Aller au contenu

rossi_kawa

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    98

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Male

Autres informations

  • Mes langues
    français, anglais

rossi_kawa's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. rossi_kawa
    Voici le rapport de TcpView: Je précise que je ne suis pas connecté sur ma Box perso, mais sur celle de mes beaux-parents, pour le cas où cela aurait de l'importance. Je rentre chez moi demain soir. Je précise également que je n'ai plus ou pas, dans ma liste de programme, GoogleUpdate, j'ai seulement Google Earth et Google Chrome. [system Process] 0 TCP martial-pc 51864 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51865 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51866 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51867 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51868 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51869 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51870 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51871 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51872 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51873 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51874 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51875 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51876 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51877 neufbox 49152 TIME_WAIT [system Process] 0 TCP martial-pc 51878 neufbox 49152 TIME_WAIT AppleMobileDeviceService.exe 1920 TCP MARTIAL-PC 27015 MARTIAL-PC 0 LISTENING AppleMobileDeviceService.exe 1920 UDP MARTIAL-PC 57003 * * AppleMobileDeviceService.exe 1920 UDP MARTIAL-PC 57004 * * lsass.exe 640 TCP MARTIAL-PC 49159 MARTIAL-PC 0 LISTENING lsass.exe 640 TCPV6 martial-pc 49159 martial-pc 0 LISTENING services.exe 596 TCP MARTIAL-PC 49160 MARTIAL-PC 0 LISTENING services.exe 596 TCPV6 martial-pc 49160 martial-pc 0 LISTENING spoolsv.exe 1568 TCP MARTIAL-PC 49156 MARTIAL-PC 0 LISTENING spoolsv.exe 1568 TCPV6 martial-pc 49156 martial-pc 0 LISTENING svchost.exe 888 TCP MARTIAL-PC epmap MARTIAL-PC 0 LISTENING svchost.exe 1012 TCP MARTIAL-PC 49153 MARTIAL-PC 0 LISTENING svchost.exe 464 TCP MARTIAL-PC 49154 MARTIAL-PC 0 LISTENING svchost.exe 4360 TCP MARTIAL-PC 49735 MARTIAL-PC 0 LISTENING svchost.exe 464 UDP MARTIAL-PC isakmp * * svchost.exe 2264 UDP MARTIAL-PC ssdp * * 24 4 514 svchost.exe 2264 UDP martial-pc ssdp * * svchost.exe 464 UDP MARTIAL-PC teredo * * svchost.exe 2264 UDP MARTIAL-PC ws-discovery * * svchost.exe 2264 UDP MARTIAL-PC ws-discovery * * svchost.exe 1136 UDP MARTIAL-PC ws-discovery * * svchost.exe 1136 UDP MARTIAL-PC ws-discovery * * svchost.exe 464 UDP MARTIAL-PC ipsec-msft * * svchost.exe 1364 UDP MARTIAL-PC llmnr * * svchost.exe 2264 UDP MARTIAL-PC 49279 * * svchost.exe 464 UDP martial-pc 51305 * * 1 61 1 109 svchost.exe 2264 UDP martial-pc 52285 * * svchost.exe 2264 UDP MARTIAL-PC 52286 * * svchost.exe 1136 UDP MARTIAL-PC 52287 * * svchost.exe 1136 UDP MARTIAL-PC 61386 * * svchost.exe 888 TCPV6 martial-pc epmap martial-pc 0 LISTENING svchost.exe 4620 TCPV6 martial-pc 3587 martial-pc 0 LISTENING svchost.exe 1012 TCPV6 martial-pc 49153 martial-pc 0 LISTENING svchost.exe 464 TCPV6 martial-pc 49154 martial-pc 0 LISTENING svchost.exe 4360 TCPV6 martial-pc 49735 martial-pc 0 LISTENING svchost.exe 464 UDPV6 martial-pc 500 * * svchost.exe 1012 UDPV6 [fe80:0:0:0:5508:8bdd:635d:3043] 546 * * svchost.exe 2264 UDPV6 [0:0:0:0:0:0:0:1] 1900 * * svchost.exe 2264 UDPV6 [fe80:0:0:0:5508:8bdd:635d:3043] 1900 * * svchost.exe 4620 UDPV6 martial-pc 3540 * * 8 6 246 6 246 8 svchost.exe 1136 UDPV6 martial-pc 3702 * * svchost.exe 1136 UDPV6 martial-pc 3702 * * svchost.exe 2264 UDPV6 martial-pc 3702 * * svchost.exe 2264 UDPV6 martial-pc 3702 * * svchost.exe 464 UDPV6 martial-pc 4500 * * svchost.exe 1364 UDPV6 martial-pc 5355 * * svchost.exe 2264 UDPV6 martial-pc 49280 * * svchost.exe 2264 UDPV6 [fe80:0:0:0:5508:8bdd:635d:3043] 52283 * * svchost.exe 2264 UDPV6 [0:0:0:0:0:0:0:1] 52284 * * 12 4 464 svchost.exe 1136 UDPV6 martial-pc 52288 * * svchost.exe 1136 UDPV6 martial-pc 61387 * * System 4 TCP martial-pc netbios-ssn MARTIAL-PC 0 LISTENING System 4 TCP MARTIAL-PC microsoft-ds MARTIAL-PC 0 LISTENING System 4 TCP MARTIAL-PC icslap MARTIAL-PC 0 LISTENING System 4 TCP MARTIAL-PC wsd MARTIAL-PC 0 LISTENING System 4 TCP MARTIAL-PC 10243 MARTIAL-PC 0 LISTENING System 4 UDP martial-pc netbios-ns * * 9 450 6 300 System 4 UDP martial-pc netbios-dgm * * System 4 TCPV6 martial-pc microsoft-ds martial-pc 0 LISTENING System 4 TCPV6 martial-pc icslap martial-pc 0 LISTENING System 4 TCPV6 martial-pc wsd martial-pc 0 LISTENING System 4 TCPV6 martial-pc 10243 martial-pc 0 LISTENING UNS.EXE 3744 TCP MARTIAL-PC 49196 MARTIAL-PC 0 LISTENING wininit.exe 536 TCP MARTIAL-PC 49152 MARTIAL-PC 0 LISTENING wininit.exe 536 TCPV6 martial-pc 49152 martial-pc 0 LISTENING wmpnetwk.exe 4988 TCP MARTIAL-PC rtsp MARTIAL-PC 0 LISTENING wmpnetwk.exe 4988 UDP MARTIAL-PC 5004 * * wmpnetwk.exe 4988 UDP MARTIAL-PC 5005 * * wmpnetwk.exe 4988 TCPV6 martial-pc rtsp martial-pc 0 LISTENING wmpnetwk.exe 4988 UDPV6 martial-pc 5004 * * wmpnetwk.exe 4988 UDPV6 martial-pc 5005 * *
  2. rossi_kawa
    Pour alimenter encore, voici un prinscreen d'il y a quelques minutes, après une demi-heure de surf alors que je n'ai plus qu'une seule page IE (1 seul onglet) ouverte: Lien CJoint.com AKgqjWCmve4 Il y avait 4 processus iexplore.exe, l'un est disparu au bout de quelques minutes (il faisait 100 000 K) mais les autres persistent. Certaines fois, lorsque je clique sur un lien pour ouvrir une page, deux pages identiques s'ouvrent. Je sais qu'on lit des choses dont il faut parfois se méfier sur les forums x ou y, mais j'ai lu quelques sujets sur une ou des infections lop où certains syptômes correspondent (principalement deux processus iexplore.exe pour une seule page). Que faut-il en penser? Merci rossi_kawa
  3. rossi_kawa
    Bonjour lance_yien Désolé du temps, l'analyse par ESET Online Scanner a effectivement été très longue (20 heures et 22 minutes....). Comme demandé, j'ai: - désinstallé tous les outils utilisés - nettoyé avec CCleaner - analysé avec PureRa - défragmenté - analysé en ligne avec ESET Online scanner, qui ne m'a rien trouvé, voir le lien suivant du printscreen de l'écran final, Lien CJoint.com AKgoC0D6kGZ Pour autant, j'ai toujours les mêmes soucis, à savoir: - deux processus iexplore.exe qui s'ouvrent à chaque page IE ouverte (j'ai aussi remarqué qu'en fermant les pages les processus ne s'arrêtent pas forcément, ils s'arrêtent tous en même temps lorsque je quitte la dernière page IE, exemple ici, 3 processus iexplore.exe ouverts alors qu'une seule page IE est ouverte, Lien CJoint.com AKgoZyfxGx0 ) - une mémoire utilisée assez importante (50% de mémoire physique utilisée avec 96 processus qui tournent et une seule page IE ouverte) - la mémoire utilisée par un des processus ixeplore.exe qui monte en flèche sans cesse (100 000 K au bout de 3 minutes sur zebulon.fr, 9 000 K pour le deuxième processus iexplore.exe) - des processus svchost.exe à gogo - Avira qui reste "parapluie fermé" et qui donne l'impression d'être désactivé( Lien CJoint.com AKgoSssQZEq ), avec Guard qui tourne mais WebGuard qui me dit désactivé ( Lien CJoint.com AKgoTnzqiQA ) alors que dans les options de configuration il est indiqué activé ( Lien CJoint.com AKgoUhQGpgL ) bref, une machine qui me paraît boîteuse alors qu'il y a quelques semaines, elle tournait comme une horloge. Sans savoir dire ce que c'est, je pense donc qu'il y a quelque chose d'anormal. Aurais-je pu installer un programme responsable de tout ce bazar? Ma femme a fait une mise à jour de son téléphone Apple (mais sur une session dédiée), cela joue-t-il? J'ai remarqué des processus inhabituels comme GoogleUpdate.exe *32, que je n'avais pas remarqué avant, et j'ai eu une alerte lors d'une analyse MBAM avec GoogleChrome, ceal peut-il jouer? Merci d'avance rossi_kawa
  4. rossi_kawa
    Bonsoir, Voici le rapport demandé et après le passage correctif de OTL et StartUpLite, aucun changement dans les symptômes, toujours deux processus iexplore.exe et 13 ou 14 svchost.exe, plus un peu de ralentissement. rossi_kawa All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{AEEC3B59-CA98-4EBA-A140-57B94E283583} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEEC3B59-CA98-4EBA-A140-57B94E283583}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ajouter cette page à vos favoris Orange\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\traduire la page\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\traduire le texte sélectionné\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ajouter cette page à vos favoris Orange\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\traduire la page\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\traduire le texte sélectionné\ not found. File not found. G:\autorun.inf moved successfully. File not found. C:\Program Files (x86)\Trend Micro\HiJackThis folder moved successfully. C:\Program Files (x86)\Trend Micro folder moved successfully. C:\Windows\BDOSCAN8 folder moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > Configuration IP de Windows Cache de r‚solution DNS vid‚. C:\Users\MARTIAL\Desktop\cmd.bat deleted successfully. C:\Users\MARTIAL\Desktop\cmd.txt deleted successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\HPCeeScheduleForMARTIAL.job moved successfully. File\Folder C:\*.sqm not found. File\Folder C:\WINDOWS\System32\*.tmp not found. File\Folder C:\WINDOWS\*.tmp not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Iphone ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 63240596 bytes ->Java cache emptied: 4238 bytes ->Flash cache emptied: 1609 bytes User: ludi ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 52584596 bytes ->Java cache emptied: 4238 bytes ->Flash cache emptied: 1071 bytes User: MARTIAL ->Temp folder emptied: 1049 bytes ->Temporary Internet Files folder emptied: 77227549 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 914 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 852 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85481 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 759 bytes RecycleBin emptied: 30248494076 bytes Total Files Cleaned = 29 031,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11032011_174319 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  5. rossi_kawa
    Cher lance_yien, Voici les deux liens pour les deux rapports OTL: - rapport OTL: Lien CJoint.com AKdpNr6lBDi - rapport Extras: Lien CJoint.com AKdpOgqjzMY rossi_kawa
  6. rossi_kawa
