nulleninfo31

Bonjour Desh, J'ai désinstallé Spyware et supprimé le navigateur Woobrowser. Par contre, je ne sais pas à quoi le kit de connexion orange correspond (= les noms de fichiers à éliminer physiquement) ? Je n'utilise pas du tout Outlook, je n'ai jamais réussi à supprimer le dossier présent dans Program Files, impossible ! On dirait que l'ordinateur fonctionne mieux, un grand MERCI à toi pour cette aide précieuse !!! A+

Bonsoir, Dans "Virus" , il y a VundoFix.exe Dans "Mydoom Sasser" : patch_mydoom Le dossier "A jeter" est vide

Bonsoir, Voilà ce que j'ai récolté sur Gmer : GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-06-26 20:31:20 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xF70827A6] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xF707F794] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xF707FF1E] SSDT FA5A0A34 ZwCreateThread SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xF70831F0] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xF708342A] SSDT FA5A0A20 ZwOpenProcess SSDT FA5A0A25 ZwOpenThread SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xF708412A] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xF708383C] SSDT FA5A0A2F ZwTerminateProcess SSDT FA5A0A2A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.14 ---- .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EC, 84 ] .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\Wanadoo\TaskBarIcon.exe[204] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 94, 84 ] .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Packard Bell EverSafe\TrayControl.exe[224] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 9E, 84 ] .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe[260] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 84, 84 ] .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\Wanadoo\ComComp.exe[408] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 71, 85 ] .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\Wanadoo\Toaster.exe[464] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 62, 84 ] .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\Wanadoo\Inactivity.exe[472] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 96, 84 ] .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\Wanadoo\PollingModule.exe[484] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 90, 84 ] .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE[512] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[612] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\csrss.exe[612] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, E1, 84 ] .text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3E, 84 ] .text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 09, 84 ] .text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 33, 84 ] .text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 37, 84 ] .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 07, 84 ] .text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 26, 84 ] .text C:\WINDOWS\System32\FTRTSVC.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\FTRTSVC.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 8B, 84 ] .text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 0E, 84 ] .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe[1072] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EF, 83 ] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1108] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 24, 84 ] .text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Spyware Doctor\pctsSvc.exe[1208] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 43, A1, C3, 83 ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, EC, 83 ] .