diaph16

************************* Rustock.b-fix -- By ejvindh ************************* 05/04/2007 20:32:49,04 No Rustock.b-rootkits found ******************************* End of Logfile ********************************

Il m'a mit une fenêtre et je pouvait cliquer sur OK c'est tout Voilà le log antivir AntiVir PersonalEdition Classic Report file date: jeudi 5 avril 2007 14:08 Scanning for 725682 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: MERAHI Youcef Computer name: HCA-4UOSTV9DEMJ Version information: BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00 AVSCAN.EXE : 7.0.3.5 208936 Bytes 05/04/2007 12:58:40 AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 16:00:22 LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 16:07:46 LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 16:00:22 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 15:30:06 ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 12:58:43 ANTIVIR2.VDF : 6.38.0.154 498176 Bytes 01/04/2007 12:58:43 ANTIVIR3.VDF : 6.38.0.182 108544 Bytes 05/04/2007 12:58:43 AVEWIN32.DLL : 7.3.1.48 2388480 Bytes 05/04/2007 12:58:45 AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 10:53:44 AVREP.DLL : 6.38.0.90 1204264 Bytes 05/04/2007 12:58:43 AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 08:43:31 AVPACK32.DLL : 7.3.0.8 360488 Bytes 05/04/2007 12:58:45 AVREG.DLL : 7.0.1.2 30760 Bytes 05/04/2007 12:58:40 NETNT.DLL : No Information! RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 12:26:26 RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 16:00:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 5 avril 2007 14:08 The scan of running processes will be started Scan process 'avscan.exe' - '1' Modules have been scanned Scan process 'avcenter.exe' - '1' Modules have been scanned Scan process 'explorer.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'lsass.exe' - '1' Modules have been scanned Scan process 'services.exe' - '1' Modules have been scanned Scan process 'winlogon.exe' - '1' Modules have been scanned Scan process 'csrss.exe' - '1' Modules have been scanned Scan process 'smss.exe' - '1' Modules have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 16 files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\huy32.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [iNFO] The file was moved to '468e0dfc.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd8013.sys [WARNING] The file could not be opened! Begin scan in 'E:\' <CAMILLOU> E:\autorun.inf [DETECTION] Contains signature of the VBS script virus VBS/IETitle.A [iNFO] The file was deleted! E:\MS32DLL.dll.vbs [DETECTION] Contains signature of the VBS script virus VBS/IETitle.C [iNFO] The file was deleted! End of the scan: jeudi 5 avril 2007 16:04 Used time: 1:55:49 min The scan has been done completely. 7415 Scanning directories 264806 Files were scanned 3 viruses and/or unwanted programs were found 2 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 264803 Files not concerned 2826 Archives were scanned 3 Warnings 1 Notes

J'ai eu un message d'erreur me disant gmer doit fermer et je crois que gmer a trouvé un rootkit, voilà le rapport GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-05 20:11:57 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ? C:\WINDOWS\System32\Drivers\SPTD8013.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. PAGENDSM NDIS.sys!NdisMIndicateStatus F73DDA5F 6 Bytes JMP F2890C5E \SystemRoot\system32\drivers\fwdrv.sys ---- User code sections - GMER 1.0.12 ---- .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[320] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[372] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\HPConfig.exe[528] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\HPConfig.exe[528] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\HPConfig.exe[528] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\HPQ\One-Touch\ONETOUCH.EXE[536] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00030720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00030838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WS2_32.dll!connect 719F406A 5 Bytes JMP 00030950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[544] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[556] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] user32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Spyware Terminator\sp_rsser.exe[800] user32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[812] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00160720 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[856] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\UStorSrv.exe[968] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\UStorSrv.exe[968] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\UStorSrv.exe[968] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\UStorSrv.exe[968] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\WINDOWS\system32\UStorSrv.exe[968] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\WINDOWS\system32\UStorSrv.exe[968] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[1024] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[1024] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[1024] WS2_32.dll!connect 719F406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[1072] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[1084] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\BCMWLTRY.EXE[1132] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\WLTRYSVC.EXE[1180] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\MsPMSPSv.exe[1244] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1480] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\QuickTime\qttask.exe[1680] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\QuickTime\qttask.exe[1680] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\QuickTime\qttask.exe[1680] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Program Files\iTunes\iTunesHelper.exe[1916] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\Program Files\iTunes\iTunesHelper.exe[1916] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\iTunes\iTunesHelper.exe[1916] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\explorer.exe[1956] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\explorer.exe[1956] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\explorer.exe[1956] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\explorer.exe[1956] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\explorer.exe[1956] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\explorer.exe[1956] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\explorer.exe[1956] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[2012] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[2012] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[2012] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] user32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] user32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe[2080] wininet.