    Comme demandé, voici le rapport TDSSKiller et celui pour aswMBR. 13:44:38.0132 3580 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01 13:44:38.0386 3580 ============================================================ 13:44:38.0386 3580 Current date / time: 2011/11/03 13:44:38.0386 13:44:38.0386 3580 SystemInfo: 13:44:38.0386 3580 13:44:38.0386 3580 OS Version: 6.1.7601 ServicePack: 1.0 13:44:38.0386 3580 Product type: Workstation 13:44:38.0386 3580 ComputerName: MARTIAL-PC 13:44:38.0387 3580 UserName: MARTIAL 13:44:38.0387 3580 Windows directory: C:\Windows 13:44:38.0387 3580 System windows directory: C:\Windows 13:44:38.0387 3580 Running under WOW64 13:44:38.0387 3580 Processor architecture: Intel x64 13:44:38.0387 3580 Number of processors: 4 13:44:38.0387 3580 Page size: 0x1000 13:44:38.0387 3580 Boot type: Normal boot 13:44:38.0387 3580 ============================================================ 13:44:38.0763 3580 Initialize success 13:44:44.0879 8176 ============================================================ 13:44:44.0879 8176 Scan started 13:44:44.0879 8176 Mode: Manual; 13:44:44.0879 8176 ============================================================ 13:44:46.0059 8176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 13:44:46.0063 8176 1394ohci - ok 13:44:46.0223 8176 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys 13:44:46.0224 8176 Accelerometer - ok 13:44:46.0416 8176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 13:44:46.0420 8176 ACPI - ok 13:44:46.0587 8176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 13:44:46.0588 8176 AcpiPmi - ok 13:44:46.0701 8176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:44:46.0709 8176 adp94xx - ok 13:44:46.0835 8176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:44:46.0840 8176 adpahci - ok 13:44:46.0982 8176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:44:46.0985 8176 adpu320 - ok 13:44:47.0177 8176 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 13:44:47.0183 8176 AFD - ok 13:44:47.0349 8176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 13:44:47.0351 8176 agp440 - ok 13:44:47.0509 8176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 13:44:47.0510 8176 aliide - ok 13:44:47.0660 8176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 13:44:47.0661 8176 amdide - ok 13:44:47.0795 8176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:44:47.0797 8176 AmdK8 - ok 13:44:48.0074 8176 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys 13:44:48.0206 8176 amdkmdag - ok 13:44:48.0377 8176 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys 13:44:48.0379 8176 amdkmdap - ok 13:44:48.0509 8176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:44:48.0511 8176 AmdPPM - ok 13:44:48.0670 8176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 13:44:48.0672 8176 amdsata - ok 13:44:48.0796 8176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:44:48.0799 8176 amdsbs - ok 13:44:48.0947 8176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 13:44:48.0948 8176 amdxata - ok 13:44:49.0064 8176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 13:44:49.0065 8176 AppID - ok 13:44:49.0215 8176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:44:49.0216 8176 arc - ok 13:44:49.0317 8176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:44:49.0319 8176 arcsas - ok 13:44:49.0451 8176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:44:49.0453 8176 AsyncMac - ok 13:44:49.0609 8176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 13:44:49.0610 8176 atapi - ok 13:44:49.0788 8176 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 13:44:49.0823 8176 athr - ok 13:44:49.0986 8176 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys 13:44:49.0986 8176 AtiHdmiService - ok 13:44:50.0140 8176 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 13:44:50.0141 8176 avgntflt - ok 13:44:50.0286 8176 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 13:44:50.0287 8176 avipbb - ok 13:44:50.0427 8176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:44:50.0433 8176 b06bdrv - ok 13:44:50.0526 8176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:44:50.0529 8176 b57nd60a - ok 13:44:50.0708 8176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:44:50.0709 8176 Beep - ok 13:44:50.0889 8176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:44:50.0890 8176 blbdrive - ok 13:44:51.0062 8176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 13:44:51.0064 8176 bowser - ok 13:44:51.0169 8176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:44:51.0170 8176 BrFiltLo - ok 13:44:51.0284 8176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:44:51.0285 8176 BrFiltUp - ok 13:44:51.0420 8176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:44:51.0425 8176 Brserid - ok 13:44:51.0524 8176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:44:51.0526 8176 BrSerWdm - ok 13:44:51.0651 8176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:44:51.0652 8176 BrUsbMdm - ok 13:44:51.0749 8176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:44:51.0750 8176 BrUsbSer - ok 13:44:51.0906 8176 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 13:44:51.0907 8176 BthEnum - ok 13:44:52.0009 8176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:44:52.0011 8176 BTHMODEM - ok 13:44:52.0137 8176 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 13:44:52.0139 8176 BthPan - ok 13:44:52.0310 8176 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 13:44:52.0318 8176 BTHPORT - ok 13:44:52.0471 8176 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 13:44:52.0473 8176 BTHUSB - ok 13:44:52.0618 8176 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys 13:44:52.0619 8176 btwaudio - ok 13:44:52.0770 8176 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys 13:44:52.0771 8176 btwavdt - ok 13:44:52.0916 8176 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 13:44:52.0917 8176 btwl2cap - ok 13:44:53.0054 8176 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys 13:44:53.0054 8176 btwrchid - ok 13:44:53.0212 8176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:44:53.0214 8176 cdfs - ok 13:44:53.0380 8176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 13:44:53.0383 8176 cdrom - ok 13:44:53.0512 8176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:44:53.0514 8176 circlass - ok 13:44:53.0657 8176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:44:53.0661 8176 CLFS - ok 13:44:53.0816 8176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:44:53.0817 8176 CmBatt - ok 13:44:53.0951 8176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 13:44:53.0953 8176 cmdide - ok 13:44:54.0108 8176 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 13:44:54.0115 8176 CNG - ok 13:44:54.0252 8176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:44:54.0252 8176 Compbatt - ok 13:44:54.0395 8176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 13:44:54.0397 8176 CompositeBus - ok 13:44:54.0515 8176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:44:54.0516 8176 crcdisk - ok 13:44:54.0710 8176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 13:44:54.0712 8176 DfsC - ok 13:44:54.0859 8176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:44:54.0860 8176 discache - ok 13:44:54.0967 8176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:44:54.0969 8176 Disk - ok 13:44:55.0148 8176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:44:55.0149 8176 drmkaud - ok 13:44:55.0266 8176 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys 13:44:55.0267 8176 DVMIO - ok 13:44:55.0439 8176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 13:44:55.0448 8176 DXGKrnl - ok 13:44:55.0611 8176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:44:55.0703 8176 ebdrv - ok 13:44:55.0839 8176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:44:55.0847 8176 elxstor - ok 13:44:55.0992 8176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 13:44:55.0994 8176 ErrDev - ok 13:44:56.0132 8176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:44:56.0135 8176 exfat - ok 13:44:56.0241 8176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:44:56.0245 8176 fastfat - ok 13:44:56.0374 8176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:44:56.0375 8176 fdc - ok 13:44:56.0570 8176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:44:56.0572 8176 FileInfo - ok 13:44:56.0666 8176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:44:56.0668 8176 Filetrace - ok 13:44:56.0796 8176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:44:56.0797 8176 flpydisk - ok 13:44:56.0948 8176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 13:44:56.0952 8176 FltMgr - ok 13:44:57.0105 8176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:44:57.0106 8176 FsDepends - ok 13:44:57.0225 8176 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 13:44:57.0226 8176 Fs_Rec - ok 13:44:57.0378 8176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:44:57.0380 8176 fvevol - ok 13:44:57.0486 8176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:44:57.0487 8176 gagp30kx - ok 13:44:57.0616 8176 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:44:57.0616 8176 GEARAspiWDM - ok 13:44:57.0764 8176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:44:57.0765 8176 hcw85cir - ok 13:44:57.0918 8176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 13:44:57.0924 8176 HdAudAddService - ok 13:44:58.0046 8176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 13:44:58.0048 8176 HDAudBus - ok 13:44:58.0151 8176 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 13:44:58.0152 8176 HECIx64 - ok 13:44:58.0260 8176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:44:58.0261 8176 HidBatt - ok 13:44:58.0394 8176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:44:58.0396 8176 HidBth - ok 13:44:58.0507 8176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:44:58.0509 8176 HidIr - ok 13:44:58.0643 8176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 13:44:58.0644 8176 HidUsb - ok 13:44:58.0811 8176 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys 13:44:58.0812 8176 hpdskflt - ok 13:44:58.0973 8176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 13:44:58.0975 8176 HpSAMD - ok 13:44:59.0131 8176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 13:44:59.0140 8176 HTTP - ok 13:44:59.0248 8176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 13:44:59.0249 8176 hwpolicy - ok 13:44:59.0407 8176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 13:44:59.0409 8176 i8042prt - ok 13:44:59.0516 8176 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys 13:44:59.0521 8176 iaStor - ok 13:44:59.0682 8176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 13:44:59.0688 8176 iaStorV - ok 13:44:59.0966 8176 igfx (6cbfc48e5c663ea8493ae3e75a6bf511) C:\Windows\system32\DRIVERS\igdkmd64.sys 13:45:00.0123 8176 igfx - ok 13:45:00.0280 8176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:45:00.0281 8176 iirsp - ok 13:45:00.0419 8176 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys 13:45:00.0422 8176 Impcd - ok 13:45:00.0562 8176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 13:45:00.0564 8176 intelide - ok 13:45:00.0837 8176 intelkmd (6cbfc48e5c663ea8493ae3e75a6bf511) C:\Windows\system32\DRIVERS\igdpmd64.sys 13:45:01.0014 8176 intelkmd - ok 13:45:01.0176 8176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:45:01.0177 8176 intelppm - ok 13:45:01.0306 8176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:45:01.0308 8176 IpFilterDriver - ok 13:45:01.0479 8176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 13:45:01.0481 8176 IPMIDRV - ok 13:45:01.0575 8176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:45:01.0578 8176 IPNAT - ok 13:45:01.0746 8176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:45:01.0747 8176 IRENUM - ok 13:45:01.0882 8176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 13:45:01.0884 8176 isapnp - ok 13:45:02.0028 8176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 13:45:02.0033 8176 iScsiPrt - ok 13:45:02.0197 8176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 13:45:02.0198 8176 kbdclass - ok 13:45:02.0355 8176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 13:45:02.0357 8176 kbdhid - ok 13:45:02.0497 8176 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 13:45:02.0499 8176 KSecDD - ok 13:45:02.0616 8176 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 13:45:02.0618 8176 KSecPkg - ok 13:45:02.0712 8176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:45:02.0713 