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1368] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\Explorer.EXE[1368] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, A9, 84 ] .text C:\WINDOWS\Explorer.EXE[1368] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\Explorer.EXE[1368] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 7F, 85 ] .text C:\WINDOWS\system32\LEXBCES.EXE[1500] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\LEXBCES.EXE[1500] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1540] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 7D, 84 ] .text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3D, 85 ] .text C:\WINDOWS\system32\LEXPPS.EXE[1556] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\LEXPPS.EXE[1556] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1628] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1628] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ] .text C:\WINDOWS\system32\wuauclt.exe[1628] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\wuauclt.exe[1628] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\wuauclt.exe[1628] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[1856] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\slserv.exe[1856] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, B8, 83 ] .text C:\WINDOWS\system32\slserv.exe[1856] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\slserv.exe[1856] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 90, 84 ] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1904] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, C6, 84 ] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1912] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 0F, 84 ] .text C:\WINDOWS\SOUNDMAN.EXE[1920] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\SOUNDMAN.EXE[1920] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 46, 84 ] .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\MESSAG~1\StartMessager.exe[1932] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 5F, 84 ] .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[1940] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\QuickTime\qttask.exe[1948] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\QuickTime\qttask.exe[1948] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, AF, 8C ] .text C:\Program Files\QuickTime\qttask.exe[1948] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\QuickTime\qttask.exe[1948] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 44, 84 ] .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[1960] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 71, 87 ] .text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 57, 9E, C3, 83 ] .text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\pctsTray.exe[1988] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, AC, 84 ] .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2016] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2028] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2028] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 90, 84 ] .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2C, 84 ] .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe[2040] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 32, 84 ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\PROGRA~1\Wanadoo\Watch.exe[2044] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BE, 83 ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Internet Explorer\iexplore.exe[2328] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Internet Explorer\iexplore.exe[2328] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Gmer\gmer.exe[3548] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Gmer\gmer.exe[3548] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BA, 83 ] .text C:\Gmer\gmer.exe[3548] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Gmer\gmer.exe[3548] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Gmer\gmer.exe[3548] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 1C, 84 ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe[3628] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateSection 7C91D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtCreateSection + 4 7C91D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtRenameKey 7C91E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtRenameKey + 4 7C91E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtTerminateProcess 7C91E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtTerminateProcess + 4 7C91E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFileGather 7C91EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteFileGather + 4 7C91EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteVirtualMemory 7C91EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3644] ntdll.dll!NtWriteVirtualMemory + 4 7C91EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\alg.exe[3644] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 06, 84 ] .text C:\WINDOWS\System32\alg.exe[3644] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[3644] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\alg.exe[3644] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F2E0F5A ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.14 ----

