nividig

Bonsoir Thanos, je te remercie pour ces précieux conseils; Je vais désinstaller Avast et re-installer Antivir. Pour ce qui est de la mule, elle ne tourne qu’épisodiquement avec mes filles ....! je te souhaite une bonne soirée et une bonne continuation sur ce Forum. Sans doute A +

Bonsoir Thanos, et encore merci pour ton aide ! Voici le rapport de GMER : GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-09-26 19:44:01 Windows 5.1.2600 Service Pack 3 Running: bn3qwnj5.exe; Driver: C:\DOCUME~1\LEBERR~1\LOCALS~1\Temp\kwtdrfoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEDB0DCF0] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0xEDCC9868] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEDB0DBAC] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0xEDCC8E90] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0xEDCC8D9C] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0xEDCC93FC] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0xEDCCA210] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEDB0E160] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEDB0E08A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEDB0D782] SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0xF236501C] SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0xF2365168] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0xEDCC9B54] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEDB0DC86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEDB0D6C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEDB0D726] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEDB0DDA6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEDB0E22E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEDB0DD66] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0xEDCC94EC] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0xEDCC9E8C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEDB0DEE6] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB93056D0] SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0xEDCC9DE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEDB1A9D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP EDB1A9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP EDB165D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP EDB17FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xEF240360, 0x372FAD, 0xE8000020] init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xEEEFD870] ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[240] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[240] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[240] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00130F54 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00130FE0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00130D24 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00130DB0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00130E3C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00130EC8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] ws2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] ws2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[400] ws2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[476] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\nvsvc32.exe[704] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\nvsvc32.exe[704] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\nvsvc32.exe[704] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[784] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[828] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\Explorer.EXE[864] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\Explorer.EXE[864] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\Explorer.EXE[864] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54 .text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24 .text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C .text C:\WINDOWS\Explorer.EXE[864] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8 .text C:\WINDOWS\Explorer.EXE[864] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\Explorer.EXE[864] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\Explorer.EXE[864] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[928] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[928] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[952] WS2_32.dll!socket 719F4211 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[952] WS2_32.dll!bind 719F4480 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[952] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[996] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[996] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[1008] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[1008] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[1008] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00030720 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00030F54 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00030FE0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00030D24 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00030DB0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00030E3C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[1176] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00030EC8 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1184] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\netdde.exe[1356] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\netdde.exe[1356] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\netdde.exe[1356] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1380] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1380] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[1380] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1400] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1552] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00130F54 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00130FE0 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00130D24 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00130DB0 .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00130E3C .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1560] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00130EC8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1596] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Java\jre6\bin\jqs.exe[1724] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[1808] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] WS2_32.dll!socket 719F4211 5 Bytes JMP 001308C4 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] WS2_32.dll!bind 719F4480 5 Bytes JMP 00130838 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00130950 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00130F54 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00130FE0 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenA 404C3081 5 Bytes JMP 00130D24 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenW 404C36B1 5 Bytes JMP 00130DB0 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00130E3C .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] wininet.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00130EC8 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2060] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wdfmgr.exe[2092] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wdfmgr.exe[2092] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wdfmgr.exe[2092] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\UPHClean\uphclean.exe[2148] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\System32\dmadmin.exe[2188] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\System32\dmadmin.exe[2188] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\WINDOWS\System32\dmadmin.exe[2188] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\wuauclt.exe[2476] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\wuauclt.exe[2476] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\wuauclt.exe[2476] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\wuauclt.exe[2476] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\wuauclt.exe[2476] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\wuauclt.exe[2476] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\alg.exe[3252] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\alg.exe[3252] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\alg.exe[3252] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!socket 719F4211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!bind 719F4480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\alg.exe[3252] WS2_32.dll!connect 719F4A07 5 Bytes JMP 00080950 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 001307AC .text C:\Documents and Settings\Le berre\Bureau\bn3qwnj5.exe[3816] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wscntfy.exe[3952] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wscntfy.exe[3952] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wscntfy.exe[3952] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00070720 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002 IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ---- @+