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[2164] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[2164] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[2164] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\iPod\bin\iPodService.exe[2240] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\iPod\bin\iPodService.exe[2240] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\iPod\bin\iPodService.exe[2240] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\DSLMON.exe[2332] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2448] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Documents and Settings\MERAHI Youcef\Bureau\gmer.exe[2524] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3024] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[3088] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] WS2_32.dll!socket 719F3B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[3156] WS2_32.dll!connect 719F406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\alg.exe[3200] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\alg.exe[3200] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\alg.exe[3200] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\alg.exe[3200] WS2_32.dll!socket 719F3B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\alg.exe[3200] WS2_32.dll!bind 719F3E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\alg.exe[3200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00080950 ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 853951D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 853951D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_CREATE 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_CLOSE 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_CLEANUP 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{2DBAE2A9-9F9B-4406-BE80-29216AC9291B} IRP_MJ_PNP 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_CREATE 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_CLOSE 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_CLEANUP 84B22B20 Device \Driver\NetBT \Device\NetBT_Tcpip_{CC507705-DEBF-4D9C-AAA2-29BE124D6B91} IRP_MJ_PNP 84B22B20 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 85395980 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 85395980 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_NAMED_PIPE 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLOSE 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_READ 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_WRITE 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_INFORMATION 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_INFORMATION 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_EA 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_EA 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FLUSH_BUFFERS 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_VOLUME_INFORMATION 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_VOLUME_INFORMATION 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DIRECTORY_CONTROL 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_FILE_SYSTEM_CONTROL 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CONTROL 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_INTERNAL_DEVICE_CONTROL 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SHUTDOWN 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_LOCK_CONTROL 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CLEANUP 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_CREATE_MAILSLOT 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_SECURITY 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_SECURITY 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_POWER 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SYSTEM_CONTROL 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_DEVICE_CHANGE 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_QUERY_QUOTA 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_SET_QUOTA 84B476F0 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_PNP 84B476F0 Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1D93BB0 Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1D93BB0 Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1D93BB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 85395C38 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 85395C38 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 850C0B40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 850C0B40 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 85242A78 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 85242A78 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B976C1] prosync1.sys Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1B78EA0 Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E1B78EA0 Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E1B78EA0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 84B22B20 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 84B22B20 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 84B22B20 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 84B22B20 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 84B22B20 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 84B22B20 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 84B22B20 