Bonsoir, Voici les relevés demandés : Canal IDE principal Périphérique 0 : Mode de transfert actif : "Ultra DMA Mode 5" Périphérique 1 : Mode de transfert actif : "Non applicable" Canal IDE secondaire Périphérique 0 : Mode de transfert actif : "Ultra DMA Mode 2" Périphérique 1 : Mode de transfert actif : "Non applicable"

Bonsoir Desh, Merci d'être encore là ! Les lenteurs sont persistantes, à l'ouverture de windows, et en fait de TOUTE application. Le gestionnaire d'Orange met environ 7 minutes à s'ouvrir par exemple !!! J'ai éliminé les 2 lignes du rapport HijackThis. Et si j'éliminais SpywareDoctor ? Et si je jetais mon portable aux orties ?! Quant au redémarrage, il plante toujours. A+ _________________________________________ DiagHelp version v1.4 - http://www.malekal.com excute le 23/06/2008 à 22:00:26,76 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->23/06/2008 22:00:08 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->23/06/2008 21:59:54 C:\WINDOWS\prefetch\AVWSC.EXE-21D2C1ED.pf -->23/06/2008 21:59:19 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->23/06/2008 21:58:45 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->23/06/2008 21:56:27 C:\WINDOWS\prefetch\NETTRANSPORT.EXE-0BCA5DD6.pf -->23/06/2008 21:55:50 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-241EE54E.pf -->23/06/2008 21:54:11 C:\WINDOWS\prefetch\REGEDIT.EXE-2AE3423E.pf -->23/06/2008 21:53:36 C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->23/06/2008 21:53:03 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->23/06/2008 21:23:20 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->30/05/2008 01:06:40 C:\WINDOWS\System32\drivers\mbam.sys -->30/05/2008 01:06:36 C:\WINDOWS\System32\drivers\rmcast.sys -->08/05/2008 14:28:49 C:\WINDOWS\System32\drivers\bthport.sys -->14/04/2008 17:52:45 C:\WINDOWS\System32\drivers\MS1000.sys -->11/03/2008 20:59:40 C:\WINDOWS\System32\drivers\avipbb.sys -->04/03/2008 13:28:53 C:\WINDOWS\System32\drivers\ikfilesec.sys -->01/02/2008 13:55:52 C:\WINDOWS\System32\wpa.dbl -->23/06/2008 09:50:09 C:\WINDOWS\System32\CONFIG.NT -->04/06/2008 18:06:31 C:\WINDOWS\System32\MRT.exe -->30/05/2008 01:35:11 C:\WINDOWS\System32\tmp.txt -->27/05/2008 20:28:40 C:\WINDOWS\System32\tmp.reg -->27/05/2008 20:28:40 C:\WINDOWS\System32\quartz.dll -->07/05/2008 07:15:36 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->05/05/2008 19:07:12 C:\WINDOWS\System32\wininet.dll -->21/04/2008 09:02:40 C:\WINDOWS\System32\urlmon.dll -->21/04/2008 09:02:39 C:\WINDOWS\System32\shlwapi.dll -->21/04/2008 09:02:38 C:\WINDOWS\System32\shdocvw.dll -->21/04/2008 09:02:37 C:\WINDOWS\System32\pngfilt.dll -->21/04/2008 09:02:35 C:\WINDOWS\System32\mstime.dll -->21/04/2008 09:02:35 C:\WINDOWS\System32\msrating.dll -->21/04/2008 09:02:34 C:\WINDOWS\System32\mshtmled.dll -->21/04/2008 09:02:34 C:\WINDOWS\System32\mshtml.dll -->21/04/2008 09:02:34 C:\WINDOWS\System32\jsproxy.dll -->21/04/2008 09:02:29 C:\WINDOWS\System32\inseng.dll -->21/04/2008 09:02:29 C:\WINDOWS\System32\iepeers.dll -->21/04/2008 09:02:29 C:\WINDOWS\System32\extmgr.dll -->21/04/2008 09:02:28 C:\WINDOWS\System32\dxtrans.dll -->21/04/2008 09:02:28 C:\WINDOWS\System32\dxtmsft.dll -->21/04/2008 09:02:28 C:\WINDOWS\System32\danim.dll -->21/04/2008 09:02:28 C:\WINDOWS\System32\cdfview.dll -->21/04/2008 09:02:27 C:\WINDOWS\System32\browseui.dll -->21/04/2008 09:02:27 C:\WINDOWS\WindowsUpdate.log -->23/06/2008 20:52:36 C:\WINDOWS\0.log -->23/06/2008 20:50:45 C:\WINDOWS\QTFont.qfn -->23/06/2008 20:48:15 C:\WINDOWS\bootstat.dat -->23/06/2008 20:47:55 C:\WINDOWS\SchedLgU.Txt -->23/06/2008 20:42:56 C:\WINDOWS\tsoc.log -->12/06/2008 18:35:27 C:\WINDOWS\ocmsn.log -->12/06/2008 18:35:27 