8176 ksthunk - ok 13:45:02.0876 8176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:45:02.0878 8176 lltdio - ok 13:45:03.0016 8176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:45:03.0019 8176 LSI_FC - ok 13:45:03.0111 8176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:45:03.0114 8176 LSI_SAS - ok 13:45:03.0246 8176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:45:03.0248 8176 LSI_SAS2 - ok 13:45:03.0352 8176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:45:03.0354 8176 LSI_SCSI - ok 13:45:03.0509 8176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:45:03.0511 8176 luafv - ok 13:45:03.0655 8176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:45:03.0657 8176 megasas - ok 13:45:03.0781 8176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:45:03.0786 8176 MegaSR - ok 13:45:03.0909 8176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:45:03.0911 8176 Modem - ok 13:45:03.0963 8176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:45:03.0964 8176 monitor - ok 13:45:04.0080 8176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 13:45:04.0080 8176 mouclass - ok 13:45:04.0166 8176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:45:04.0167 8176 mouhid - ok 13:45:04.0246 8176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 13:45:04.0248 8176 mountmgr - ok 13:45:04.0361 8176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 13:45:04.0364 8176 mpio - ok 13:45:04.0496 8176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:45:04.0498 8176 mpsdrv - ok 13:45:04.0636 8176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 13:45:04.0639 8176 MRxDAV - ok 13:45:04.0792 8176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:45:04.0795 8176 mrxsmb - ok 13:45:04.0960 8176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:45:04.0965 8176 mrxsmb10 - ok 13:45:05.0106 8176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:45:05.0108 8176 mrxsmb20 - ok 13:45:05.0220 8176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 13:45:05.0221 8176 msahci - ok 13:45:05.0351 8176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 13:45:05.0354 8176 msdsm - ok 13:45:05.0458 8176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:45:05.0459 8176 Msfs - ok 13:45:05.0559 8176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:45:05.0560 8176 mshidkmdf - ok 13:45:05.0709 8176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 13:45:05.0710 8176 msisadrv - ok 13:45:05.0855 8176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:45:05.0856 8176 MSKSSRV - ok 13:45:05.0985 8176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:45:05.0986 8176 MSPCLOCK - ok 13:45:06.0072 8176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:45:06.0074 8176 MSPQM - ok 13:45:06.0189 8176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 13:45:06.0194 8176 MsRPC - ok 13:45:06.0326 8176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 13:45:06.0326 8176 mssmbios - ok 13:45:06.0449 8176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:45:06.0451 8176 MSTEE - ok 13:45:06.0548 8176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:45:06.0549 8176 MTConfig - ok 13:45:06.0668 8176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:45:06.0669 8176 Mup - ok 13:45:06.0806 8176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:45:06.0810 8176 NativeWifiP - ok 13:45:06.0935 8176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 13:45:06.0952 8176 NDIS - ok 13:45:07.0069 8176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:45:07.0071 8176 NdisCap - ok 13:45:07.0129 8176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:45:07.0130 8176 NdisTapi - ok 13:45:07.0229 8176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 13:45:07.0230 8176 Ndisuio - ok 13:45:07.0335 8176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 13:45:07.0338 8176 NdisWan - ok 13:45:07.0444 8176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 13:45:07.0445 8176 NDProxy - ok 13:45:07.0525 8176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:45:07.0526 8176 NetBIOS - ok 13:45:07.0666 8176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 13:45:07.0669 8176 NetBT - ok 13:45:07.0871 8176 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 13:45:08.0004 8176 netw5v64 - ok 13:45:08.0102 8176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:45:08.0104 8176 nfrd960 - ok 13:45:08.0199 8176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:45:08.0200 8176 Npfs - ok 13:45:08.0301 8176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:45:08.0302 8176 nsiproxy - ok 13:45:08.0400 8176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 13:45:08.0434 8176 Ntfs - ok 13:45:08.0556 8176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:45:08.0557 8176 Null - ok 13:45:08.0677 8176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 13:45:08.0680 8176 nvraid - ok 13:45:08.0797 8176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 13:45:08.0800 8176 nvstor - ok 13:45:08.0854 8176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 13:45:08.0856 8176 nv_agp - ok 13:45:08.0952 8176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 13:45:08.0955 8176 ohci1394 - ok 13:45:09.0102 8176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:45:09.0104 8176 Parport - ok 13:45:09.0234 8176 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 13:45:09.0235 8176 partmgr - ok 13:45:09.0407 8176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 13:45:09.0409 8176 pci - ok 13:45:09.0538 8176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 13:45:09.0540 8176 pciide - ok 13:45:09.0616 8176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:45:09.0620 8176 pcmcia - ok 13:45:09.0692 8176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:45:09.0693 8176 pcw - ok 13:45:09.0817 8176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:45:09.0826 8176 PEAUTH - ok 13:45:09.0974 8176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 13:45:09.0976 8176 PptpMiniport - ok 13:45:10.0071 8176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:45:10.0073 8176 Processor - ok 13:45:10.0207 8176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 13:45:10.0209 8176 Psched - ok 13:45:10.0337 8176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:45:10.0371 8176 ql2300 - ok 13:45:10.0468 8176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:45:10.0470 8176 ql40xx - ok 13:45:10.0580 8176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:45:10.0582 8176 QWAVEdrv - ok 13:45:10.0685 8176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:45:10.0687 8176 RasAcd - ok 13:45:10.0745 8176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:45:10.0747 8176 RasAgileVpn - ok 13:45:10.0853 8176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:45:10.0855 8176 Rasl2tp - ok 13:45:10.0992 8176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:45:10.0994 8176 RasPppoe - ok 13:45:11.0086 8176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:45:11.0088 8176 RasSstp - ok 13:45:11.0263 8176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 13:45:11.0266 8176 rdbss - ok 13:45:11.0350 8176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:45:11.0351 8176 rdpbus - ok 13:45:11.0465 8176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:45:11.0466 8176 RDPCDD - ok 13:45:11.0556 8176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:45:11.0556 8176 RDPENCDD - ok 13:45:11.0662 8176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:45:11.0663 8176 RDPREFMP - ok 13:45:11.0801 8176 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 13:45:11.0805 8176 RDPWD - ok 13:45:11.0926 8176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 13:45:11.0930 8176 rdyboost - ok 13:45:12.0068 8176 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 13:45:12.0071 8176 RFCOMM - ok 13:45:12.0211 8176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:45:12.0213 8176 rspndr - ok 13:45:12.0365 8176 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys 13:45:12.0369 8176 RSUSBSTOR - ok 13:45:12.0504 8176 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys 13:45:12.0509 8176 RTL8167 - ok 13:45:12.0671 8176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 13:45:12.0674 8176 sbp2port - ok 13:45:12.0812 8176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 13:45:12.0814 8176 scfilter - ok 13:45:12.0957 8176 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 13:45:12.0959 8176 sdbus - ok 13:45:13.0099 8176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:45:13.0100 8176 secdrv - ok 13:45:13.0221 8176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:45:13.0222 8176 Serenum - ok 13:45:13.0329 8176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:45:13.0332 8176 Serial - ok 13:45:13.0425 8176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:45:13.0426 8176 sermouse - ok 13:45:13.0597 8176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 13:45:13.0598 8176 sffdisk - ok 13:45:13.0668 8176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 13:45:13.0670 8176 sffp_mmc - ok 13:45:13.0684 8176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 13:45:13.0686 8176 sffp_sd - ok 13:45:13.0738 8176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:45:13.0739 8176 sfloppy - ok 13:45:13.0896 8176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:45:13.0898 8176 SiSRaid2 - ok 13:45:14.0006 8176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:45:14.0008 8176 SiSRaid4 - ok 13:45:14.0128 8176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:45:14.0130 8176 Smb - ok 13:45:14.0254 8176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:45:14.0255 8176 spldr - ok 13:45:14.0430 8176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 13:45:14.0437 8176 srv - ok 13:45:14.0598 8176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 13:45:14.0604 8176 srv2 - ok 13:45:14.0718 8176 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 13:45:14.0723 8176 SrvHsfHDA - ok 13:45:14.0859 8176 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 13:45:14.0894 8176 SrvHsfV92 - ok 13:45:15.0037 8176 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 13:45:15.0052 8176 SrvHsfWinac - ok 13:45:15.0188 8176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 13:45:15.0191 8176 srvnet - ok 13:45:15.0236 8176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:45:15.0238 8176 stexstor - ok 13:45:15.0324 8176 STHDA (936a4d05f7a790b8aab3b6be61651e0e) C:\Windows\system32\DRIVERS\stwrt64.sys 13:45:15.0332 8176 STHDA - ok 13:45:15.0472 8176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 13:45:15.0473 8176 swenum - ok 13:45:15.0583 8176 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys 13:45:15.0595 8176 SynTP - ok 13:45:15.0785 8176 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 13:45:15.0830 8176 Tcpip - ok 13:45:15.0974 8176 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 13:45:15.0989 8176 TCPIP6 - ok 13:45:16.0133 8176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 13:45:16.0135 8176 tcpipreg - ok 13:45:16.0182 8176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:45:16.0184 8176 TDPIPE - ok 13:45:16.0223 8176 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 13:45:16.0225 8176 TDTCP - ok 13:45:16.0374 8176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 13:45:16.0376 8176 tdx - ok 13:45:16.0470 8176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 13:45:16.0471 8176 TermDD - ok 13:45:16.0638 8176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:45:16.0639 