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 84B22B20 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 84B22B20 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 85395410 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 85395410 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 850F6298 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 850F6298 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 84B47DA8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 84B47DA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 85395C38 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 85395C38 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 84D8E5A0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 84D8E5A0 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE_NAMED_PIPE 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CLOSE 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_READ 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_WRITE 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_INFORMATION 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_INFORMATION 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_EA 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_EA 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_FLUSH_BUFFERS 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_VOLUME_INFORMATION 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_VOLUME_INFORMATION 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DIRECTORY_CONTROL 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_FILE_SYSTEM_CONTROL 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DEVICE_CONTROL 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_INTERNAL_DEVICE_CONTROL 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SHUTDOWN 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_LOCK_CONTROL 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CLEANUP 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_CREATE_MAILSLOT 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_SECURITY 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_SECURITY 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_POWER 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SYSTEM_CONTROL 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_DEVICE_CHANGE 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_QUERY_QUOTA 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_SET_QUOTA 84EC7B58 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_PNP 84EC7B58 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 84A8A1E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 84A8A1E8 Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible F15ABBCE ---- Modules - GMER 1.0.12 ---- Module (noname) (*** hidden *** ) F7BB9000 ---- EOF - GMER 1.0.12 ----

impossible de faire des scans online. Sur la page IE j'ai erreur sur la page en bas à gauche

Désolé voilà le bon rapport C:\WINDOWS\System32/drivers\sp_rsdrv2.sys -->05/04/2007 16:47:10 C:\WINDOWS\System32/drivers\fwdrv.err -->05/04/2007 14:01:15 C:\WINDOWS\System32/drivers\adidsl.cfg -->26/03/2007 22:06:22 C:\WINDOWS\System32/drivers\tmcomm.sys -->19/03/2007 21:17:41 C:\WINDOWS\System32/drivers\sptd8013.sys -->24/02/2007 23:04:38 C:\WINDOWS\System32/drivers\khips.sys -->20/02/2007 13:34:08 C:\WINDOWS\System32/drivers\fwdrv.sys -->20/02/2007 13:34:02 C:\WINDOWS\System32\wpa.dbl -->04/04/2007 11:26:30 C:\WINDOWS\System32\Uninstall.ico -->08/03/2007 17:00:29 C:\WINDOWS\System32\Help.ico -->08/03/2007 17:00:28 C:\WINDOWS\System32\CONFIG.NT -->07/03/2007 13:52:54 C:\WINDOWS\System32\MRT.exe -->07/03/2007 12:36:34 C:\WINDOWS\System32\FNTCACHE.DAT -->27/02/2007 05:26:40 C:\WINDOWS\System32\PerfStringBackup.INI -->26/02/2007 20:07:33 C:\WINDOWS\System32\perfh00C.dat -->26/02/2007 20:07:33 C:\WINDOWS\System32\perfh009.dat -->26/02/2007 20:07:33 C:\WINDOWS\System32\perfc00C.dat -->26/02/2007 20:07:33 C:\WINDOWS\System32\perfc009.dat -->26/02/2007 20:07:33 C:\WINDOWS\System32\nscompat.tlb -->26/02/2007 17:54:26 C:\WINDOWS\System32\amcompat.tlb -->26/02/2007 17:54:26 C:\WINDOWS\System32\TZLog.log -->25/02/2007 07:07:41 C:\WINDOWS\System32\spupdwxp.log -->24/02/2007 23:11:16 C:\WINDOWS\System32\QuickTimeVR.qtx -->16/02/2007 10:54:08 C:\WINDOWS\System32\QuickTime.qts -->16/02/2007 10:54:08 C:\WINDOWS\System32\WgaTray.exe -->15/02/2007 18:01:36 C:\WINDOWS\System32\LegitCheckControl.dll -->15/02/2007 18:01:04 C:\WINDOWS\System32\WgaLogon.dll -->15/02/2007 18:00:28 C:\WINDOWS\System32\tzchange.exe -->29/01/2007 09:58:06 C:\WINDOWS\System32\hhctrl.ocx -->23/01/2007 20:31:20 C:\WINDOWS\System32\sirenacm.dll -->19/01/2007 12:53:04 C:\WINDOWS\System32\aswBoot.exe -->15/01/2007 18:32:07 C:\WINDOWS\System32\AVASTSS.scr -->15/01/2007 18:23:20 C:\WINDOWS\WindowsUpdate.log -->05/04/2007 16:29:52 C:\WINDOWS\wiadebug.log -->05/04/2007 16:28:00 C:\WINDOWS\wiaservc.log -->05/04/2007 16:27:32 C:\WINDOWS.log -->05/04/2007 16:27:24 C:\WINDOWS\bootstat.dat -->05/04/2007 16:27:21 C:\WINDOWS\SchedLgU.Txt -->05/04/2007 16:26:04 C:\WINDOWS\Sti_Trace.log -->05/04/2007 16:24:07 C:\WINDOWS\ntbtlog.txt -->05/04/2007 16:20:34 C:\WINDOWS\setuperr.log -->05/04/2007 16:16:01 C:\WINDOWS\setupact.log -->05/04/2007 16:16:01 C:\WINDOWS\mozregistry.dat -->05/04/2007 11:18:35 C:\WINDOWS\mozver.dat -->05/04/2007 11:09:58 C:\WINDOWS\tsc.ini -->04/04/2007 16:41:21 C:\WINDOWS\tsc.ptn -->04/04/2007 16:34:36 C:\WINDOWS\vsapi32.dll -->04/04/2007 16:34:34 C:\WINDOWS\autoclk.exe |26/03/2007 22:05:55 C:\WINDOWS\bdoscandel.exe |25/05/2006 01:22:06 C:\WINDOWS\ciaunwdm.exe |17/02/2004 17:09:16 C:\WINDOWS\dsrmv.exe |17/05/2005 18:20:16 C:\WINDOWS\IsUn0407.exe |12/11/2004 18:28:33 C:\WINDOWS\IsUn040c.exe |14/08/2004 10:49:29 C:\WINDOWS\IsUninst.exe |08/08/2004 18:05:50 C:\WINDOWS\PATCH.EXE |04/04/2007 16:15:43 C:\WINDOWS\PCLock.exe |30/10/2005 15:09:17 C:\WINDOWS\runtsckl.exe |02/11/2005 18:07:12 C:\WINDOWS\slrundll.exe |20/08/2004 00:10:02 C:\WINDOWS\tsc.exe |04/04/2007 16:34:34 C:\WINDOWS\Twack_16.exe |17/09/2004 13:53:28 C:\WINDOWS\Twack_32.exe |17/09/2004 13:53:28 C:\WINDOWS\twunk_16.exe |24/04/2003 20:00:00 C:\WINDOWS\twunk_32.exe |24/04/2003 20:00:00 C:\WINDOWS\uneng.exe |08/08/2004 17:50:15 