C:\WINDOWS\ntdtcsetup.log -->12/06/2008 18:35:27 C:\WINDOWS\imsins.log -->12/06/2008 18:35:27 C:\WINDOWS\iis6.log -->12/06/2008 18:35:27 C:\WINDOWS\comsetup.log -->12/06/2008 18:35:27 C:\WINDOWS\setupapi.log -->12/06/2008 18:35:26 C:\WINDOWS\ocgen.log -->12/06/2008 18:35:26 C:\WINDOWS\msgsocm.log -->12/06/2008 18:35:26 C:\WINDOWS\KB951698.log -->12/06/2008 18:35:26 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1440 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x63000000 0x14000 7.00.0005.0000 C:\WINDOWS\system32\SynTPFcs.dll 0x10000000 0x7000 1.00.0000.0001 C:\PROGRA~1\Wanadoo\Inactivity.dll 0x636e0000 0x29000 5.05.0001.0001 C:\Program Files\Spyware Doctor\smumhook.dll 0x5a000000 0x1f000 5.05.0001.0000 C:\Program Files\Spyware Doctor\klg.dat 0x013c0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x016d0000 0xd000 1.91.0000.0012 C:\Program Files\Accelerator\NetTransport 2\NTIEHelper.dll 0x5f400000 0xf8000 6.00.9782.0000 C:\Program Files\Accelerator\NetTransport 2\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x02900000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02960000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x01660000 0x13000 7.00.0000.0011 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x02c40000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll 0x01510000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x02b10000 0x29000 C:\Program Files\WinRAR\rarext.dll 0x031e0000 0x8000 2.00.0000.0002 C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 640 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x636e0000 0x29000 5.05.0001.0001 C:\Program Files\Spyware Doctor\smumhook.dll 0x5a000000 0x1f000 5.05.0001.0000 C:\Program Files\Spyware Doctor\klg.dat Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est B8B4-3CE7 Répertoire de C:\WINDOWS\system32 20/08/2004 01:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 18 160 189 440 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est B8B4-3CE7 Répertoire de C:\WINDOWS\Downloaded Program Files 23/02/2005 20:30 <REP> . 23/02/2005 20:30 <REP> .. 30/09/2002 13:03 65 desktop.ini 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 16/03/2004 19:13 365 f3initialsetup1.0.0.8-2.inf 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 18/04/2000 00:22 2 203 SG726ACM.inf 5 fichier(s) 4 492 octets Total des fichiers listés : 5 fichier(s) 4 492 octets 2 Rép(s) 18 160 189 440 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" REGEDIT4 [taskmgr.exe] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-23 22:01:37 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 148 - avgnt.exe 156 - ctfmon.exe 184 - TaskBarIcon.exe 212 - avguard.exe 232 - GestionnaireInt 312 - mdm.exe 412 - pctsAuxs.exe 444 - pctsSvc.exe 616 - csrss.exe 640 - winlogon.exe 688 - services.exe 700 - lsass.exe 960 - slserv.exe 1028 - ComComp.exe 1040 - svchost.exe 1216 - Toaster.exe 1224 - Watch.exe 1260 - Inactivity.exe 1292 - PollingModule.e 1408 - ALERTM~1.EXE 1440 - explorer.exe 1836 - vcssecs.exe 1932 - SynTPLpr.exe 1948 - SynTPEnh.exe 1964 - StartMessager.e 2020 - pctsTray.exe 3232 - iexplore.exe 3780 - cmd.exe Total number of processes = 29 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll FA3AC000 - \WINDOWS\system32\KDCOM.DLL FA2BC000 - \WINDOWS\system32\BOOTVID.dll F9E5C000 - ACPI.sys FA3AE000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F9E4B000 - pci.sys F9EAC000 - isapnp.sys FA2C0000 - compbatt.sys FA2C4000 - \WINDOWS\System32\DRIVERS\BATTC.SYS FA474000 - pciide.sys FA12C000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS FA3B0000 - aliide.sys FA3B2000 - cmdide.sys FA3B4000 - toside.sys FA3B6000 - viaide.sys FA3B8000 - intelide.sys F9E2D000 - pcmcia.sys F9EBC000 - MountMgr.sys F9E0E000 - ftdisk.sys FA134000 - PartMgr.sys FA2C8000 - ACPIEC.sys FA475000 - \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS F9ECC000 - VolSnap.sys FA2CC000 - cpqarray.sys F9DF6000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS F9DDE000 - atapi.sys FA2D0000 - aha154x.sys FA13C000 - sparrow.sys FA2D4000 - symc810.sys F9EDC000 - aic78xx.sys FA2D8000 - dac960nt.sys F9EEC000 - ql10wnt.sys FA2DC000 - amsint.sys FA144000 - asc.sys FA2E0000 - asc3550.sys FA14C000 - mraid35x.sys FA154000 - i2omp.sys FA2E4000 - ini910u.sys F9EFC000 - ql1240.sys F9F0C000 - aic78u2.sys FA15C000 - symc8xx.sys FA164000 - sym_hi.sys FA16C000 - sym_u3.sys FA174000 - ABP480N5.SYS FA17C000 - asc3350p.sys FA3BA000 - cd20xrnt.sys F9F1C000 - ultra.sys F9DC5000 - adpu160m.sys FA184000 - dpti2o.sys F9F2C000 - ql1080.sys F9F3C000 - ql1280.sys F9F4C000 - ql12160.sys FA18C000 - perc2.sys FA3BC000 - perc2hib.sys FA194000 - hpn.sys FA2E8000 - cbidf2k.sys F9D99000 - dac2w2k.sys F9F5C000 - disk.sys F9F6C000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F9D79000 - fltmgr.sys F9D67000 - sr.sys F9F7C000 - ikfilesec.sys FA19C000 - PxHelp20.sys F9D50000 - KSecDD.sys F9CC3000 - Ntfs.sys F9C96000 - NDIS.sys F9F8C000 - sisagp.sys FA1A4000 - viaagp1.sys F9F9C000 - ohci1394.sys F9FAC000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F9C7B000 - Mup.sys F9FBC000 - alim1541.sys F9FCC000 - amdagp.sys F9FDC000 - agp440.sys F9FEC000 - agpCPQ.sys FA0BC000 - \SystemRoot\System32\DRIVERS\nic1394.sys F9C6B000 - \SystemRoot\System32\DRIVERS\amdk7.sys FA38C000 - \SystemRoot\System32\DRIVERS\CmBatt.sys F94DE000 - \SystemRoot\System32\DRIVERS\s3gnbm.sys F94CA000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F94B7000 - \SystemRoot\System32\DRIVERS\EMCR7SK.sys FA244000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F9494000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS FA24C000 - \SystemRoot\System32\DRIVERS\usbehci.sys F9C5B000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F9453000 - \SystemRoot\System32\DRIVERS\SynTP.sys FA3CE000 - \SystemRoot\System32\DRIVERS\USBD.SYS FA254000 - \SystemRoot\System32\DRIVERS\mouclass.sys FA25C000 - \SystemRoot\System32\DRIVERS\kbdclass.sys FA3D0000 - \SystemRoot\System32\STDSB.sys F9C3B000 - \SystemRoot\System32\DRIVERS\imapi.sys F9C2B000 - \SystemRoot\System32\DRIVERS\cdrom.sys F9C1B000 - \SystemRoot\System32\DRIVERS\redbook.sys F9430000 - \SystemRoot\System32\DRIVERS\ks.sys F9383000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F935F000 - \SystemRoot\system32\drivers\portcls.sys F9C0B000 - \SystemRoot\system32\drivers\drmk.sys F9312000 - \SystemRoot\System32\DRIVERS\slntamr.sys FA26C000 - \SystemRoot\System32\DRIVERS\SlWdmSup.sys F92D6000 - \SystemRoot\System32\DRIVERS\Mtlmnt5.sys FA274000 - \SystemRoot\System32\Drivers\Modem.SYS FA27C000 - \SystemRoot\System32\DRIVERS\fetnd5.sys FA4E9000 - \SystemRoot\System32\DRIVERS\audstub.sys F9BFB000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys FA398000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F92BF000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F9BEB000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F9BDB000 - \SystemRoot\System32\DRIVERS\raspptp.sys FA284000 - \SystemRoot\System32\DRIVERS\TDI.SYS F92AE000 - \SystemRoot\System32\DRIVERS\psched.sys FA01C000 - \SystemRoot\System32\DRIVERS\msgpc.sys FA28C000 - \SystemRoot\System32\DRIVERS\ptilink.sys FA294000 - \SystemRoot\System32\DRIVERS\raspti.sys F9595000 - \SystemRoot\System32\DRIVERS\termdd.sys F9585000 - \SystemRoot\System32\DRIVERS\vcsmpdrv.sys FA3D2000 - \SystemRoot\System32\DRIVERS\swenum.sys F927A000 - \SystemRoot\System32\DRIVERS\update.sys FA3A0000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F9565000 - \SystemRoot\System32\Drivers\NDProxy.SYS F9525000 - \SystemRoot\System32\DRIVERS\usbhub.sys F708F000 - \SystemRoot\system32\drivers\iksysflt.sys F9515000 - \SystemRoot\system32\drivers\KCOM.SYS F7078000 - \SystemRoot\system32\drivers\iksyssec.sys FA3E6000 - \SystemRoot\System32\Drivers\i2omgmt.SYS FA3E8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS FA4CA000 - \SystemRoot\System32\Drivers\Null.SYS FA3EA000 - \SystemRoot\System32\Drivers\Beep.SYS FA1CC000 - \SystemRoot\System32\drivers\vga.sys FA3EC000 - \SystemRoot\System32\Drivers\mnmdd.SYS FA3EE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys FA1D4000 - \SystemRoot\System32\Drivers\Msfs.SYS FA1DC000 - \SystemRoot\System32\Drivers\Npfs.SYS F9B5D000 - \SystemRoot\System32\DRIVERS\rasacd.sys F7045000 - \SystemRoot\System32\DRIVERS\ipsec.sys F6FED000 - \SystemRoot\System32\DRIVERS\tcpip.sys F6FC5000 - \SystemRoot\System32\DRIVERS\netbt.sys F6FA3000 - \SystemRoot\System32\drivers\afd.sys F9505000 - \SystemRoot\System32\DRIVERS\netbios.sys