Voila le rapport demandé : "0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: Sys6925.Config Collection.sys Submission date: 2010-09-24 22:22:37 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.09.25.00 2010.09.24 - AntiVir 7.10.12.30 2010.09.24 - Antiy-AVL 2.0.3.7 2010.09.24 - Authentium 5.2.0.5 2010.09.24 - Avast 4.8.1351.0 2010.09.24 - Avast5 5.0.594.0 2010.09.24 - AVG 9.0.0.851 2010.09.24 - BitDefender 7.2 2010.09.24 - CAT-QuickHeal 11.00 2010.09.24 - ClamAV 0.96.2.0-git 2010.09.24 - Comodo 6189 2010.09.24 - DrWeb 5.0.2.03300 2010.09.24 - Emsisoft 5.0.0.37 2010.09.24 - eSafe 7.0.17.0 2010.09.21 - eTrust-Vet 36.1.7874 2010.09.24 - F-Prot 4.6.2.117 2010.09.24 - F-Secure 9.0.15370.0 2010.09.24 - Fortinet 4.1.143.0 2010.09.24 - GData 21 2010.09.24 - Ikarus T3.1.1.88.0 2010.09.24 - Jiangmin 13.0.900 2010.09.21 - K7AntiVirus 9.63.2600 2010.09.24 - Kaspersky 7.0.0.125 2010.09.24 - McAfee 5.400.0.1158 2010.09.25 - McAfee-GW-Edition 2010.1C 2010.09.24 - Microsoft 1.6201 2010.09.24 - NOD32 5477 2010.09.24 - Norman 6.06.06 2010.09.24 - nProtect 2010-09-24.02 2010.09.24 - Panda 10.0.2.7 2010.09.24 - PCTools 7.0.3.5 2010.09.24 - Prevx 3.0 2010.09.25 - Rising 22.66.00.07 2010.09.21 - Sophos 4.58.0 2010.09.24 - Sunbelt 6924 2010.09.24 - SUPERAntiSpyware 4.40.0.1006 2010.09.25 - Symantec 20101.1.1.7 2010.09.24 - TheHacker 6.7.0.0.030 2010.09.24 - TrendMicro 9.120.0.1004 2010.09.24 - TrendMicro-HouseCall 9.120.0.1004 2010.09.24 - VBA32 3.12.14.1 2010.09.24 - ViRobot 2010.9.24.4059 2010.09.24 - VirusBuster 12.65.25.0 2010.09.24 - Additional informationShow all MD5 : 7419cc5cfcf5664ad9ffb5bb0e31a422 SHA1 : 21b363662189a62541ef55472489ba08cf862b5a SHA256: 3f4dc2b21e587f0f3053e7639b047223ad8e8b54e7d983b9e5d853296d5cfc5d VT Community This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team " @°

Voila, pour se qui est d'avast, le scan est finis et il n'a rien trouvé. Pour Info : Temps écoulé : 1:10:52 Fichiers testés : 164617 Dossiers testés : 13832 Volume de données testées : 174,3 GO Fichiers infectés : 0 Je poursuis @+

1h05 de scan et 76% de realisé ....! (Ps je post avec mon portable )

Bonsoir Thanos, OK je lance un scan et je post le rapport. A tout de suite.