8176 tssecsrv - ok 13:45:16.0797 8176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 13:45:16.0799 8176 TsUsbFlt - ok 13:45:16.0954 8176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 13:45:16.0957 8176 tunnel - ok 13:45:17.0058 8176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:45:17.0060 8176 uagp35 - ok 13:45:17.0177 8176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 13:45:17.0182 8176 udfs - ok 13:45:17.0345 8176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 13:45:17.0347 8176 uliagpkx - ok 13:45:17.0495 8176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 13:45:17.0497 8176 umbus - ok 13:45:17.0587 8176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:45:17.0588 8176 UmPass - ok 13:45:17.0708 8176 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 13:45:17.0709 8176 USBAAPL64 - ok 13:45:17.0842 8176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 13:45:17.0844 8176 usbccgp - ok 13:45:17.0948 8176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 13:45:17.0950 8176 usbcir - ok 13:45:18.0075 8176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 13:45:18.0077 8176 usbehci - ok 13:45:18.0184 8176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 13:45:18.0189 8176 usbhub - ok 13:45:18.0323 8176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 13:45:18.0324 8176 usbohci - ok 13:45:18.0412 8176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:45:18.0414 8176 usbprint - ok 13:45:18.0558 8176 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 13:45:18.0560 8176 usbscan - ok 13:45:18.0677 8176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:45:18.0679 8176 USBSTOR - ok 13:45:18.0851 8176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 13:45:18.0852 8176 usbuhci - ok 13:45:19.0003 8176 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 13:45:19.0006 8176 usbvideo - ok 13:45:19.0168 8176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:45:19.0169 8176 vdrvroot - ok 13:45:19.0274 8176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:45:19.0275 8176 vga - ok 13:45:19.0388 8176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:45:19.0389 8176 VgaSave - ok 13:45:19.0546 8176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:45:19.0550 8176 vhdmp - ok 13:45:19.0662 8176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:45:19.0663 8176 viaide - ok 13:45:19.0757 8176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:45:19.0758 8176 volmgr - ok 13:45:19.0846 8176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:45:19.0849 8176 volmgrx - ok 13:45:19.0952 8176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:45:19.0955 8176 volsnap - ok 13:45:19.0991 8176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:45:19.0993 8176 vsmraid - ok 13:45:20.0058 8176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 13:45:20.0059 8176 vwifibus - ok 13:45:20.0189 8176 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 13:45:20.0190 8176 vwififlt - ok 13:45:20.0295 8176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:45:20.0296 8176 WacomPen - ok 13:45:20.0380 8176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:45:20.0382 8176 WANARP - ok 13:45:20.0409 8176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:45:20.0410 8176 Wanarpv6 - ok 13:45:20.0549 8176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:45:20.0551 8176 Wd - ok 13:45:20.0659 8176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:45:20.0668 8176 Wdf01000 - ok 13:45:20.0807 8176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:45:20.0808 8176 WfpLwf - ok 13:45:20.0900 8176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:45:20.0901 8176 WIMMount - ok 13:45:21.0078 8176 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 13:45:21.0079 8176 WinUSB - ok 13:45:21.0233 8176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:45:21.0234 8176 WmiAcpi - ok 13:45:21.0347 8176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:45:21.0348 8176 ws2ifsl - ok 13:45:21.0542 8176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:45:21.0544 8176 WudfPf - ok 13:45:21.0664 8176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:45:21.0667 8176 WUDFRd - ok 13:45:21.0790 8176 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 13:45:21.0797 8176 yukonw7 - ok 13:45:21.0823 8176 MBR (0x1B8) (9ca81eba081b9a7753854dbfaa6cadb3) \Device\Harddisk0\DR0 13:45:21.0827 8176 \Device\Harddisk0\DR0 - ok 13:45:21.0833 8176 Boot (0x1200) (d161b6c05ec83710d0919055b5572c6c) \Device\Harddisk0\DR0\Partition0 13:45:21.0834 8176 \Device\Harddisk0\DR0\Partition0 - ok 13:45:21.0841 8176 Boot (0x1200) (3cead8562038e3f8e60046a5df4467b1) \Device\Harddisk0\DR0\Partition1 13:45:21.0842 8176 \Device\Harddisk0\DR0\Partition1 - ok 13:45:21.0875 8176 Boot (0x1200) (e95668d60ea8436e40a252d0a6210e0c) \Device\Harddisk0\DR0\Partition2 13:45:21.0877 8176 \Device\Harddisk0\DR0\Partition2 - ok 13:45:21.0895 8176 Boot (0x1200) (b3a62a497e8c4e159ffe134c1bac0f13) \Device\Harddisk0\DR0\Partition3 13:45:21.0895 8176 \Device\Harddisk0\DR0\Partition3 - ok 13:45:21.0897 8176 ============================================================ 13:45:21.0898 8176 Scan finished 13:45:21.0898 8176 ============================================================ 13:45:21.0915 5372 Detected object count: 0 13:45:21.0915 5372 Actual detected object count: 0 13:46:27.0670 6876 Deinitialize success aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-03 13:46:33 ----------------------------- 13:46:33.501 OS Version: Windows x64 6.1.7601 Service Pack 1 13:46:33.501 Number of processors: 4 586 0x2502 13:46:33.502 ComputerName: MARTIAL-PC UserName: MARTIAL 13:46:34.380 Initialize success 13:46:50.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:46:50.157 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3 13:46:50.197 Disk 0 MBR read successfully 13:46:50.201 Disk 0 MBR scan 13:46:50.204 Disk 0 unknown MBR code 13:46:50.209 Service scanning 13:46:51.799 Modules scanning 13:46:51.804 Disk 0 trace - called modules: 13:46:51.853 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 13:46:51.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005224060] 13:46:51.865 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80050b0b10] 13:46:51.870 5 hpdskflt.sys[fffff88001b80289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fa2050] 13:46:51.876 Scan finished successfully 13:47:09.441 Disk 0 MBR has been saved successfully to "C:\Users\MARTIAL\Desktop\MBR.dat" 13:47:09.446 The log file has been saved successfully to "C:\Users\MARTIAL\Desktop\aswMBR.txt"
  7. rossi_kawa
    Bonjour lance_yien, Je suis désolé de cette initiative mal venue, je ne pensais pas que cela aurais des conséquences sur la procédure de désinfection, je ne ferais maintenant que ce que tu m'indiqueras. Voici donc le rapport ZHPFix lancé seul, il n'a pas fait redémarrer la machine après son passage. Pas de changements observés sur la machine, toujours les mêmes symptômes (mais pas de raccourcis défectueux comme hier). Merci rossi_kawa Rapport de ZHPFix 1.12.3366 par Nicolas Coolman, Update du 26/10/2011 Fichier d'export Registre : Run by MARTIAL at 03/11/2011 12:52:20 Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Web site : ZHPFix Fix de rapport ========== Logiciel(s) ========== ABSENT Software Key: WT082141 ABSENT Software Key: My HP Game Console ABSENT Software Key: WT082414 ABSENT Software Key: WT082172 ABSENT Software Key: WT082427 ABSENT Software Key: {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 ========== Clé(s) du Registre ========== ABSENT Key: Service: Bonjour Service ABSENT Key: HKLM\Software\BrowserChoice ========== Valeur(s) du Registre ========== ABSENT {A4382742-318F-4884-B198-4A8D7DA82240} ABSENT {5830EBFA-BDB5-4937-8165-ED101B72F8AC} ABSENT {B68960C1-08EC-40D9-9CBE-3F6A72F2A12C} ABSENT {54181257-793E-4605-A779-80A994C3422E} ABSENT Value Key: NoActiveDesktopChanges ABSENT MWPS Value: EnableUIADesktopToggle ABSENT MWPS Value: FilterAdministratorToken ABSENT MWPE Value: NoActiveDesktop ABSENT MWPE Value: NoActiveDesktopChanges ABSENT RunValue: Adobe Reader Speed Launcher ABSENT RunValue: QuickTime Task ABSENT RunValue: iTunesHelper ========== Elément(s) de donnée du Registre ========== SUPPRIME R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy ========== Dossier(s) ========== ABSENT C:\ProgramData\Spybot - Search & Destroy ABSENT C:\Users\MARTIAL\AppData\Local\{002D4253-7BD9-47E8-9D75-3A9953F99133} ABSENT C:\Users\MARTIAL\AppData\Local\{026351E8-71BE-4B8A-8315-0671954BA67C} ABSENT C:\Users\MARTIAL\AppData\Local\{05827017-B0D0-4E93-9847-F3CAFD96F494} ABSENT C:\Users\MARTIAL\AppData\Local\{05F9CB45-168D-4323-89FA-A2E72B82FA94} ABSENT C:\Users\MARTIAL\AppData\Local\{064FA94F-8895-40B2-8C42-5C7429AAC853} ABSENT C:\Users\MARTIAL\AppData\Local\{06F0231A-C9FE-442F-B2B7-528198151A1C} ABSENT C:\Users\MARTIAL\AppData\Local\{082419B9-9E9E-40D7-AF7B-3C2E6EA2C297} ABSENT C:\Users\MARTIAL\AppData\Local\{0BAA2A9C-D43D-4EAC-9822-63D395C7798E} ABSENT C:\Users\MARTIAL\AppData\Local\{0CEE779C-AA01-4E9E-97A8-FAB5E36C5877} ABSENT C:\Users\MARTIAL\AppData\Local\{0D21CF54-5E8B-4B6D-BC94-42677E1A5C8A} ABSENT C:\Users\MARTIAL\AppData\Local\{0F345E5E-E5DC-4610-92D7-DD017A6B2697} ABSENT C:\Users\MARTIAL\AppData\Local\{10758267-26C9-4DCC-AD08-A4484FEFEA9C} ABSENT C:\Users\MARTIAL\AppData\Local\{10A8C91A-1F3E-44E7-9D96-CE3D8823F56A} ABSENT C:\Users\MARTIAL\AppData\Local\{11B2E00C-0222-423F-8AF3-89136E3E7111} ABSENT C:\Users\MARTIAL\AppData\Local\{19F17B5D-895E-4B95-902B-F77B362628FA} ABSENT C:\Users\MARTIAL\AppData\Local\{1AAA9C13-0367-45A2-B782-9CE58C0EE4E9} ABSENT C:\Users\MARTIAL\AppData\Local\{1C08B7BA-C720-492B-813A-0185C5703656} ABSENT C:\Users\MARTIAL\AppData\Local\{1C128234-4FC7-45C5-AB34-0C79685D6E18} ABSENT C:\Users\MARTIAL\AppData\Local\{2137D8EF-98C0-453A-81E6-360DD894F738} ABSENT C:\Users\MARTIAL\AppData\Local\{213DC62D-8FA1-4968-93ED-611C8A63743F} ABSENT C:\Users\MARTIAL\AppData\Local\{216A5EC9-BD14-4BB9-8C02-0E6122AF161D} ABSENT C:\Users\MARTIAL\AppData\Local\{2195DE05-ABDE-488B-96FC-3F467E4D19DA} ABSENT C:\Users\MARTIAL\AppData\Local\{2395FBB0-ED9B-4C51-B29A-6B3BE8B60CA3} ABSENT C:\Users\MARTIAL\AppData\Local\{241D8258-D91D-4E0C-AD3C-D01865009CA0} ABSENT C:\Users\MARTIAL\AppData\Local\{28D5B329-1C03-4DEF-8DF2-055CB736355B} ABSENT C:\Users\MARTIAL\AppData\Local\{2EBAE141-58DD-4506-979E-00DFFC174435} ABSENT C:\Users\MARTIAL\AppData\Local\{340EC526-40F1-4923-90D1-A155A3A1D531} ABSENT C:\Users\MARTIAL\AppData\Local\{3680EE8F-1B2B-476E-8A8E-F07614C724B9} ABSENT C:\Users\MARTIAL\AppData\Local\{3E9C7BA9-778A-4784-B1E5-9DDA19681FC6} ABSENT C:\Users\MARTIAL\AppData\Local\{419B076D-F5C1-4910-8185-7D8AC4A81A0F} ABSENT C:\Users\MARTIAL\AppData\Local\{45BC4F22-4C29-4701-8174-789C9DCEDE44} ABSENT C:\Users\MARTIAL\AppData\Local\{4805D557-78EE-4F15-917D-BD946D27DAEA} ABSENT C:\Users\MARTIAL\AppData\Local\{4DE0438D-1962-413C-A8E0-A8E10027A160} ABSENT C:\Users\MARTIAL\AppData\Local\{4ECAF002-8093-4A70-89CF-B8613869BBA5} ABSENT C:\Users\MARTIAL\AppData\Local\{50F9E0E2-E2DD-480F-AD77-5F02DD95F365} ABSENT C:\Users\MARTIAL\AppData\Local\{5639B577-7C88-4FBD-9DC1-3919F05B59D7} ABSENT C:\Users\MARTIAL\AppData\Local\{59CEEB82-B4EE-496B-B402-729BEFB7128C} ABSENT C:\Users\MARTIAL\AppData\Local\{5DE511BC-5392-4326-AE59-6B0F364B3E48} ABSENT C:\Users\MARTIAL\AppData\Local\{60DFDDC5-1B12-4DA8-92D2-75EA9E81C9B9} ABSENT C:\Users\MARTIAL\AppData\Local\{61EE7706-E794-4F27-9733-E8C5C9DC1989} ABSENT C:\Users\MARTIAL\AppData\Local\{62F5DF0F-DDF7-4B1F-9C82-E61557893F55} ABSENT C:\Users\MARTIAL\AppData\Local\{6754BEC4-A1B7-4FAD-88FA-E035E52883D1} ABSENT