C:\WINDOWS\unin040c.exe |09/05/2006 19:49:13 C:\WINDOWS\uninst.exe |25/07/2005 20:23:06 C:\WINDOWS\UNINST32.EXE |12/03/2003 17:05:24 C:\WINDOWS\UNWISE.EXE |25/07/2005 20:29:08 C:\WINDOWS\ADE.DLL |05/12/2006 21:01:09 C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20 C:\WINDOWS\BPMNT.dll |04/04/2007 16:34:33 C:\WINDOWS\hcextoutput.dll |04/04/2007 16:34:34 C:\WINDOWS\icccodes.dll |29/12/2004 21:23:50 C:\WINDOWS\KPCP32.DLL |29/12/2004 21:25:00 C:\WINDOWS\KPFP32.DLL |29/12/2004 21:25:00 C:\WINDOWS\KPSCALE.DLL |29/12/2004 21:25:00 C:\WINDOWS\KPSHARP.DLL |29/12/2004 21:25:00 C:\WINDOWS\KPSYS32.DLL |29/12/2004 21:25:00 C:\WINDOWS\loadhttp.dll |15/10/2002 14:29:40 C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46 C:\WINDOWS\PCDLIB32.DLL |17/09/2004 13:44:58 C:\WINDOWS\pfpick.dll |29/12/2004 21:25:00 C:\WINDOWS\PTPICK32.DLL |29/12/2004 21:23:50 C:\WINDOWS\SlantAdj.dll |05/12/2006 21:01:09 C:\WINDOWS\sprof32.dll |29/12/2004 21:23:50 C:\WINDOWS\SPWHPT.DLL |29/12/2004 21:25:00 C:\WINDOWS\TMUPDATE.DLL |04/04/2007 16:15:47 C:\WINDOWS\twain.dll |24/04/2003 20:00:00 C:\WINDOWS\twain_32.dll |24/04/2003 20:00:00 C:\WINDOWS\UNZIP.DLL |04/04/2007 16:15:45 C:\WINDOWS\vsapi32.dll |04/04/2007 16:34:33 C:\WINDOWS\vsnpstd3.dll |12/02/2007 17:35:57 C:\WINDOWS\system32\AcSignOpt.exe |05/03/2005 13:18:15 C:\WINDOWS\system32\ALIunFIR.exe |08/08/2004 17:41:26 C:\WINDOWS\system32\append.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\asuninst.exe |08/03/2007 17:02:56 C:\WINDOWS\system32\aswBoot.exe |07/03/2007 13:44:53 C:\WINDOWS\system32\Ati2mdxx.exe |16/08/2002 00:18:28 C:\WINDOWS\system32\BCMWLD2K.EXE |08/08/2004 17:44:50 C:\WINDOWS\system32\BCMWLTRY.EXE |08/08/2004 17:45:08 C:\WINDOWS\system32\BCMWLU00.EXE |08/08/2004 17:44:50 C:\WINDOWS\system32\carpserv.exe |02/03/2006 01:19:03 C:\WINDOWS\system32\debug.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\dosx.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34 C:\WINDOWS\system32\edlin.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\exe2bin.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\fastopen.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\HPConfig.exe |08/08/2004 17:47:16 C:\WINDOWS\system32\java.exe |08/08/2004 17:39:18 C:\WINDOWS\system32\javaw.exe |08/08/2004 17:39:18 C:\WINDOWS\system32\mem.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\mscdexnt.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\nlsfunc.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\nw16.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\redir.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\remove.exe |08/08/2004 17:41:26 C:\WINDOWS\system32\setver.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\share.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\slrundll.exe |20/08/2004 00:10:02 C:\WINDOWS\system32\slserv.exe |20/08/2004 00:10:02 C:\WINDOWS\system32\unaddrv.exe |26/03/2007 22:05:52 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\UStorSrv.exe |07/12/2004 20:03:43 C:\WINDOWS\system32\vwipxspx.exe |24/04/2003 20:00:00 C:\WINDOWS\system32\WLTRYSVC.EXE |08/08/2004 17:45:08 C:\WINDOWS\system32\AcSignExt.dll |05/03/2005 13:18:09 C:\WINDOWS\system32\AcSignExtRes.dll |07/03/2005 19:00:01 C:\WINDOWS\system32\AcSignIcon.dll |05/03/2005 13:18:12 C:\WINDOWS\system32\ADADIX16.DLL |26/03/2007 22:05:52 C:\WINDOWS\system32\AdADIx2K.dll |26/03/2007 22:05:52 C:\WINDOWS\system32\AdADIx32.dll |26/03/2007 22:05:52 C:\WINDOWS\system32\amstream.dll |27/10/2006 19:49:32 C:\WINDOWS\system32\ati2cqag.dll |20/08/2004 00:09:19 C:\WINDOWS\system32\ati2dvaa.dll |20/08/2004 00:09:19 C:\WINDOWS\system32\ati2dvag.dll |16/08/2002 01:31:18 C:\WINDOWS\system32\ati2edxx.dll |15/05/2004 18:27:58 C:\WINDOWS\system32\ati3d1ag.dll |16/08/2002 00:44:26 C:\WINDOWS\system32\ati3d2ag.dll |16/08/2002 01:02:28 C:\WINDOWS\system32\ati3duag.dll |16/08/2002 01:12:58 C:\WINDOWS\system32\atiicdxx.dll |16/08/2002 00:18:28 C:\WINDOWS\system32\atiiiexx.dll |16/08/2002 00:18:28 C:\WINDOWS\system32\atioglxx.dll |16/08/2002 02:02:26 C:\WINDOWS\system32\atitvo32.dll |16/08/2002 00:25:08 C:\WINDOWS\system32\ativtmxx.dll |20/08/2004 00:09:19 C:\WINDOWS\system32\ativvaxx.dll |20/08/2004 00:09:19 C:\WINDOWS\system32\atmfd.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\atmlib.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\borlndmm.dll |26/10/2006 19:58:32 C:\WINDOWS\system32\btinstall.dll |01/04/2006 12:33:35 C:\WINDOWS\system32\carpdll.dll |02/03/2006 01:19:03 C:\WINDOWS\system32\CDDBControl.dll |04/04/2005 09:52:16 C:\WINDOWS\system32\CDDBControlRoxio.dll |27/08/2002 20:22:36 C:\WINDOWS\system32\CddbLangDE.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangES.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangFR.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangIT.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangJA.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangKO.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangNL.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangPT_BR.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangSV.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangTH.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangZH.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CddbLangZT.dll |10/03/2005 12:06:58 C:\WINDOWS\system32\CDDBUI.dll |04/04/2005 09:52:16 C:\WINDOWS\system32\CDDBUIRoxio.dll |27/08/2002 20:22:36 C:\WINDOWS\system32\cdral.dll |17/07/2003 00:19:56 C:\WINDOWS\system32\cdrtc.dll |17/07/2003 00:19:56 C:\WINDOWS\system32\clrviddc.dll |11/08/1998 14:18:52 C:\WINDOWS\system32\CmdLineExt03.dll |12/09/2004 16:36:50 C:\WINDOWS\system32\compatui.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\CSH.DLL |15/07/2002 15:58:00 C:\WINDOWS\system32\decdnet.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\dgrpsetu.dll |08/08/2004 18:09:38 C:\WINDOWS\system32\dgsetup.dll |08/08/2004 18:09:38 C:\WINDOWS\system32\eax.dll |26/10/2006 19:58:32 C:\WINDOWS\system32\EBPCHP.DLL |16/02/2007 19:16:48 C:\WINDOWS\system32\EBPMON24.DLL |16/02/2007 19:16:47 C:\WINDOWS\system32\ECBTEG.DLL |16/02/2007 19:16:48 C:\WINDOWS\system32\encdec.