Bonsoir à tous, après une petite absence pour raison professionnelle, je reprend mon Post et comme me la demandé Thanos je post les deux rapport de RSIT : 1- le log.txt 2- l'info.txt Logfile of random's system information tool 1.08 (written by random/random) Run by Le berre at 2010-09-24 21:32:07 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 29 GB (15%) free of 191 GB Total RAM: 511 MB (39% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:32:51, on 24/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Documents and Settings\Le berre\Mes documents\Downloads\RSIT.exe C:\Program Files\trend micro\Le berre.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Télécharger eMule, aide, optimisation et forum de support. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe -- End of file - 8060 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-413027322-682003330-1004Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-413027322-682003330-1004UA.job C:\WINDOWS\tasks\HPpromotions journeysoftware.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}] ECarteBleueBrowserHelper Class - C:\WINDOWS\system32\BhoECart.dll [2003-10-31 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-22 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-22 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\Le berre\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-09 136176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [2006-03-23 1398272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-08-09 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [2005-01-18 458752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [2005-01-18 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2006-09-15 2048000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2004-05-26 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowIcon_D-Jix_1000 USB Driver] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FunTV Remote Control.lnk] C:\Program Files\FunTV Installation \T7Ir9x.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2006-09-07 450560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Le berre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk] C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UPS"=3 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoWindowsUpdate"=0 "NoFavoritesMenu"=0 "NoSMMyPictures"=0 "NoStartMenuMyMusic"=0 "NoRecentDocsNetHood"=0 "NoUserNameInStartMenu"=1 "NoInstrumentation"=0 "NoStartMenuPinnedList"=0 "ForceStartMenuLogoff"=0 "NoSharedDocuments"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoFavoritesMenu"=0 "NoSMMyPictures"=0 "NoStartMenuMyMusic"=0 "NoRecentDocsNetHood"=0 "NoInstrumentation"=0 "NoSimpleStartMenu"=0 "AllowLegacyWebView"=1 "AllowUnhashedWebView"=1 "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2010-09-24 21:32:07 ----D---- C:\rsit 2010-09-05 23:37:59 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2010-09-04 10:21:22 ----D---- C:\Program Files\Fichiers communs\Sonic Shared 2010-09-04 10:20:24 ----D---- C:\Program Files\Fichiers communs\HP 2010-08-28 13:02:46 ----D---- C:\Documents and Settings\Le berre\Application Data\skypePM 2010-08-28 13:01:11 ----D---- C:\Documents and Settings\Le berre\Application Data\Skype 2010-08-28 12:59:55 ----D---- C:\Program Files\Fichiers communs\Skype 2010-08-28 12:59:28 ----RD---- C:\Program Files\Skype 2010-08-28 12:59:08 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2010-08-27 18:29:13 ----ASH---- C:\Documents and Settings\Le berre\Application Data\Sys6925.Config Collection.sys 2010-08-27 18:28:50 ----D---- C:\Program Files\jv16 PowerTools 2010 2010-08-27 18:22:19 ----RA---- C:\WINDOWS\system32\drivers\SbFw.sys 2010-08-27 18:22:19 ----A---- C:\WINDOWS\system32\drivers\SbFwIm.sys ======List of files/folders modified in the last 1 months====== 2010-09-24 21:32:50 ----D---- C:\Program Files\Trend Micro 2010-09-24 21:32:07 ----D---- C:\WINDOWS\Prefetch 2010-09-24 20:53:10 ----D---- C:\WINDOWS\Temp 2010-09-24 16:44:54 ----D---- C:\Program Files\Mozilla Firefox 2010-09-24 16:41:46 ----D---- C:\WINDOWS 2010-09-24 16:39:37 ----D---- C:\WINDOWS\system32\drivers 2010-09-21 21:15:48 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-09-20 17:55:25 ----D---- C:\WINDOWS\system32 2010-09-20 17:49:52 ----D---- C:\WINDOWS\peernet 2010-09-20 13:52:04 ----A---- C:\WINDOWS\NeroDigital.ini 2010-09-17 14:20:57 ----D---- C:\WINDOWS\Debug 2010-09-15 22:31:41 ----SHD---- C:\WINDOWS\Installer 2010-09-15 22:31:40 ----D---- C:\Config.Msi 2010-09-15 22:31:38 ----A---- C:\WINDOWS\win.ini 2010-09-15 22:31:23 ----HD---- C:\WINDOWS\inf 2010-09-15 22:31:19 ----HD---- C:\WINDOWS\$hf_mig$ 2010-09-15 22:31:15 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-09-15 22:27:32 ----A---- C:\WINDOWS\system32\MRT.exe 2010-09-15 21:08:32 ----D---- C:\WINDOWS\system32\CatRoot2 2010-09-07 17:11:54 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-09-05 23:37:59 ----AD---- C:\Program Files 2010-09-04 11:42:41 ----SD---- C:\WINDOWS\Tasks 2010-09-04 11:32:06 ----RSD---- C:\WINDOWS\assembly 2010-09-04 10:21:22 ----D---- C:\Program Files\Fichiers communs 2010-09-04 10:21:20 ----RSD---- C:\WINDOWS\Fonts 2010-09-04 10:18:23 ----D---- C:\Program Files\Hewlett-Packard 2010-09-04 10:18:11 ----D---- C:\Program Files\HP 2010-09-04 10:17:45 ----D---- C:\WINDOWS\twain_32 2010-09-04 10:02:44 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2010-09-04 10:01:42 ----D---- C:\Program Files\Pixum AG 2010-09-04 10:01:17 ----D---- C:\Program Files\Panda Security 2010-09-04 10:01:14 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-09-04 10:00:30 ----D---- C:\Program Files\MSN Messenger 2010-09-04 10:00:29 ----D---- C:\Program Files\Messenger Plus! Live 2010-09-04 10:00:07 ----D---- C:\Program Files\ma-config.com 2010-09-04 10:00:07 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2010-09-04 09:59:15 ----HD---- C:\Program Files\InstallShield Installation Information 2010-09-04 09:54:19 ----D---- C:\WINDOWS\WinSxS 2010-08-27 18:35:25 ----D---- C:\WINDOWS\Internet Logs 2010-08-27 18:23:11 ----D---- C:\WINDOWS\system32\CatRoot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 gagp30kx;Filtre AGP version 3.0 générique Microsoft pour plates-formes à base de processeur K8; C:\WINDOWS\System32\DRIVERS\gagp30kx.sys [2008-04-13 46464] R0 ohci1394;Contrôleur hôte compatible IEE 1394 VIA OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2008-11-20 43872] R0 viasraid;viasraid; C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 77312] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-07-16 13056] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-03-23 29440] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-03-23 33536] R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888] R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176] R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887] R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711] R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751] R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-03 6554496] R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576] R3 Tunx00;FunTV Video Capture; C:\WINDOWS\system32\DRIVERS\Tunx00.sys [2004-01-16 302720] R3 TxTuner;FunTV TV Tuner; C:\WINDOWS\system32\DRIVERS\TxTuner.sys [2004-01-16 