SSDT B094D4D6 ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xA7790646]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xA779115E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xA776F2FE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xA7781682]
SSDT B094D4CC ZwCreateThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xA777FF26]
SSDT B094D4DB ZwDeleteKey
SSDT B094D4E5 ZwDeleteValueKey
SSDT spxf.sys ZwEnumerateKey [0xBA6C5CA4]
SSDT spxf.sys ZwEnumerateValueKey [0xBA6C6032]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xA778D666]
SSDT B094D4EA ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xA7780D86]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xA77770CF]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xA7783154]
SSDT B094D4B8 ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xA776FD5E]
SSDT B094D4BD ZwOpenThread
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xA779A342]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xA7779C8D]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xA7784B82]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xA778565E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xA7797D92]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xA778A69E]
SSDT B094D4F4 ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xA779D636]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xA779DC1A]
SSDT B094D4EF ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xA77886CA]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xA7789112]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xA779BE36]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xA77971B6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xA777BBDE]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xA778C9C2]
SSDT B094D4E0 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xA7795EE6]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xA779680E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xA779E81A]
SSDT B094D4C7 ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xA7795386]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xA778E23E]
SSDT \SystemRoot\system32\DRIVERS\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xA77995E6]

INT 0x62 ? 89E54BF8
INT 0x63 ? 89DE8BF8
INT 0x73 ? 89DE8BF8
INT 0xB4 ? 89C03F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [E6, 5E, 79, A7, 0E, 68, 79, ...] {OUT 0x5e, AL; JNS 0xffffffffffffffab; PUSH CS; PUSH 0xe81aa779; JNS 0xffffffffffffffb3}
? spxf.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B9B308AC 5 Bytes JMP 89C034E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95A5360, 0x24BB1D, 0xE8000020]
.text anif3lvo.SYS B2CF5386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text anif3lvo.SYS B2CF53AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text anif3lvo.SYS B2CF53C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text anif3lvo.SYS B2CF53C9 1 Byte [2E]
.text anif3lvo.SYS B2CF53C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[284] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[284] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[284] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[284] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[284] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[320] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[320] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[320] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[320] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[320] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[408] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[408] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[408] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[408] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[408] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[704] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[704] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[704] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[704] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Taskix\Taskix32.exe[704] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[772] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[772] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[772] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[772] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[772] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[780] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 009CB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[780] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 009CB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[780] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 009CB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[780] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 009CB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[780] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 009CB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[788] kernel32.dll!LoadResource 7C80A045 5 Bytes JMP 0056D260 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[788] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00567184 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[788] user32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 005671DC C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[788] user32.dll!EnableWindow 7E3A9849 5 Bytes JMP 01671C24 C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[788] user32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 005671B0 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[964] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[964] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[964] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[964] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[964] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1032] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1032] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1032] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1032] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1032] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1168] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1168] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1168] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1168] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCD.exe[1168] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1248] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1248] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1248] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1248] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1248] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1292] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1292] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1292] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1292] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe[1292] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1316] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1316] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1316] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1316] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1316] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[1320] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[1320] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[1320] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[1320] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrateur\Bureau\gmer.exe[1320] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1372] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1372] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1372] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1372] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[1372] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1376] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1376] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1376] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1376] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[1376] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1540] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1540] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1540] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1540] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[1540] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1620] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 00AAB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1620] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 00AAB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1620] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 00AAB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1620] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 00AAB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[1620] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 00AAB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1644] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1644] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1644] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1644] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[1644] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1784] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1784] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1784] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1784] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1784] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[2028] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 0104B84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[2028] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 0104B4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[2028] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 0104B508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[2028] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 0104B878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[2028] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 0104B534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 00524834 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2444] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2444] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2444] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2444] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2444] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 5 Bytes JMP 100AB84C c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] USER32.dll!SetForegroundWindow 7E3A42ED 5 Bytes JMP 100AB4DC c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] USER32.dll!SetWindowPos 7E3A99F3 5 Bytes JMP 100AB508 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 5 Bytes JMP 100AB878 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2900] USER32.dll!EndTask 7E3DA0A5 5 Bytes JMP 100AB534 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A8042] spxf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A813E] spxf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A80C0] spxf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A8800] spxf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A86D6] spxf.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B7E9C] spxf.sys
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\anif3lvo.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [B2CC6226] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89DE71F8
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\usbohci \Device\USBPDO-0 89C021F8
Device \Driver\usbehci \Device\USBPDO-1 89B5D500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DE91F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DE91F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DE91F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DE91F8
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\PCI_PNP6838 \Device\00000049 spxf.sys
Device \Driver\nvata \Device\00000070 89DE81F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E551F8
Device \Driver\Cdrom \Device\CdRom0 89B2F498
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E551F8
Device \Driver\Cdrom \Device\CdRom1 89B2F498
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E551F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BA5FAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [BA5FAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BA5FAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 89B2F498
Device \Driver\sptd \Device\4133531838 spxf.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 88DAA1F8
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{CDC42002-7DF2-44AF-B2A3-94EA49C4BEC8} 88DAA1F8
Device \Driver\usbohci \Device\USBFDO-0 89C021F8
Device \Driver\nvata \Device\NvAta0 89DE81F8
Device \Driver\usbehci \Device\USBFDO-1 89B5D500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88A11500
Device \Driver\nvata \Device\NvAta1 89DE81F8
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88A11500
Device \Driver\nvata \Device\0000006f 89DE81F8
Device \Driver\Ftdisk \Device\FtControl 89E551F8
Device \Driver\anif3lvo \Device\Scsi\anif3lvo1Port4Path0Target1Lun0 8998B500
Device \Driver\anif3lvo \Device\Scsi\anif3lvo1 8998B500
Device \Driver\anif3lvo \Device\Scsi\anif3lvo1Port4Path0Target0Lun0 8998B500
Device \FileSystem\Cdfs \Cdfs 889C0500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x6B 0x53 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3E 0x52 0x91 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x39 0xC5 0xEA 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x38 0x3B 0xD4 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD9 0x6B 0x53 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3E 0x52 0x91 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x39 0xC5 0xEA 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x38 0x3B 0xD4 0xF8 ...