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\EqnClass.Dll |08/08/2004 18:09:37 C:\WINDOWS\system32\esccm.dll |05/12/2006 20:36:45 C:\WINDOWS\system32\escimg.dll |05/12/2006 20:36:45 C:\WINDOWS\system32\escwiab.dll |05/12/2006 20:36:45 C:\WINDOWS\system32\ESDTR.dll |05/12/2006 20:36:44 C:\WINDOWS\system32\E_DCINST.DLL |16/02/2007 19:16:51 C:\WINDOWS\system32\E_SAGSET.DLL |16/02/2007 19:16:47 C:\WINDOWS\system32\ff_vfw.dll |03/03/2005 21:24:16 C:\WINDOWS\system32\fmod.dll |26/10/2006 19:58:33 C:\WINDOWS\system32\GEARAspi.dll |03/10/2006 19:47:52 C:\WINDOWS\system32\HPptp02.dll |12/03/2002 16:46:10 C:\WINDOWS\system32\hpzcoi09.dll |28/07/2003 14:12:06 C:\WINDOWS\system32\hpzcon09.dll |28/07/2003 14:12:56 C:\WINDOWS\system32\hpzlnt09.dll |28/07/2003 14:18:48 C:\WINDOWS\system32\HSFCI006.dll |14/04/2003 18:53:54 C:\WINDOWS\system32\hsfcisp2.dll |20/08/2004 00:09:27 C:\WINDOWS\system32\hsfinst.dll |08/08/2004 17:42:16 C:\WINDOWS\system32\hticons.dll |08/08/2004 17:17:10 C:\WINDOWS\system32\hypertrm.dll |17/11/2004 18:57:39 C:\WINDOWS\system32\iccvid.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\INETWH32.dll |04/08/2000 14:25:30 C:\WINDOWS\system32\InstHpci.dll |08/08/2004 17:47:09 C:\WINDOWS\system32\isrdbg32.dll |08/08/2004 17:19:12 C:\WINDOWS\system32\jgaw400.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\JGDW400.DLL |24/04/2003 20:00:00 C:\WINDOWS\system32\jgmd400.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\JGPL400.DLL |24/04/2003 20:00:00 C:\WINDOWS\system32\jgsd400.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\jgsh400.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\lfbmp13n.dll |08/03/2006 20:37:49 C:\WINDOWS\system32\lfcmp13n.dll |08/03/2006 20:37:49 C:\WINDOWS\system32\lfgif13n.dll |08/03/2006 20:38:00 C:\WINDOWS\system32\ltdis13n.dll |08/03/2006 20:37:49 C:\WINDOWS\system32\ltefx13n.dll |08/03/2006 20:37:49 C:\WINDOWS\system32\ltfil13n.dll |08/03/2006 20:37:49 C:\WINDOWS\system32\ltimg13n.dll |08/03/2006 20:37:49 C:\WINDOWS\system32\ltkrn13n.dll |08/03/2006 20:37:49 C:\WINDOWS\system32\McGDMgr.dll |27/02/2006 20:18:28 C:\WINDOWS\system32\mcinsctl.dll |27/02/2006 20:17:38 C:\WINDOWS\system32\mdmxsdk.dll |02/03/2006 01:19:02 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 18:47:06 C:\WINDOWS\system32\MMSwitch.dll |15/11/2002 13:11:26 C:\WINDOWS\system32\msdmo.dll |17/08/2006 20:41:17 C:\WINDOWS\system32\msencode.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\MSVCRT10.DLL |29/12/2004 21:23:51 C:\WINDOWS\system32\mtxparhd.dll |20/08/2004 00:09:35 C:\WINDOWS\system32\nv4_disp.dll |20/08/2004 00:09:36 C:\WINDOWS\system32\OPDSL.DLL |07/12/2004 20:03:44 C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16 C:\WINDOWS\system32\PCDLIB32.DLL |09/12/1998 02:53:58 C:\WINDOWS\system32\pdfcmnnt.dll |26/01/2007 15:52:30 C:\WINDOWS\system32\pixomatic.dll |26/10/2006 19:58:34 C:\WINDOWS\system32\pncrt.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\pndx5016.dll |26/02/2006 22:12:16 C:\WINDOWS\system32\pndx5032.dll |26/02/2006 22:12:16 C:\WINDOWS\system32\psisdecd.dll |27/10/2006 19:50:16 C:\WINDOWS\system32\python21.dll |05/12/2006 21:03:25 C:\WINDOWS\system32\pythoncom21.dll |05/12/2006 21:03:25 C:\WINDOWS\system32\PyWinTypes21.dll |05/12/2006 21:03:25 C:\WINDOWS\system32\qedwipes.dll |27/10/2006 19:49:37 C:\WINDOWS\system32\RA3214_4.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\ra3228_8.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\ra32clv1.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\ra32dnet.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\ra32rv10.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\ra32sipr.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\rarv1032.dll |11/08/1998 14:18:44 C:\WINDOWS\system32\rmoc3260.dll |26/02/2006 22:12:33 C:\WINDOWS\system32\Roboex32.dll |07/11/2000 16:36:14 C:\WINDOWS\system32\s3gnb.dll |20/08/2004 00:09:39 C:\WINDOWS\system32\sbe.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\scriptpw.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\sh33w32.dll |17/09/2004 13:30:53 C:\WINDOWS\system32\slbcsp.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\slbiop.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\slbrccsp.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\slcoinst.dll |20/08/2004 00:09:41 C:\WINDOWS\system32\slextspk.dll |20/08/2004 00:09:41 C:\WINDOWS\system32\slgen.dll |20/08/2004 00:09:41 C:\WINDOWS\system32\spnike.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\spxcoins.dll |08/08/2004 18:09:37 C:\WINDOWS\system32\SynCOM.dll |08/08/2004 17:44:00 C:\WINDOWS\system32\SynCtrl.dll |08/08/2004 17:44:00 C:\WINDOWS\system32\SynTPAPI.dll |08/08/2004 17:44:01 C:\WINDOWS\system32\SynTPCo2.dll |04/11/2004 18:42:16 C:\WINDOWS\system32\SynTPCoI.dll |08/08/2004 17:44:01 C:\WINDOWS\system32\SynTPFcs.dll |08/08/2004 17:44:03 C:\WINDOWS\system32\tsd32.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\VSFilter.dll |12/08/2004 23:11:14 C:\WINDOWS\system32\wbsys.dll |07/04/2006 21:47:02 C:\WINDOWS\system32\win87em.dll |24/04/2003 20:00:00 C:\WINDOWS\system32\xmlparse.dll |12/09/2004 14:11:30 C:\WINDOWS\system32\xmltok.dll |12/09/2004 14:11:30 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C8CA-DA6E Répertoire de C:\WINDOWS\system32 20/08/2004 00:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 11 721 031 680 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C8CA-DA6E Répertoire de C:\WINDOWS\Downloaded Program Files 04/04/2007 16:15 <REP> . 04/04/2007 16:15 <REP> .. 