26880] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-03-23 102016] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167] S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-08-01 389135] S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS\system32\DRIVERS\enum1394.sys [2001-08-17 6400] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744] S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471] S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880] S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016] S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632] S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616] S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512] S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648] S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 88688] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18704] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 86560] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 90800] S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536] S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360] S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088] S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624] S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704] S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432] S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800] S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb2vcom;USB Data Cable; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-02-19 29152] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-03-23 880128] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-22 153376] R2 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812] R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136] R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [] -----------------EOF----------------- info.txt logfile of random's system information tool 1.08 2010-09-24 21:33:00 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" adsl TV-->C:\Program Files\adslTV\Uninstal.exe Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe" avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B} CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" ClearProg 1.5.0 Final-->C:\Program Files\ClearProg\Uninstall.exe Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} EasyGPRS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56108448-9B38-4FF8-BE61-2ED13C19D0FE}\setup.exe" -l0x40c e-COMO-->"C:\Program Files\ColiPoste\eCOMO\uninstall.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97} ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9} ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619} ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567} EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Exifer-->"C:\Program Files\Exifer\unins000.exe" ffdshow-->"C:\WINDOWS\system32\uninstall.exe" Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe FreePack-->c:\Program Files\FreePack\Uninstal.exe Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Java 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} jetAudio Basic VX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0xc0c -removeonly Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} jv16 PowerTools 2010-->"C:\Program Files\jv16 PowerTools 2010\Uninstall\uninstall.exe" "/U:C:\Program Files\jv16 PowerTools 2010\Uninstall\uninstall.xml" L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Ma-Config.com-->MsiExec.exe /X{14E3D14B-7852-477D-ACE2-895AF4322804} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{CC1DB186-550F-3CFE-A2A9-EBA5E5A34BC1} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC} Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72} Mise à jour de sécurité pour Lecteur Windows Media (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.5.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D} PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" Power2Go 3.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerCinema 3.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall PowerDirector-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall PowerStarter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT P-touch Editor 3.2-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\brother\Ptouch32\Uninst.isu" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0} Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898} Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TomTom HOME 2.7.5.2014-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E} Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: avast! Antivirus FW: Sunbelt Personal Firewall ======System event log====== Computer Name: LE-1MAJRCC53HXS Event Code: 7001 Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 21382326 Source Name: Service Control Manager Time Written: 20100920173239.000000+120 Event Type: erreur User: Computer Name: LE-1MAJRCC53HXS Event Code: 7001 Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 21382325 Source Name: Service Control Manager Time Written: 20100920173239.000000+120 Event Type: erreur User: Computer Name: LE-1MAJRCC53HXS Event Code: 7001 Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 21382324 Source Name: Service Control Manager Time Written: 20100920173225.000000+120 Event Type: erreur User: Computer Name: LE-1MAJRCC53HXS Event Code: 7001 Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 21382323 Source Name: Service Control Manager Time Written: 20100920173225.000000+120 Event Type: erreur User: Computer Name: LE-1MAJRCC53HXS Event Code: 7001 Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur : Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé. Record Number: 21382322 Source Name: Service Control Manager Time Written: 20100920173225.000000+120 Event Type: erreur User: =====Application event log===== Computer Name: LE-1MAJRCC53HXS Event Code: 1401 Message: The following handles in user profile hive LE-1MAJRCC53HXS\Le berre (S-1-5-21-842925246-413027322-682003330-1004) have been remapped because they were preventing the profile from unloading successfully: spoolsv.exe (736) HKCU\Software\Policies (0x3e4) HKCU\Software (0x3f0) winlogon.exe (1432) HKCU\Software\Classes (0x64c) Record Number: 30562 Source Name: UPHClean Time Written: 20090920175707.000000+120 Event Type: Informations User: LE-1MAJRCC53HXS\Le berre Computer Name: LE-1MAJRCC53HXS Event Code: 4113 Message: Record Number: 30561 Source Name: Avira AntiVir Time Written: 20090920050821.000000+120 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: LE-1MAJRCC53HXS Event Code: 4113 Message: Record Number: 30560 Source Name: Avira AntiVir Time Written: 20090920050801.000000+120 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: LE-1MAJRCC53HXS Event Code: 4113 Message: Record Number: 30559 Source Name: Avira AntiVir Time Written: 20090920050739.000000+120 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: LE-1MAJRCC53HXS Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 30558 Source Name: SecurityCenter Time Written: 20090920024146.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Teleca Shared "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0c00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF----------------- Merci d'avance pour votre aide. @+