C:\Users\MARTIAL\AppData\Local\{67A2EA7F-683E-4720-8976-787D4EC862FC} ABSENT C:\Users\MARTIAL\AppData\Local\{685DA0D3-109C-46C9-BC0B-AD69CB333531} ABSENT C:\Users\MARTIAL\AppData\Local\{6B66C66D-373B-40BC-93DC-D09850986822} ABSENT C:\Users\MARTIAL\AppData\Local\{6F9AE20F-1BF7-4DEB-B1BD-BAB4E7C6611D} ABSENT C:\Users\MARTIAL\AppData\Local\{75329551-CC35-4A77-9CD8-1E0CDCB2F49A} ABSENT C:\Users\MARTIAL\AppData\Local\{75CE027E-2BE4-4F33-9FF3-21D2E94805F1} ABSENT C:\Users\MARTIAL\AppData\Local\{7611C9BC-08B0-4885-B44F-611E128B02E3} ABSENT C:\Users\MARTIAL\AppData\Local\{7B4B64E8-3850-4E08-9840-37EE54569B42} ABSENT C:\Users\MARTIAL\AppData\Local\{7BCF0206-D97B-4E7F-B7C4-20C0ED132282} ABSENT C:\Users\MARTIAL\AppData\Local\{7BF0796B-8EA6-467B-9644-D4B6116A8730} ABSENT C:\Users\MARTIAL\AppData\Local\{7E5F36B5-44A2-49C0-92E8-BED8BDE35C2E} ABSENT C:\Users\MARTIAL\AppData\Local\{80276008-BAA8-405F-B9A9-EA538A13950C} ABSENT C:\Users\MARTIAL\AppData\Local\{83DCE012-3D7E-48BD-BF92-E18A3E7C912A} ABSENT C:\Users\MARTIAL\AppData\Local\{87BAADC3-37FC-4D26-A7E7-942745B84766} ABSENT C:\Users\MARTIAL\AppData\Local\{8B044EE1-5781-41C7-A4D3-2E52AE39443D} ABSENT C:\Users\MARTIAL\AppData\Local\{8DB2160C-92DA-47B0-B810-C9E73B465937} ABSENT C:\Users\MARTIAL\AppData\Local\{912BB06A-59F8-4CBB-8C6F-70C23F780436} ABSENT C:\Users\MARTIAL\AppData\Local\{92307371-B5F9-4A0F-8B88-F0D41290B469} ABSENT C:\Users\MARTIAL\AppData\Local\{95202F60-89BD-4EF6-B0F9-68961BA9CD3F} ABSENT C:\Users\MARTIAL\AppData\Local\{95B272B0-88AC-4E6B-86F3-EDD36BF42331} ABSENT C:\Users\MARTIAL\AppData\Local\{9A38C4E7-EC07-45C6-A686-8609B3707F86} ABSENT C:\Users\MARTIAL\AppData\Local\{9BBAAE0D-2F02-4DAA-8FED-CBABB5A199B0} ABSENT C:\Users\MARTIAL\AppData\Local\{9E8EB5E2-5701-4C9A-8668-CF15A265A067} ABSENT C:\Users\MARTIAL\AppData\Local\{A04DAF3C-D269-42D6-ABC2-DE6268020D5D} ABSENT C:\Users\MARTIAL\AppData\Local\{A0E942B8-3E7E-4DD2-966D-18C59F4B6D22} ABSENT C:\Users\MARTIAL\AppData\Local\{A3FBF44C-507A-4D93-87A2-D139D9AC1910} ABSENT C:\Users\MARTIAL\AppData\Local\{AA686703-C989-4C66-BF72-EF97DDCBBAD2} ABSENT C:\Users\MARTIAL\AppData\Local\{AB55C380-4141-44F5-B949-35183300348B} ABSENT C:\Users\MARTIAL\AppData\Local\{B65E49AD-73D6-490E-B83E-4CF9D725284C} ABSENT C:\Users\MARTIAL\AppData\Local\{B7E9B01D-4C6D-471F-9EC6-093F904B7B50} ABSENT C:\Users\MARTIAL\AppData\Local\{BCEC2016-7916-432F-9B00-6BB63E4FFC06} ABSENT C:\Users\MARTIAL\AppData\Local\{BCFA8B58-7461-4ABF-87B7-DFF1CE5BCA69} ABSENT C:\Users\MARTIAL\AppData\Local\{C33418AA-BB66-4777-8005-6DDF51C031A6} ABSENT C:\Users\MARTIAL\AppData\Local\{C884E24B-3CF9-4E62-BF54-08CE3A029607} ABSENT C:\Users\MARTIAL\AppData\Local\{CCF6B332-2D5B-431C-A83E-7A7018DFF9ED} ABSENT C:\Users\MARTIAL\AppData\Local\{CE5AAAEA-AC14-43DF-8526-B01FF81B10FD} ABSENT C:\Users\MARTIAL\AppData\Local\{CF9E938B-ED01-45DA-BC45-5616E9EB664B} ABSENT C:\Users\MARTIAL\AppData\Local\{D2A7A305-1C8F-4C0D-94A8-4C970AC3D0A0} ABSENT C:\Users\MARTIAL\AppData\Local\{D2B62232-57BF-450F-8A84-27DDFCDBC9AF} ABSENT C:\Users\MARTIAL\AppData\Local\{D6EABDA3-CB9A-4590-BA37-40D5157B939D} ABSENT C:\Users\MARTIAL\AppData\Local\{D753EB67-A839-45BF-BC31-026047624185} ABSENT C:\Users\MARTIAL\AppData\Local\{DC0839B6-31C3-4DE6-8B2D-E1C8CB37608B} ABSENT C:\Users\MARTIAL\AppData\Local\{DF2F49ED-66F7-4BF3-99A4-E692DCECE310} ABSENT C:\Users\MARTIAL\AppData\Local\{E14C8198-BDDB-4B3C-AC68-557D446978A9} ABSENT C:\Users\MARTIAL\AppData\Local\{EBDE6777-8763-439B-8C8D-B6FD3C730426} ABSENT C:\Users\MARTIAL\AppData\Local\{ECCB651F-8DF8-4641-B91B-A237EC446470} ABSENT C:\Users\MARTIAL\AppData\Local\{ED1B11E0-EF90-4C9E-815C-7DB163A3F9E3} ABSENT C:\Users\MARTIAL\AppData\Local\{F131782E-7CFA-4FE5-8A5A-1F1B99EB3E97} ABSENT C:\Users\MARTIAL\AppData\Local\{F17B543B-7E1C-475D-B2A2-0AF3F7E467B1} ABSENT C:\Users\MARTIAL\AppData\Local\{FBFB638B-4691-4EC5-942C-F8E4E4497A89} ABSENT C:\Program Files (x86)\Spybot - Search & Destroy SUPPRIME Temporaires Windows: : 79 SUPPRIME Flash Cookies: 7 ========== Fichier(s) ========== ABSENT File: c:\users\martial\desktop\spybot - search & destroy.lnk ABSENT File: c:\program files (x86)\spybot - search & destroy\spybotsd.exe ABSENT File: c:\users\martial\appdata\roaming\microsoft\internet explorer\quick launch\jouer à hp games.lnk ABSENT File: c:\users\martial\appdata\roaming\microsoft\internet explorer\quick launch\spybot - search & destroy.lnk SUPPRIME Temporaires Windows: : 197 SUPPRIME Flash Cookies: 5 ========== Récapitulatif ========== 2 : Clé(s) du Registre 12 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 96 : Dossier(s) 6 : Fichier(s) 6 : Logiciel(s) End of clean in 00mn 00s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 02/11/2011 19:46:58 [10658] C:\ZHP\ZHPFix[R2].txt - 03/11/2011 12:52:20 [9541]
  8. rossi_kawa
    Bonsoir lance_yien Désolé pour le temps pris pour te répondre, un peu d'occupation en cette période. Sur la machine elle même, j'ai toujours deux processus qui s'ouvrent à chaque ouverture de IE (iexplore.exe) avec le deuxième qui prend de l'ampleur, comme avant. J'ai moins de processus au total (67) mais toujours 13 svchost.exe. Le raccourci IE de mon bureau ne fonctionne plus depuis l'utilisation de ComboFix, il m'indique une erreur avec le message suivant: C:\Program Files (x86)\Internet Explorer\iexplore.exe Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression. Je ne peux faire que OK dans cette fenêtre et rien ne s'ouvre. En revanche, le lien marche lorsque je fais clic droit "exécuter en tant qu'administrateur". J'ai testé tous mes raccourcis sur le Bureau c'est la même chose, même message d'erreur avec tous, notamment pour les fichiers textes contenant les rapports des outils utilisés. Pareil quand j'essaie d'aller dans le panneau de config et accéder à certaines choses, comme compte utilisateurs, configurer les propriétés avancées de profils utilisateurs (clé de registre concernée rundll32.exe). J'ai donc ce problème de manière généralisée. Dans le doute, j'ai fait un redémarrage avec les derniers paramètres fonctionnels, tous les raccourcis sont de nouveaus utilisables, en revanche, j'ai de nouveau entre 90 et 100 processus qui tournent, toujours le double processus iexplore.exe et 14 processus svchost.exe J'espère que je n'ai pas pris de mauvaise initiative. De ce fait, pour que tu ais quand même accès aux rapports demandés, que je ne pouvais pas ouvrir à cause de cette erreur, j'ai eu l'idée de réutiliser cjoint.com et donc voici les liens: Rapport ZHPFix: Lien CJoint.com AKcvw3EP8MP Rapport ComboFix: Lien CJoint.com AKcvAdsQzeD Rapport SecurityCheck: Lien CJoint.com AKcvBa18JT7 Dernière petite précision: Antivir me dit que la protection est active, mais pas Webguard, et l'icône parapluie reste fermée. Merci rossi_kawa
  9. rossi_kawa
    Bonjour lance_yien, Merci de t'occuper de mon souci. Voici le lien pour le rapport ZHPDiag, comme demandé: Lien CJoint.com AJFv4LlliZS J'attends tes prochaines instructions. rossi_kawa
  10. rossi_kawa
    Bonjour à toutes et à tous, Ayant déjà été assisté avec succès auprès des membres de ce forum pour une autre machine, je reviens vers vous avec un souci que je pense infectieux. La machine est de décembre 2010, tourne sous Windows 7 édition familiale avec un processeur i5 2.27Ghz et 4GO de mémoire vive, pare feu Windows activé et Antivir mis à jour régulièrement (automatique) de même que le système. Tout fonctionnait à merveille jusqu'à il y a quelque temps, où j'ai commencé à détecter certaines "lenteurs" (je suis ancien vendeur micro et il m'arrivait de donner un coup de main au technicien, mis je maîtrise mieux le matériel que le logiciel) de IE, notamment dans Facebook ou autres sites un peu "gourmands" en ressources. J'ai aussi parfois des popups qui passent. Après m'être penché plus en détail sur la question, je vois que j'ai pas mal de svchost.exe qui tournent (14 ou 15), que le nombre de processus est assez élevé (mais peut-être est-ce normal???) et que (ça je ne pense pas que ce soit normal) à chaque fois que j'ouvre IE, deux processus IE se mettent en route, l'un correspondant à mon activité et l'autre étant un "ghost" d'environ 30 000K au départ, mais qui prend très rapidement de l'ampleur jusqu'à faire ralentir le système. Avec cela, je vois que même si une seule page est ouverte, la mémoire physique utilisée est toujours au-dessus de 40-45%. Le scanner en ligne Bitdefender sur le site n'a pas fonctionné (problème ActiveX non résolu). J'ai passé Antivir, Spybot et MBAM en mode normal et en mode sans échec, rien en mode normal, en mode sans échec seul MBAM m'a trouvé un Trojan: "Fichier(s) infecté(s): c:\Windows\sttray64.exe (Trojan.Agent) -> Quarantined and deleted successfully." et a apparemment corrigé le problème, mais le souci persiste toujours. Je vous ai joint un log HijackThis effectué en mode normal. Merci d'avance de votre aide bienveillante. rossi_kawa Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:29:10, on 30/10/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files (x86)\Orange\ToolbarFR\ToolbarContainer101000315.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [MailNotifier] C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\MARTIAL\AppData\Local\Temp\cce237.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Free YouTube Download - C:\Users\MARTIAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MARTIAL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: traduire la page - C:\Users\MARTIAL\AppData\Local\Temp\cce235.html O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\MARTIAL\AppData\Local\Temp\cce236.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Orange\ToolbarFR\ToolbarContainer101000315.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Orange\ToolbarFR\ToolbarContainer101000315.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Orange\ToolbarFR\ToolbarContainer101000315.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Orange\ToolbarFR\ToolbarContainer101000315.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_6_0_1.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Orange update Core Service - Unknown owner - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 28134 bytes
  11. rossi_kawa
    Bonjour Pear, J'ai fait toutes les manips indiquées sans problèmes particuliers à relever, mais j'ai toujours une erreur 404 pour le lien MBAM que tu m'avais indiqué dans ton message du 21 juillet matin (à enregister sous le nom bitruc.com). Voici le rapport KVRT, vierge d'après moi. Que peut-on faire de plus??? A bientôt Autoscan: completed 8 hours ago (events: 2, objects: 344823, time: 03:26:29) 23/07/2010 21:48:23 Task started 24/07/2010 01:14:53 Task completed
  12. rossi_kawa