07/12/2004 16:07 32 bdcore.dll 01/03/2005 14:08 118 784 bdupd.dll 25/06/2003 19:00 541 ca.pub 17/01/2006 17:11 580 663 daas_s.dll 08/08/2004 17:20 65 desktop.ini 28/10/2003 08:51 7 424 DjVuLite.inf 25/07/2002 17:13 24 576 dwusplay.dll 25/07/2002 17:13 196 608 dwusplay.exe 10/04/2000 17:12 1 765 fhg.inf 03/02/2006 11:20 188 416 fsauc.dll 16/06/2006 15:31 181 856 fscax.dll 15/06/2006 10:19 483 fscax.inf 17/01/2007 12:21 1 564 hardwaredetection.inf 25/02/2004 00:36 283 256 IDrop.ocx 25/02/2004 00:39 113 784 IDropENU.dll 07/03/2005 19:01 114 256 IDropFRA.dll 01/03/2005 14:08 53 248 ipsupd.dll 19/09/2003 14:22 299 008 isusweb.dll 08/08/2006 11:45 576 kavwebscan.inf 09/03/2005 15:42 6 742 lang.ini 11/12/2006 16:44 367 LegitCheckControl.inf 07/12/2004 16:07 32 libfn.dll 18/02/2005 16:22 126 live.ini 18/06/2003 18:01 691 McGDMgr.inf 19/05/2004 12:01 678 mcinsctl.inf 20/06/2006 15:44 379 704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 01/06/2006 02:57 1 331 oscan8.inf 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 20/06/2006 15:44 117 560 PURen-us.dll 31/05/2002 09:20 117 328 purfr-fr.dll 15/10/2004 07:59 110 592 PURfr-xx.dll 09/03/2005 15:43 6 828 scanoptions.tsi 08/12/2003 13:58 3 759 swflash.inf 15/01/2007 22:50 463 768 wlscBase.dll 15/01/2007 22:50 320 wlscBase.inf 02/11/2005 18:01 1 777 xscan.inf 02/11/2005 18:07 435 712 xscan53.ocx 39 fichier(s) 4 285 663 octets Total des fichiers listés : 39 fichier(s) 4 285 663 octets 2 Rép(s) 11 721 027 584 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?4?2?9??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Liste des programmes installes Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Photoshop CS Adobe Reader 8 - Français ALi FIR Driver Analyseur et SDK MSXML 4.0 SP2 Apple Software Update Archiveur WinRAR ATI Control Panel ATI Display Driver AutoCAD 2006 - Français Autodesk DWF Viewer avast! Antivirus Bink and Smacker boutons One-Touch Broadcom 802.11 CCleaner (remove only) CleanBoot Conexant 56K ACLink Modem Conexant AC-Link Audio Disc2Phone Disque de souvenirs HP DP8381x 10/100 PCI Network Adapter Driver Easy CD & DVD Creator 6 Electronic Arts Game Updater EPSON Copy Utility EPSON Photo Print EPSON Printer Software EPSON Scan EPSON Smart Panel ffdshow Google Earth HijackThis 1.99.1 hp deskjet 5600 HP Photo and Imaging 2.0 - Deskjet Series hp print screen utility Huawei SmartAX MT810 InterVideo WinDVD iTunes iTunes Java 2 Runtime Environment, SE v1.4.2 Kaspersky Online Scanner L&H TTS3000 Français Language pack for Ad-Aware SE Lecteur Windows Media 11 Macromedia Flash Player 8 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows XP (KB904706) Mozilla Firefox (2.0.0.3) MRU-Blaster v1.5 (Database 3/28/2004) MSN MSXML 4.0 SP2 (KB927978) Notebook Utilities P2400P Guide de référence PDFCreator QuickTime RealPlayer Shockwave Skype 3.0 Skype Plugin Manager Sony Ericsson PC Suite 1.20.173 Spybot - Search & Destroy 1.4 Spyware Terminator Sunbelt Kerio Personal Firewall Synaptics Pointing Device Driver Ulead Photo Explorer 8.0 SE Basic WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime XviD MPEG-4 Video Codec Yahoo! Anti-Spy Yahoo! Toolbar Yahoo! Toolbar avec bloqueur de fenêtres pop-up Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C8CA-DA6E Répertoire de C:\Program Files 05/04/2007 16:45 <REP> . 05/04/2007 16:45 <REP> .. 19/02/2007 18:28 <REP> Adobe 24/09/2006 10:40 <REP> Alwil Software 26/05/2006 17:23 <REP> AnswerWorks 4.0 11/03/2007 23:49 <REP> Apple Software Update 05/04/2007 16:23 <REP> a-squared Anti-Malware 08/08/2004 17:45 <REP> ATI Technologies 26/05/2006 17:24 <REP> AutoCAD 2006 26/05/2006 17:08 <REP> Autodesk 25/01/2007 09:23 <REP> CCleaner 07/03/2007 16:39 <REP> CodeStuff 05/02/2007 10:27 <REP> Common files 08/08/2004 17:41 <REP> Company 08/08/2004 17:17 <REP> ComPlus Applications 08/08/2004 17:42 <REP> CONEXANT 21/10/2006 16:06 <REP> CyberLink 28/02/2007 14:02 <REP> Disc2Phone 16/02/2007 19:17 <REP> EPSON 06/04/2006 14:23 <REP> ffdshow 25/02/2007 17:59 <REP> Fichiers communs 03/04/2007 17:21 <REP> Google 19/02/2007 15:12 <REP> Hewlett-Packard 05/04/2007 18:04 <REP> hijackthis 19/02/2007 15:09 <REP> HP 08/08/2004 17:48 <REP> HPQ 26/03/2007 22:05 <REP> Huawei Technologies 01/03/2006 20:38 9 393 352 Install_MSN_Messenger.EXE 09/05/2006 19:49 <REP> InstallShield 20/03/2007 20:00 <REP> Internet Explorer 08/08/2004 17:46 <REP> InterVideo 02/04/2007 22:08 <REP> iPod 02/04/2007 22:08 <REP> iTunes 08/08/2004 17:39 <REP> Java 08/03/2007 20:47 <REP> Lavasoft 01/02/2007 13:26 <REP> LizardTech 01/03/2007 16:04 <REP> Messenger 08/08/2004 17:22 <REP> microsoft frontpage 26/02/2007 12:00 <REP> Microsoft Office 26/02/2007 11:59 <REP> Microsoft Visual Studio 26/02/2007 12:01 <REP> Microsoft Works 26/02/2007 11:57 <REP> Microsoft.NET 24/02/2007 21:35 <REP> Movie Maker 05/04/2007 16:06 <REP> Mozilla Firefox 09/03/2007 09:34 <REP> MRU-Blaster 26/02/2007 12:00 <REP> MSBuild 11/03/2006 19:43 <REP> MSN 08/08/2004 17:17 <REP> MSN Gaming Zone 25/02/2007 09:50 <REP> MSN Messenger 28/11/2006 18:14 <REP> MSXML 4.0 24/02/2007 21:30 <REP> NetMeeting 30/03/2006 09:51 <REP> Network Associates 21/11/2006 18:29 <REP> Nokia 08/08/2004 17:43 <REP> NSC 25/02/2007 15:41 <REP> Outlook Express 26/01/2007 15:53 <REP> PDFCreator 11/03/2007 23:52 <REP> QuickTime 18/06/2006 18:05 <REP> RADVideo 11/03/2006 20:00 <REP> Real 10/09/2004 14:03 <REP> Roxio 08/08/2004 17:20 <REP> Services en ligne 20/01/2007 13:34 <REP> Skype 09/12/2006 21:10 <REP> Smart Panel 21/10/2006 14:14 <REP> Sony Ericsson 10/03/2007 19:56 <REP> Spybot - Search & Destroy 05/04/2007 16:47 <REP> Spyware Terminator 01/03/2007 20:48 <REP> Sunbelt Software 08/08/2004 17:43 <REP> Synaptics 05/09/2006 20:46 <REP> Ulead Systems 19/02/2007 16:57 <REP> VideoLAN 05/09/2006 20:48 <REP> WIDCOMM 14/02/2007 18:51 <REP> Windows Live Safety Center 26/02/2007 17:49 <REP> Windows Media Connect 2 26/02/2007 17:54 <REP> Windows Media Player 24/02/2007 21:30 <REP> Windows NT 14/01/2007 23:35 <REP> WinRAR 12/06/2005 12:50 <REP> WON 08/08/2004 17:22 <REP> xerox 06/04/2006 14:24 <REP> XviD 05/02/2007 10:27 <REP> Yahoo! 1 fichier(s) 9 393 352 octets 79 Rép(s) 11 720 601 600 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C8CA-DA6E Répertoire de C:\Program Files\fichiers communs 25/02/2007 17:59 <REP> . 25/02/2007 17:59 <REP> .. 10/09/2004 13:57 <REP> Adaptec Shared 19/02/2007 18:28 <REP> Adobe 07/12/2006 19:15 <REP> Adobe Systems Shared 26/05/2006 17:23 <REP> Autodesk Shared 09/05/2006 20:01 <REP> Borland Shared 26/02/2007 11:59 <REP> Designer 17/09/2004 21:18 <REP> FotoWire 22/12/2004 22:10 <REP> InstallShield 08/08/2004 17:39 <REP> Java 17/05/2005 18:02 <REP> MGI Shared 26/02/2007 12:13 <REP> Microsoft Shared 08/08/2004 17:19 <REP> MSSoap 30/03/2006 09:51 <REP> Network Associates 19/11/2004 15:34 <REP> Nikon 08/08/2004 18:09 <REP> ODBC 05/12/2006 21:03 <REP> Python 26/02/2006 22:12 <REP> Real 10/09/2004 14:05 <REP> Roxio Shared 08/08/2004 17:19 <REP> Services 20/01/2007 13:34 <REP> Skype 08/08/2004 18:09 <REP> SpeechEngines 07/04/2006 21:47 <REP> Stardock 28/05/2006 14:05 <REP> Symantec Shared 26/02/2007 12:11 <REP> System 21/10/2006 14:15 <REP> Teleca Shared 21/10/2006 16:07 <REP> Ulead Systems 0 fichier(s) 0 octets 28 Rép(s) 11 720 601 600 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C8CA-DA6E Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 26/02/2007 12:11 <REP> . 