Bonjour Thanos, je te remercie pour ton aide. Actuellement je suis en déplacement et je serait de retour Vendredi. Je suivrais tes conseils et je posterais la réponse. Encore merci et à vendredi.

A toute hasard, je post un LOG : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:26, on 20/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\netdde.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\dmadmin.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Télécharger eMule, aide, optimisation et forum de support. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 7040 bytes

Bonjour à tous, depuis quelques jours mon PC rame, on dirait que quelques programmes fonctionnent au ralenti et Avast m'affiche toute s les 5 minutes une alerte "DC EXPLOIT" . Cette après midi j'ai fait un scan avec Malwarebytes et il m'a trouvé : Trojan.Agent dans : C:\Program Files\Ahead\ImageDrive\ImageDrive.cpl . Est-ce que quelqu'un à une petite idée. Mon PC est-il infecté. Comment supprimer ce Tojan. mes protections sont les suivantes : Antivirus : Avast Pare Feu : Kerio SPF Antimalware : Malwarebytes Autres : CCleaner; ClearProg. J'ai XP et je navigue avec Chrome. Voila je pense avoir tout dit. Merci d'avance pour toutes réponses. @+

Bonjour, merci "TICLOU" et "FICHE" d'avoir passés un peu de temps sur mon post. J'ai donc crèer un CD De sauvegarde de Seven et creer un ghost via un disque dur exterieur (trés pratique d'ailleurs avec seven, car il le propose sans telecharger de logiciel specifique.) Ensuite j'ai donc installé Ccleaner, ClearProg, Avira, Malwarebytes et comme pare feu j'ai gardé celui de seven. Si vous avez d'autres conseils n'hesitez pas. Bonne journée.