    Bonsoir Pear, Comme demandé, voici les deux rapports OTM et Gmer. A bientôt All processes killed ========== FILES ========== File/Folder C:\Program Files\eChanblard\config\updater.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 147858 bytes ->Flash cache emptied: 606 bytes User: MARTIAL ->Temp folder emptied: 36954115 bytes ->Temporary Internet Files folder emptied: 2060105 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 405 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 722059 bytes ->Flash cache emptied: 1226 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 39097 bytes %systemroot%\System32 .tmp files removed: 22870016 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6998596 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 51754340 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 116,00 mb OTM by OldTimer - Version 3.1.15.0 log created on 07222010_203023 Files moved on Reboot... File C:\Documents and Settings\MARTIAL\Local Settings\Temp\fla71.tmp not found! C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\Z2K49Y1W\ads[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\Z2K49Y1W\afr[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\Z2K49Y1W\forte-suspicion-dinfection-t178111[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\Z2K49Y1W\povh[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\Z2K49Y1W\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\I4TQZIEJ\afr[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\I4TQZIEJ\img[2].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\GO4IU0LA\AP_ADV_728x90[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\GO4IU0LA\ban_home_728x90[1].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\Content.IE5\2Y5LN00R\img[3].htm moved successfully. C:\Documents and Settings\MARTIAL\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully. Registry entries deleted on Reboot... ________________________ GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-07-22 22:54:00 Windows 5.1.2600 Service Pack 2 Running: hu081sf6.exe; Driver: C:\DOCUME~1\MARTIAL\LOCALS~1\Temp\pwtdypow.sys ---- Kernel code sections - GMER 1.0.15 ---- PAGENDSM NDIS.sys!NdisMIndicateStatus F784AA5F 6 Bytes JMP A10DBED0 \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\DVDRAMSV.exe[196] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\DVDRAMSV.exe[196] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[236] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[316] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[316] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[316] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00030004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0003011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0003057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0003034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00030464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00030608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00030720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00030F54 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00030FE0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00030D24 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00030DB0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00030E3C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[360] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00030EC8 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[380] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001408C4 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00140838 .text C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe[436] WS2_32.dll!connect 719F406A 5 Bytes JMP 00140950 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\taskmgr.exe[452] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\taskmgr.exe[452] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\taskmgr.exe[452] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\taskmgr.exe[452] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\taskmgr.exe[452] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\taskmgr.exe[452] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[464] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[464] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[464] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[464] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[464] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00140F54 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00140FE0 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00140D24 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00140DB0 .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00140E3C .text C:\Program Files\OrangeHSS\Deskboard\deskboard.exe[504] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00140EC8 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[516] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[516] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[516] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[516] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[516] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[516] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\OrangeHSS\systray\systrayapp.exe[564] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\RegSrvc.exe[596] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\RegSrvc.exe[596] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\RegSrvc.exe[596] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[624] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[624] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[624] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[652] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[652] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[652] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[652] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[696] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[696] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[696] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[708] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[708] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[708] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[708] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[708] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[708] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[816] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[816] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Ati2evxx.exe[892] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Ati2evxx.exe[892] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Ati2evxx.exe[892] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[996] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[996] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[996] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[996] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[1196] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\WINDOWS\system32\ZCfgSvc.exe[1204] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\S24EvMon.exe[1236] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\S24EvMon.exe[1236] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\S24EvMon.exe[1236] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54 .text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24 .text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C .text C:\WINDOWS\Explorer.EXE[1440] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8 .text C:\WINDOWS\Explorer.EXE[1440] ws2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\Explorer.EXE[1440] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\Explorer.EXE[1440] ws2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Documents and Settings\MARTIAL\Bureau\hu081sf6.exe[1608] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001408C4 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00140838 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WS2_32.dll!connect 719F406A 5 Bytes JMP 00140950 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00140F54 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00140FE0 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00140D24 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00140DB0 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00140E3C .text C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe[1652] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00140EC8 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[1720] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[1720] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[1720] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[1720] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[1720] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[1720] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1756] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1872] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] ole32.dll!OleLoadFromStream 774EA257 5 Bytes JMP 30F8D300 C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation) .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00140F54 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00140FE0 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00140D24 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00140DB0 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00140E3C .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00140EC8 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] ws2_32.dll!socket 719F3B91 5 Bytes JMP 001408C4 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] ws2_32.dll!bind 719F3E00 5 Bytes JMP 00140838 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[1912] ws2_32.dll!connect 719F406A 5 Bytes JMP 00140950 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1972] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1984] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Bonjour\mDNSResponder.exe[1996] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe[2020] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00130F54 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00130FE0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00130D24 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00130DB0 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00130E3C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00130EC8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2044] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2088] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\alg.exe[2156] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\alg.exe[2156] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\alg.exe[2156] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\alg.exe[2156] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\alg.exe[2156] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\alg.exe[2156] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2220] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\1XConfig.exe[2480] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\1XConfig.exe[2480] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\1XConfig.exe[2480] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\1XConfig.exe[2480] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\WINDOWS\system32\1XConfig.exe[2480] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\WINDOWS\system32\1XConfig.exe[2480] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2668] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe[2692] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[2704] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe[2784] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[2860] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[2860] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[2860] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[2860] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[2860] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[2860] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wscntfy.exe[3512] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wscntfy.exe[3512] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wscntfy.exe[3512] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00070720 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\notepad.exe[3628] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\notepad.exe[3628] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\notepad.exe[3628] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3756] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\TOSHIBA\Power Management\CePMTray.exe[3812] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[3828] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[3836] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\Program Files\Winamp\winampa.exe[3852] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\Program Files\Winamp\winampa.exe[3852] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\Program Files\Winamp\winampa.exe[3852] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3880] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00140F54 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00140FE0 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00140D24 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00140DB0 .