26/02/2007 12:11 <REP> .. 11/08/2004 15:43 <REP> 1033 26/02/2007 12:13 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 22/01/2001 02:25 86 016 PKMWS.DLL 5 fichier(s) 1 346 770 octets 4 Rép(s) 11 720 601 600 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C8CA-DA6E Répertoire de C:\Program Files\common files 05/02/2007 10:27 <REP> . 05/02/2007 10:27 <REP> .. 05/02/2007 10:27 <REP> Scanner 0 fichier(s) 0 octets 3 Rép(s) 11 720 601 600 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est C8CA-DA6E Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 11 720 597 504 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe c:\Documents and Settings\MERAHI Youcef\.housecall6.6\getMac.exe c:\Documents and Settings\MERAHI Youcef\.housecall6.6\patch.exe c:\Documents and Settings\MERAHI Youcef\.housecall6.6\tsc.exe c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\diff.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\grep.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\streams.exe c:\Documents and Settings\MERAHI Youcef\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\a2AntiMalwareSetup.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\antivir-personal-edition-7_antivir_personal_edition_classic_7_7.00.03.02_anglais_10821.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\avgas-setup-7.5.0.50.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\iTunesSetup.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\keygen.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\kis6.0.2.614fr.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\mozilla-firefox_mozilla_firefox_2.0.0.2_francais_11003.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\pci_filerecovery.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\setupfre.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\spybotsd14.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\spyware-terminator_spyware_terminator_1.8.1.965_francais_28354.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\sunbelt-personal-firewall.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\wmp11-windowsxp-x86-FR-FR.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\Craagle\Craagle\Craagle.exe c:\Documents and Settings\MERAHI Youcef\Bureau\logi\RegSeeker\RegSeeker.exe c:\Documents and Settings\MERAHI Youcef\Bureau\patrimoine\euromed\AUTORUN.EXE c:\Documents and Settings\MERAHI Youcef\Bureau\usb\Nouveau dossier\fr\TCF\TCF_SO_Demo_Partie1.exe c:\Documents and Settings\MERAHI Youcef\Bureau\usb\Nouveau dossier\fr\TCF\TCF_SO_Demo_Partie2.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\HijackThis.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Install_Messenger.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\wrar362fr.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\Geopod\Geopod\keygen.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\MGS-Silverball_v1.60\Silverball_v1.60\keygen.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\MGSkarting_cracked\karting\keygen.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\MVRPool\MVRPool\keygen.exe c:\Documents and Settings\MERAHI Youcef\Mes documents\ferhat\Mes_Jeux_Phone\Phone ^^\Tennis Maniac\keygen.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\MERAHI Youcef\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll Liste des drivers... < Service Pack 2 4 5 2007 19:11:30.500 < Pilote charg' \WINDOWS\system32\ntoskrnl.exe < Pilote charg' \WINDOWS\system32\hal.dll < Pilote charg' \WINDOWS\system32\KDCOM.DLL < Pilote charg' \WINDOWS\system32\BOOTVID.dll < Pilote charg' sptd.sys < Pilote charg' \WINDOWS\System32\Drivers\WMILIB.SYS < Pilote charg' \WINDOWS\System32\Drivers\SPTD8013.SYS < Pilote charg' ACPI.sys < Pilote charg' pci.sys < Pilote charg' isapnp.sys < Pilote charg' ohci1394.sys < Pilote charg' \WINDOWS\System32\DRIVERS\1394BUS.SYS < Pilote charg' compbatt.sys < Pilote charg' \WINDOWS\System32\DRIVERS\BATTC.SYS < Pilote charg' aliide.sys < Pilote charg' \WINDOWS\System32\DRIVERS\PCIIDEX.SYS < Pilote charg' pcmcia.sys < Pilote charg' MountMgr.sys < Pilote charg' ftdisk.sys < Pilote charg' dmload.sys < Pilote charg' dmio.sys < Pilote charg' ACPIEC.sys < Pilote charg' \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS < Pilote charg' PartMgr.sys < Pilote charg' VolSnap.sys < Pilote charg' atapi.sys < Pilote charg' disk.sys < Pilote charg' \WINDOWS\System32\DRIVERS\CLASSPNP.SYS < Pilote charg' fltmgr.sys < Pilote charg' sr.sys < Pilote charg' KSecDD.sys < Pilote charg' Ntfs.sys < Pilote charg' NDIS.sys < Pilote charg' sfhlp01.sys < Pilote charg' prosync1.sys < Pilote charg' \WINDOWS\System32\drivers\SCSIPORT.SYS < Pilote charg' prohlp02.sys < Pilote charg' Mup.sys < Pilote charg' BTHidMgr.sys < Pilote charg' \SystemRoot\System32\DRIVERS\intelppm.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ati2mtag.sys < Pilote charg' \SystemRoot\system32\drivers\calihal.sys < Pilote charg' \SystemRoot\system32\drivers\caliaud.sys < Pilote charg' \SystemRoot\System32\DRIVERS\i8042prt.sys < Pilote charg' \SystemRoot\System32\Drivers\DKbFltr.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\kbdclass.sys < Pilote charg' \SystemRoot\System32\DRIVERS\SynTP.sys < Pilote charg' \SystemRoot\System32\DRIVERS\mouclass.sys < Pilote charg' \SystemRoot\System32\DRIVERS\fdc.sys < Pilote charg' \SystemRoot\System32\DRIVERS\parport.sys < Pilote charg' \SystemRoot\System32\DRIVERS\aliirda.sys < Pilote charg' \SystemRoot\System32\DRIVERS\irenum.sys < Pilote charg' \SystemRoot\System32\DRIVERS\hpci.sys < Pilote charg' \SystemRoot\System32\DRIVERS\HSFHWALI.sys < Pilote charg' \SystemRoot\System32\DRIVERS\HSF_DP.sys < Pilote charg' \SystemRoot\System32\DRIVERS\HSF_CNXT.sys < Pilote charg' \SystemRoot\System32\Drivers\Modem.