Bonjour, je viens d'acheter un PC (DELL Studio 15) pour ma fille. Il est equipé de Windows Seven. En ce momment je suis entrain de lui faire un GHOST dès la premiere utilisation et avant installation de tout logiciel. J'ai l'intention ensuite de lui telecharger plusieurs logiciel de securite (Gratuit). J'aurais voulu avoir vos avis sur ces Logiciels : -Antivirus :AVIRA -Pare-Feu : Sunbelt Personal Firewall -Anti Malware : MALWAREBYTES -Netoyage systeme : CCleaner + Clearprog -Defragmenteur : Auslogics Disk Defrag Si vous avez des conseils où des avis differents n'hesitez pas à mes conseiller. Bon weekend à tous ceux qui liront ce message.

Erreur de manip

Bonjour, J'ai un petit soucis avec mon PC ( HP EliteBook 6930p), je trouve qu'il est de plus en plus long au demarrage, j'ai une fenetre "Windows Instaler" qui s'ouvre tout le temp depuis quelques jours et, pour couronner le tout je n'ai plus le curseur d mon PAD qui me permets de naviguer sur une page. Mon antivirus est CA eTrust, mon parefeu : Sunbelt personal Firewall, mon anti spyware : Malwarebytes et j'utilise frequemment : Ccleaner, Clearprog et ATF-Cleaner. Je vous post un Hijackthis au cas où et je remercie d'avance toutes les personnes qui passeront un peu de tmps sur ce sujet. Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:51:14, on 03/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\CA\eTrustITM\Realmon.exe C:\windows\system32\wuauclt.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chkeriopontivy-extranet.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: APSHook.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe O23 - Service: Service RPC eTrust ITM (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe O23 - Service: Service en temps réel eTrust ITM (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe O23 - Service: Service des jobs eTrust ITM (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdwserv.exe O23 - Service: lxdw_device - - C:\windows\system32\lxdwcoms.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe End of file - 10050 bytes Configuration: Windows Vista Internet Explorer 7.0

Et bien je te remercie Apollo pour m'avoir donné un sérieux coup de main, j'ai téléchargé Kerio comme par feu , j'ai désinstallé Ad-Aware et je m'occuperais de Spybot vendredi (En effet je travail en déplacement toute la semaine ). Mon PC ne "rame" plus et j'ai une vitesse d' accès à internet tout à fait suffisante! Encore merci, Bonne semaine ! A+ Nividig

Voila, plus de deux heures de scan , il n'y a aucune infection. Maintenant j'installe Kerio et je désinstalle Ad-Aware et Spybot .

Merci pour tes conseils que je vais bien entendu suivre, en ce moment je suis toujours entrain de scanner avec Kapersky (71%) et je post le rapport des qu'il se termine, Je vais donc supprimer Ad-Aware et Spybot, mais est-ce que je supprime aussi CCleaner et Clearprog que j'ai pour habitude de lancer avant d'eteindre mon Pc , au profit peut-être de ATF-Cleaner?