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00140E3C .text C:\Program Files\Java\jre6\bin\jusched.exe[3896] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00140EC8 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\QuickTime\QTTask.exe[3940] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\QuickTime\QTTask.exe[3940] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\QuickTime\QTTask.exe[3940] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[3964] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[3964] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00080720 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001408C4 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00140838 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WS2_32.dll!connect 719F406A 5 Bytes JMP 00140950 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WININET.dll!InternetConnectA 404BB0D2 5 Bytes JMP 00140F54 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WININET.dll!InternetConnectW 404BC2C0 5 Bytes JMP 00140FE0 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WININET.dll!InternetOpenA 404C3081 5 Bytes JMP 00140D24 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WININET.dll!InternetOpenW 404C36B1 5 Bytes JMP 00140DB0 .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WININET.dll!InternetOpenUrlA 404C6F5A 5 Bytes JMP 00140E3C .text C:\Program Files\OrangeHSS\Launcher\Launcher.exe[3984] WININET.dll!InternetOpenUrlW 40508439 5 Bytes JMP 00140EC8 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00140004 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0014011C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001404F0 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0014057C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001403D8 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0014034C .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00140464 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00140608 .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 001407AC .text C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[4012] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 00140720 ---- EOF - GMER 1.0.15 ----
  13. rossi_kawa
    Bonjou Pear, Outils exécutés, mais une petite chose: - erreur 404 pour la page lien MBAM, je suis allé en chercher un autre, sur clubic, en espérant que c'est bon. Voici les rapports 19:53:35:156 0704 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 19:53:35:156 0704 ================================================================================ 19:53:35:156 0704 SystemInfo: 19:53:35:156 0704 OS Version: 5.1.2600 ServicePack: 2.0 19:53:35:156 0704 Product type: Workstation 19:53:35:156 0704 ComputerName: MARTIAL 19:53:35:156 0704 UserName: MARTIAL 19:53:35:156 0704 Windows directory: C:\WINDOWS 19:53:35:156 0704 System windows directory: C:\WINDOWS 19:53:35:156 0704 Processor architecture: Intel x86 19:53:35:156 0704 Number of processors: 1 19:53:35:156 0704 Page size: 0x1000 19:53:35:156 0704 Boot type: Normal boot 19:53:35:156 0704 ================================================================================ 19:53:35:609 0704 Initialize success 19:53:35:609 0704 19:53:35:609 0704 Scanning Services ... 19:53:36:187 0704 Raw services enum returned 409 services 19:53:36:203 0704 19:53:36:203 0704 Scanning Drivers ... 19:53:37:281 0704 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys 19:53:37:312 0704 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 19:53:37:375 0704 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 19:53:37:421 0704 AegisP (f64a0e456d08e6cda801fe13a5996e86) C:\WINDOWS\system32\DRIVERS\AegisP.sys 19:53:37:453 0704 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 19:53:37:515 0704 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys 19:53:37:625 0704 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 19:53:37:687 0704 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 19:53:37:750 0704 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 19:53:38:046 0704 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 19:53:38:250 0704 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 19:53:38:296 0704 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 19:53:38:359 0704 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys 19:53:38:375 0704 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 19:53:38:406 0704 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 19:53:38:515 0704 ati2mtag (5e3603e9fba29e01f5ffc108276b3005) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 19:53:38:546 0704 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 19:53:38:578 0704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 19:53:38:656 0704 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 19:53:38:687 0704 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 19:53:38:718 0704 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys 19:53:38:781 0704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 19:53:38:968 0704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 19:53:39:000 0704 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 19:53:39:031 0704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 19:53:39:078 0704 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 19:53:39:093 0704 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 19:53:39:140 0704 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 19:53:39:171 0704 CnxEtP (3bd0cc3b08ef8dc922ddc79ddd3c60e3) C:\WINDOWS\system32\DRIVERS\CnxEtP.sys 19:53:39:234 0704 CnxEtU (71bbbff3eecb454098dc5a4697d86fb1) C:\WINDOWS\system32\DRIVERS\CnxEtU.sys 19:53:39:281 0704 CnxTgN (4717c94d1bd769a92687172c7672abec) C:\WINDOWS\system32\DRIVERS\CnxTgN.sys 19:53:39:296 0704 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys 19:53:39:375 0704 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys 19:53:39:421 0704 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 19:53:39:453 0704 DKbFltr (e73b3a5337ea55c2bae2a1a0caf7a728) C:\WINDOWS\system32\Drivers\DKbFltr.sys 19:53:39:515 0704 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys 19:53:39:609 0704 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys 19:53:39:656 0704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 19:53:39:671 0704 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 19:53:39:781 0704 driverhardwarev2 (c41475b94aa665fcf3ddaf9a0852e194) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 19:53:39:796 0704 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 19:53:39:859 0704 drvmcdb (ae4f1425f8da291136c788fb17d34f4d) C:\WINDOWS\system32\drivers\drvmcdb.sys 19:53:39:875 0704 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys 19:53:39:906 0704 EMSCR (6428a1ce5abe3e71a97dfdda0a19546f) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 19:53:39:921 0704 EPOWER (0b07768ae046f9ed6a75e5bc75660828) C:\WINDOWS\system32\Drivers\hkdrv.sys 19:53:39:937 0704 ESDCR (772127b385dec14b13325d9efcc0ac14) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 19:53:39:968 0704 ESMCR (472ea4e9734147f8ada93c4ab944b958) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys 19:53:40:031 0704 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 19:53:40:062 0704 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 19:53:40:109 0704 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys 19:53:40:140 0704 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 19:53:40:171 0704 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 19:53:40:203 0704 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 19:53:40:312 0704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 19:53:40:328 0704 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 19:53:40:390 0704 fwdrv (1ff2eef447a177df2c544b80f8f7f879) C:\WINDOWS\system32\drivers\fwdrv.sys 19:53:40:578 0704 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 19:53:40:718 0704 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 19:53:40:750 0704 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 19:53:40:765 0704 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys 19:53:40:781 0704 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 19:53:40:859 0704 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 19:53:40:906 0704 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 19:53:40:921 0704 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 19:53:40:968 0704 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 19:53:41:015 0704 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 19:53:41:031 0704 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 19:53:41:078 0704 IntelIde (1367812f8a974e0c13a4888fa5e7ede6) C:\WINDOWS\system32\DRIVERS\intelide.sys 19:53:41:156 0704 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys 19:53:41:171 0704 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 19:53:41:187 0704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 19:53:41:218 0704 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 19:53:41:250 0704 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 19:53:41:265 0704 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 19:53:41:281 0704 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys 19:53:41:296 0704 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 19:53:41:328 0704 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys 19:53:41:343 0704 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 19:53:41:390 0704 khips (304ce9fb3d64caa07b940bef4f8c2dcd) C:\WINDOWS\system32\drivers\khips.sys 19:53:41:406 0704 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 19:53:41:437 0704 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 19:53:41:484 0704 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 19:53:41:500 0704 meiudf (6a75fd0b5f008d711dc44d9693e8d632) C:\WINDOWS\system32\Drivers\meiudf.sys 19:53:41:562 0704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 19:53:41:593 0704 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys 19:53:41:640 0704 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\drivers\mouclass.kav 19:53:41:671 0704 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 19:53:41:687 0704 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 19:53:41:734 0704 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 19:53:41:796 0704 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 19:53:41:906 0704 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 19:53:41:937 0704 