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\usbuhci.sys < Pilote charg' \SystemRoot\System32\DRIVERS\usbehci.sys < Pilote charg' \SystemRoot\System32\DRIVERS\nic1394.sys < Pilote charg' \SystemRoot\System32\Drivers\AFS2K.SYS < Pilote charg' \SystemRoot\system32\drivers\pfc.sys < Pilote charg' \SystemRoot\System32\Drivers\Cdr4_xp.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\cdrom.sys < Pilote charg' \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys < Pilote charg' \SystemRoot\System32\Drivers\Cdralw2k.SYS < Pilote charg' \SystemRoot\System32\Drivers\pwd_2k.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\DP83815.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\CmBatt.sys < Pilote charg' \SystemRoot\System32\DRIVERS\audstub.sys < Pilote charg' \SystemRoot\System32\DRIVERS\rasirda.sys < Pilote charg' \SystemRoot\System32\DRIVERS\rasl2tp.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ndistapi.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ndiswan.sys < Pilote charg' \SystemRoot\System32\DRIVERS\raspppoe.sys < Pilote charg' \SystemRoot\System32\DRIVERS\raspptp.sys < Pilote charg' \SystemRoot\System32\DRIVERS\msgpc.sys < Pilote charg' \SystemRoot\System32\DRIVERS\psched.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ptilink.sys < Pilote charg' \SystemRoot\System32\DRIVERS\raspti.sys < Pilote charg' \SystemRoot\System32\DRIVERS\rdpdr.sys < Pilote charg' \SystemRoot\System32\DRIVERS\termdd.sys < Pilote charg' \SystemRoot\System32\DRIVERS\swenum.sys < Pilote charg' \SystemRoot\System32\DRIVERS\update.sys < Pilote charg' \SystemRoot\System32\DRIVERS\mssmbios.sys < Pilote charg' \SystemRoot\System32\Drivers\mmc_2K.SYS < Pilote charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\flpydisk.sys < Pilote charg' \SystemRoot\System32\DRIVERS\usbhub.sys < Pilote charg' \SystemRoot\system32\drivers\MODEMCSA.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\lbrtfdc.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Sfloppy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\i2omgmt.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Changer.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Cdaudio.SYS < Pilote charg' \SystemRoot\System32\Drivers\Fs_Rec.SYS < Pilote charg' \SystemRoot\System32\Drivers\Null.SYS < Pilote charg' \SystemRoot\System32\Drivers\Beep.SYS < Pilote charg' \SystemRoot\System32\drivers\vga.sys < Pilote charg' \SystemRoot\System32\Drivers\mnmdd.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\RDPCDD.sys < Pilote charg' \SystemRoot\System32\Drivers\cdudf_xp.SYS < Pilote charg' \SystemRoot\system32\drivers\fwdrv.sys < Pilote charg' \SystemRoot\System32\Drivers\Msfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\Npfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\UdfReadr_xp.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\rasacd.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ipsec.sys < Pilote charg' \SystemRoot\System32\DRIVERS\tcpip.sys < Pilote charg' \SystemRoot\System32\Drivers\aswTdi.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\netbt.sys < Pilote charg' \SystemRoot\System32\drivers\afd.sys < Pilote charg' \SystemRoot\System32\DRIVERS\netbios.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\processr.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\PCIDump.SYS < Pilote charg' \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ipnat.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\redbook.sys < Pilote charg' \SystemRoot\System32\DRIVERS\rdbss.sys < Pilote charg' \SystemRoot\System32\drivers\prodrv06.sys < Pilote charg' \SystemRoot\System32\DRIVERS\mrxsmb.sys < Pilote charg' \SystemRoot\System32\Drivers\adildr.sys < Pilote charg' \SystemRoot\System32\DRIVERS\wanarp.sys < Pilote charg' \SystemRoot\System32\DRIVERS\arp1394.sys < Pilote charg' \SystemRoot\system32\drivers\khips.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\imapi.sys < Pilote charg' \SystemRoot\System32\Drivers\Fips.SYS < Pilote charg' \SystemRoot\System32\Drivers\Aavmker4.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\adiusbae.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\adildr.sys < Pilote charg' \SystemRoot\System32\DRIVERS\irda.sys < Pilote charg' \SystemRoot\System32\DRIVERS\ndisuio.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\rdbss.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\DRIVERS\mrxsmb.sys < Pilote charg' \SystemRoot\System32\DRIVERS\mrxdav.sys < Pilote charg' \SystemRoot\System32\Drivers\ParVdm.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Serial.SYS < Pilote charg' \SystemRoot\System32\Drivers\aswMon2.SYS < Pilote charg' \SystemRoot\system32\drivers\wdmaud.sys < Pilote charg' \SystemRoot\system32\drivers\sysaudio.sys < Pilote charg' \SystemRoot\system32\drivers\splitter.sys < Pilote charg' \SystemRoot\system32\drivers\aec.sys < Pilote charg' \SystemRoot\system32\drivers\swmidi.sys < Pilote charg' \SystemRoot\system32\drivers\DMusic.sys < Pilote charg' \SystemRoot\system32\drivers\kmixer.sys < Pilote charg' \SystemRoot\system32\drivers\drmkaud.sys

voilà le log catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?4?2?9??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0

voilà le log hijack, je vais le reste Logfile of HijackThis v1.99.1 Scan saved at 18:04:43, on 05/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\hijackthis\Scanner.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spartacus75020.spaces.live.com//Pho...ad/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C452B137-B8CE-4E08-BB22-E79488F30C5D}: NameServer = 193.251.169.165 80.88.0.131 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Bonjour tout le monde Mon ordi reboote tout le temps en indiquant une erreur services.exe code d'état 1073741819. J'ai fais un scan avec a-squared et je trouve : riskware.risktool.win32.processor.20 riskware.risktool.win32.reboot.f trace.registry.kazaa et avec antivir en mode sans echec : TR/Rootkit.gen et VBS/IETitle.A sur mon MP3 Je ne peux pas faire de restauration système ni faire des scan online antivirus. Microsoft update n'est pas possible aussi Merci de votre aide