Re-Bonsoir, voici le rapport MBAM, je suis tes conseils pour le reste et je post un nouveau message des que j'ai finis. A+ Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1884 Windows 5.1.2600 Service Pack 3 22/03/2009 19:17:48 mbam-log-2009-03-22 (19-17-48).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 227937 Temps écoulé: 1 hour(s), 17 minute(s), 6 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Bon, voila je viens de finir avec MBAM et donc je post un nouveau log Hijackthis, Merci A+: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:23:54, on 22/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6307 bytes

Bonsoir, Apollo Je suis entrain de suivre tes conseils, j'ai désinstaller Bitdefender et remplacé Avast par Antivir. J'ai fait un scan avec antivir et je post ici le rapport : Avira AntiVir Personal Date de création du fichier de rapport : dimanche 22 mars 2009 16:41 La recherche porte sur 1310879 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur :LE-1MAJRCC53HXS Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 15:36:23 ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 15:36:27 ANTIVIR3.VDF : 7.1.2.198 271872 Bytes 21/03/2009 15:36:29 Version du moteur: 8.2.0.120 AEVDF.DLL : 8.1.1.0 106868 Bytes 22/03/2009 15:36:43 AESCRIPT.DLL : 8.1.1.67 364923 Bytes 22/03/2009 15:36:42 AESCN.DLL : 8.1.1.8 127346 Bytes 22/03/2009 15:36:40 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.10 397686 Bytes 22/03/2009 15:36:40 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 22/03/2009 15:36:38 AEHEUR.DLL : 8.1.0.107 1663352 Bytes 22/03/2009 15:36:38 AEHELP.DLL : 8.1.2.2 119158 Bytes 22/03/2009 15:36:32 AEGEN.DLL : 8.1.1.30 336245 Bytes 22/03/2009 15:36:31 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.6.6 176501 Bytes 22/03/2009 15:36:30 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: marche Fichier mode de recherche........: Sélection de fichiers intelligente Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : dimanche 22 mars 2009 16:41 La recherche d'objets cachés commence. '99862' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'dmadmin.exe' - '1' module(s) sont contrôlés Processus de recherche 'uphclean.exe' - '1' module(s) sont contrôlés Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'aawservice.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'incdsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '28' processus ont été contrôlés avec '28' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD4 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD5 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD6 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD7 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. Secteur d'amorçage maître HD8 [iNFO] Aucun virus trouvé ! [AVERTISSEMENT] Erreur système [21]: Le périphérique n'est pas prêt. La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '62' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegCleanr.zip [RESULTAT] Contient le code suspect GEN/PwdZIP [REMARQUE] Le résultat positif a été classé comme suspect. [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a2d5dad.qua' ! Fin de la recherche : dimanche 22 mars 2009 17:42 Temps nécessaire: 1:02:01 Heure(s) La recherche a été effectuée intégralement 12294 Les répertoires ont été contrôlés 401620 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 1 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 1 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 401618 Fichiers non infectés 3337 Les archives ont été contrôlées 9 Avertissements 1 Consignes 99862 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Bon, à tout a l'heure, je continu à suivre tes conseils.

Bonjour, Depuis le weekend dernier et une mise la jour de Windows XP SP3 (plus de 30 heures de téléchargement!), je ne peut plus utiliser ni Spybot, ni Ad-Aware (erreur 1814 ?), j'ai aussi désinstaller Zone Alarme, de plus mon PC est extrêmement lent . J'ai essayé une restauration du système et cela n'a rien donné. Quelques petites précisions : J'ai donc Windows XP , mon antivirus est Avast, en antipyware j'utilise Ad-Aware et Spybot Mon Par feu est Zone Alarme. Je passe régulièrement CCleaner et Clearprog. je defragmente avec AusLogics Disk Defrag et pour acceder à internet je me sert de Firefox Je remercie par avance les Forumeurs qui passeront un peu de temps sur mon sujet et je post un rapport Hijackthis au cas où: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:28:32, on 22/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\System32\dmadmin.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 6861 bytes

Bonjour , j'aurais voulu savoir si il etait possible de supprimer Windows live Messenger d'un des Quatres comptes que j'ai sur mon PC mais sans le désinstaller des autres utilisateurs .( Je suis l'administrateur de celui-ci ).

Merci pour la preçision A+

Gil-Galad et Guru Mediation je vous remercie pour la rapidité et la préçision de vos réponses ; je peux maintenant effectuer mon achat avec sérénité ! A+

La boite , les vis , les cables se n'est pas grave puisque je remplace un graveur HS . Mais le logiciel n'est-il pas indispensable pour l'installation ?