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys 19:53:41:968 0704 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 19:53:41:984 0704 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 19:53:42:031 0704 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 19:53:42:062 0704 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 19:53:42:093 0704 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 19:53:42:109 0704 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 19:53:42:140 0704 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 19:53:42:171 0704 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 19:53:42:187 0704 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 19:53:42:218 0704 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 19:53:42:265 0704 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 19:53:42:281 0704 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 19:53:42:296 0704 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 19:53:42:312 0704 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 19:53:42:328 0704 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 19:53:42:375 0704 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 19:53:42:406 0704 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 19:53:42:421 0704 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 19:53:42:468 0704 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 19:53:42:562 0704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 19:53:42:593 0704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 19:53:42:625 0704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 19:53:42:656 0704 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 19:53:42:718 0704 ovt530 (71cffb1e06aa8978a7b4a346c191f8ba) C:\WINDOWS\system32\Drivers\ov530vid.sys 19:53:42:765 0704 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys 19:53:42:781 0704 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 19:53:42:859 0704 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 19:53:42:890 0704 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 19:53:42:937 0704 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS 19:53:43:000 0704 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS 19:53:43:015 0704 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys 19:53:43:046 0704 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 19:53:43:140 0704 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 19:53:43:203 0704 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 19:53:43:296 0704 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 19:53:43:359 0704 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 19:53:43:390 0704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 19:53:43:421 0704 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys 19:53:43:515 0704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 19:53:43:562 0704 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 19:53:43:578 0704 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:53:43:593 0704 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:53:43:609 0704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 19:53:43:640 0704 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 19:53:43:671 0704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:53:43:703 0704 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 19:53:43:734 0704 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys 19:53:43:906 0704 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys 19:53:43:937 0704 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 19:53:43:984 0704 s24trans (49b4b6a0f04ef8578e9a3f2915a84ac9) C:\WINDOWS\system32\DRIVERS\s24trans.sys 19:53:44:046 0704 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys 19:53:44:109 0704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 19:53:44:156 0704 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\drivers\Serial.sys 19:53:44:187 0704 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 19:53:44:281 0704 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 19:53:44:328 0704 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys 19:53:44:421 0704 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 19:53:44:468 0704 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys 19:53:44:578 0704 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 19:53:44:593 0704 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys 19:53:44:640 0704 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 19:53:44:703 0704 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys 19:53:44:734 0704 SrvcEPECioctl (b8b410a6cc3e65799135b8e92288d37d) C:\WINDOWS\system32\Drivers\ECioctl.sys 19:53:44:734 0704 SrvcEPIOMngr (c996c839a3261cab5409c61e5702b620) C:\WINDOWS\system32\Drivers\EPIoMngr.sys 19:53:44:750 0704 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys 19:53:44:765 0704 SrvcTPIOMngr (cbc0be9758bace83fc9ac25f4cca20e7) C:\WINDOWS\system32\Drivers\TPIoMngr.sys 19:53:44:796 0704 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 19:53:44:828 0704 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 19:53:44:843 0704 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 19:53:44:890 0704 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 19:53:44:921 0704 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 19:53:44:953 0704 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 19:53:45:031 0704 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 19:53:45:078 0704 Tcpip (1cc09561e21a48a7f649a40f18235860) C:\WINDOWS\system32\DRIVERS\tcpip.sys 19:53:45:125 0704 Tcpip6 (be4007ab8c9b62e3688fc2f469b98190) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 19:53:45:187 0704 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 19:53:45:234 0704 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 19:53:45:250 0704 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 19:53:45:296 0704 tfsnboio (12534d6993893ece8ccb6e141eca167b) C:\WINDOWS\system32\dla\tfsnboio.sys 19:53:45:343 0704 tfsncofs (2b9b9da9b1d6d29aadd6e25a22c4d07f) C:\WINDOWS\system32\dla\tfsncofs.sys 19:53:45:359 0704 tfsndrct (284b4f17ad218b1709831252734e0092) C:\WINDOWS\system32\dla\tfsndrct.sys 19:53:45:390 0704 tfsndres (9ece1730d57bb1b027d37daab3762d9d) C:\WINDOWS\system32\dla\tfsndres.sys 19:53:45:406 0704 tfsnifs (8965155985656f130909d9be37d6e8c2) C:\WINDOWS\system32\dla\tfsnifs.sys 19:53:45:421 0704 tfsnopio (7187844d442b3b983bab0f98087aa276) C:\WINDOWS\system32\dla\tfsnopio.sys 19:53:45:437 0704 tfsnpool (7a82f090a98d692573334f956a9826cc) C:\WINDOWS\system32\dla\tfsnpool.sys 19:53:45:437 0704 tfsnudf (9ba9cbc21414475e488af0dab74ed9bd) C:\WINDOWS\system32\dla\tfsnudf.sys 19:53:45:468 0704 tfsnudfa (21246b5aa05afe2861a0e30c018c79f6) C:\WINDOWS\system32\dla\tfsnudfa.sys 19:53:45:515 0704 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys 19:53:45:562 0704 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS 19:53:45:609 0704 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 19:53:45:687 0704 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 19:53:45:765 0704 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 19:53:45:796 0704 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 19:53:45:843 0704 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:53:45:859 0704 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 19:53:45:875 0704 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 19:53:45:921 0704 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 19:53:45:968 0704 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 19:53:46:000 0704 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:53:46:015 0704 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 19:53:46:031 0704 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 19:53:46:062 0704 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys 19:53:46:265 0704 w22n51 (5bc494442773035da902ab30cdca11e7) C:\WINDOWS\system32\DRIVERS\w22n51.sys 19:53:46:375 0704 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 19:53:46:406 0704 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 19:53:46:484 0704 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 19:53:46:562 0704 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 19:53:46:609 0704 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 19:53:46:656 0704 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 19:53:46:671 0704 19:53:46:671 0704 Completed 19:53:46:671 0704 19:53:46:671 0704 Results: 19:53:46:671 0704 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 19:53:46:671 0704 File objects infected / cured / cured on reboot: 0 / 0 / 0 19:53:46:671 0704 19:53:46:671 0704 KLMD(ARK) unloaded successfully _________________________ This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as MARTIAL on 21/07/2010 at 19:57:23. Processes terminated by Rkill or while it was running: C:\Documents and Settings\MARTIAL\Bureau\rkill.com Rkill completed on 21/07/2010 at 19:57:32. ___________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4336 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 22/07/2010 02:58:48 mbam-log-2010-07-22 (02-58-48).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) Elément(s) analysé(s): 261122 Temps écoulé: 6 heure(s), 38 minute(s), 27 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  14. rossi_kawa
    Bonsoir Pear, Comme demandé, voici (encopier-coller, car pas de fichier.log créé), le rapport de Kaspersky Virus Removal Tool 2010: A bientôt. Autoscan: completed 4 minutes ago (events: 9, objects: 340053, time: 01:23:23) 20/07/2010 19:46:21 Task started 20/07/2010 21:21:29 Detected: HEUR:Trojan.Win32.StartPage C:\Program Files\eChanblard\config\updater.exe 20/07/2010 21:51:19 Detected: HEUR:Trojan.Win32.StartPage C:\System Volume Information\_restore{3B0B07F2-42FE-4807-B606-4B97DC04CDF5}\RP442\A0614269.exe 20/07/2010 22:34:56 Detected: Rootkit.Win32.TDSS.d Unknown application 20/07/2010 22:34:56 Cannot be backed up: Rootkit.Win32.TDSS.d Unknown application 20/07/2010 22:38:30 Detected: Rootkit.Win32.TDSS.d System Memory 20/07/2010 22:47:09 Task stopped 20/07/2010 22:58:10 Task started 21/07/2010 00:21:33 Task completed Disinfect active threats: completed 1 hour ago (events: 7, objects: 4434, time: 00:02:43) 20/07/2010 22:47:08 Task started 20/07/2010 22:47:09 Detected: Rootkit.Win32.TDSS.d System Memory 20/07/2010 22:47:19 Disinfected: Rootkit.Win32.TDSS.d System Memory 20/07/2010 22:47:19 Disinfected: Rootkit.Win32.TDSS.d System Memory 20/07/2010 22:48:15 Detected: Rootkit.Win32.TDSS.d Unknown application 20/07/2010 22:48:15 Cannot be backed up: Rootkit.Win32.TDSS.d Unknown application 20/07/2010 22:49:51 Task completed
  15. rossi_kawa
    Salut Pear, Consignes suivies, mais à toutes fins utiles, j'ai remarqué 1) que je n'avais toujours pas accès au scan en ligne Kaspersky, control active X refus de s'installer, ça bloque, 2) je ne peux pas vérifier l'état de mes mises à jour Windows, quand je clique sur le lien Windows Update, il me met qu'il ne peut pas accéder au site (non connecté, site non dispo....). J'avais oublié de préciser, en lisant les différents topics, j'ai retrouvé le nom de la cochonnerie de simulacre d'anti spyware/malware, c'est Antimalware doctor...apparemment connu pour ses conséquences néfastes. A signaler que j'ai aussi une erreur débogage qui s'affiche de tant à autre, il m'affiche une fenêtre déboge à.... quelque chose qui m'indique une erreur de script, fenêtre qui ne disparaît finalement qu'après avoir cliqué 50 fois sur annuler.... @+
×
×
  • Créer...