---- EOF - GMER 1.0.15 ----

Ok, alors on passe à la suite.


Clique ici pour télécharger Rooter sur ton bureau
Lance le, à la fin il te donnera un rapport, copie/colle son contenu ici svp (tu le trouveras aussi ici C:\Rooter.txt)



Clique ici ou là pour télécharger Findykill sur ton bureau
Note : le fichier s'appelle Setup.exe

• Ferme toutes tes fenêtres.
  
• Double clique sur Setup.exe
  Note : utilisateur de vista, clique droit sur Setup.exe et sélectionne "Exécuter en tant qu'administrateur"
  
• Sélectionne l'option "Français" puis "Entrée"
  
• Select option "1 # Recherche" en tapant1 puis "Entrée".
  Puis patiente ...

A la fin, un rapport s'ouvrira, copie/colle son contenu ici svp.

Ok pour rooter

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3, v.5657
[32_bits] - x86 Family 15 Model 79 Stepping 2, AuthenticAMD
.
Error OpenService (wscsvc) : 1060
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.13
Mozilla Firefox 3.5.7 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:195 Go - Free:134 Go )
D:\ [Fixed-NTFS] .. ( Total:400 Go - Free:393 Go )
E:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:465 Go - Free:452 Go )
J:\ [CD_Rom]
K:\ [CD_Rom]
.
Scan : 23:49.32
Path : C:\Documents and Settings\Administrateur\Bureau\Rooter.exe
User : Administrateur ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1012)
______ \??\C:\WINDOWS\system32\csrss.exe (1196)
______ \??\C:\WINDOWS\system32\winlogon.exe (1248)
______ C:\WINDOWS\system32\services.exe (1316)
______ C:\WINDOWS\system32\lsass.exe (1328)
______ C:\WINDOWS\system32\svchost.exe (1500)
______ C:\WINDOWS\system32\svchost.exe (1572)
______ C:\WINDOWS\System32\svchost.exe (1696)
______ C:\WINDOWS\system32\svchost.exe (1744)
______ C:\WINDOWS\system32\spoolsv.exe (320)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (408)
______ C:\WINDOWS\Explorer.EXE (540)
______ C:\Program Files\Taskix\Taskix32.exe (704)
______ C:\Program Files\VirtuaWin\VirtuaWin.exe (772)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (780)
Locked op_mon.exe (788)
______ C:\Program Files\Nero\Nero 7\InCD\InCD.exe (1168)
______ C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (1292)
______ C:\WINDOWS\system32\LVCOMSX.EXE (1376)
______ C:\Program Files\Logitech\Video\LogiTray.exe (1620)
______ C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (1644)
______ C:\Program Files\MSI\Core Center\CoreCenter.exe (2028)
______ C:\PROGRA~1\MI3AA1~1\rapimgr.exe (1372)
Locked acs.exe (2040)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1032)
______ C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (1540)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1784)
______ C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (284)
______ C:\WINDOWS\system32\nvsvc32.exe (964)
______ C:\WINDOWS\system32\svchost.exe (144)
______ C:\Program Files\Logitech\Video\FxSvr2.exe (2444)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3968)
______ C:\Documents and Settings\Administrateur\Bureau\Rooter.exe (2164)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:209966690304)
\Device\Harddisk0\Partition2 (Start_Offset:209966722560 | Length:430165693440)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
Rootkit! ... [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit! ... [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]
Rootkit! ... [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\ADMINI~1\APPLIC~1\drivers
==> Bagle <==
.
----------------------\\ Scan completed at 23:49.33
.
C:\Rooter$\Rooter_1.txt - (28/01/2010 | 23:49.33)

Malheureusement Findykill ne supporte pas ma version de windows
c'est wintrust

Ok merci pour l aide on verra demain pour le reste.
il me semble que ça va beaucoup mieux

Bonne nuit
@+

Bonsoir bbn


Je m'en doutais ...

Bien que je comprenne, et que le pc soit encore infecté par le ver bagle, je ne peux pas continuer à essayer de t'aider :
- car windows trust est illégal,
et
- car c'est contraire aux conditions d'utilisation du forum.

Je ne peux que te conseiller d'installer une version légale de windows, ou de passer sous Linux.

Bonne soirée (si on peut dire)

Sujet fermé. Si vous souhaitez réouvrir ce sujet, faites en la demande par MP en indiquant la raison et le lien vers ce sujet. Cela ne s'applique qu'à bbn. Pour les autres, créez votre propre sujet svp.