FA1E4000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F6F78000 - \SystemRoot\System32\DRIVERS\rdbss.sys F6F09000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys FA02C000 - \SystemRoot\System32\Drivers\Fips.SYS F6EE8000 - \SystemRoot\System32\DRIVERS\ipnat.sys FA03C000 - \SystemRoot\System32\DRIVERS\wanarp.sys FA04C000 - \SystemRoot\System32\DRIVERS\arp1394.sys F6ED5000 - \SystemRoot\system32\DRIVERS\avipbb.sys FA3F2000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys FA07C000 - \SystemRoot\System32\Drivers\Cdfs.SYS FA388000 - \SystemRoot\System32\DRIVERS\hidusb.sys FA09C000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS FA214000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F9276000 - \SystemRoot\System32\DRIVERS\mouhid.sys F6E95000 - \SystemRoot\System32\Drivers\dump_atapi.sys FA400000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F70F5000 - \SystemRoot\System32\drivers\Dxapi.sys FA21C000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys FA50A000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\s3gnb.dll F25EC000 - \SystemRoot\System32\DRIVERS\ndisuio.sys F2268000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F2253000 - \SystemRoot\system32\drivers\wdmaud.sys FA05C000 - \SystemRoot\system32\drivers\sysaudio.sys BFFA0000 - \SystemRoot\System32\ATMFD.DLL F1E9F000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys F1E25000 - \SystemRoot\System32\DRIVERS\srv.sys FA5BD000 - \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys F173E000 - \SystemRoot\System32\Drivers\HTTP.sys F16F6000 - \??\C:\WINDOWS\System32\PCANDIS5.SYS FA511000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 172 Liste des programmes installes Adobe Photoshop 5.0.2 Adobe Reader 8.1.2 - Français Adobe SVG Viewer Assistant de connexion Windows Live Avira AntiVir Personal – Free Antivirus Barre d'outils MSN Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 DivX Codec DivX Player Drivers Comtrend CT-56x Gestionnaire Internet Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HijackThis 2.0.2 Java 6 Update 4 Java 6 Update 5 K-Lite Codec Pack 2.24 Full Lexmark Z54 Macromedia Flash Player 8 Malwarebytes' Anti-Malware Messager Wanadoo Microsoft Data Access Components KB870669 Microsoft Office XP Media Content Microsoft Office XP Professional Microsoft Word 2002 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944338) Mise à jour de sécurité pour Windows XP (KB944533) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour de sécurité pour Windows XP (KB947864) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB948881) Mise à jour de sécurité pour Windows XP (KB950749) Mise à jour de sécurité pour Windows XP (KB950759) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB942840) Navigateur Orange Net Transport 1.92.273 Packard Bell Companion Packard Bell EverSafe Packard Bell InfoCentre PowerDVD Scroll Bar Driver Sonic RecordNow DX Spyware Doctor 5.5 TuneUp Utilities 2007 UnzipThemAll 1.3 Viewpoint Media Player WebFldrs XP Windows Installer 3.1 (KB893803) Windows Live installer Windows Live Messenger Windows XP Service Pack 2 WinRAR archiver Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est B8B4-3CE7 Répertoire de C:\Program Files 23/06/2008 21:22 <REP> . 23/06/2008 21:22 <REP> .. 03/06/2008 22:31 <REP> A JETER 24/02/2005 21:19 <REP> Accelerator 15/02/2008 16:26 <REP> Adobe 04/06/2008 18:32 <REP> Avira 14/09/2003 12:48 <REP> Common Files 30/09/2002 13:01 <REP> ComPlus Applications 24/07/2003 07:10 <REP> CyberLink 28/04/2008 17:36 <REP> Fichiers communs 12/06/2008 18:34 <REP> Internet Explorer 08/02/2008 20:42 <REP> Inventel 05/05/2008 19:07 <REP> Java 23/02/2005 20:41 <REP> K-Lite Codec Pack 03/06/2008 21:24 <REP> Malwarebytes' Anti-Malware 23/02/2005 20:41 <REP> Messager Wanadoo 30/09/2002 13:05 <REP> microsoft frontpage 24/07/2003 07:04 <REP> Microsoft Office 24/07/2003 07:04 <REP> Microsoft Visual Studio 21/02/2008 21:40 <REP> Movie Maker 30/09/2002 13:00 <REP> MSN 01/08/2004 20:05 <REP> MSN Apps 30/09/2002 13:00 <REP> MSN Gaming Zone 12/06/2004 20:18 <REP> Mydoom Sasser 17/06/2008 20:23 <REP> Navilog1 21/02/2008 21:34 <REP> NetMeeting 07/09/2003 17:24 <REP> Nullsoft 29/02/2008 14:11 <REP> Outlook Express 23/06/2008 20:48 <REP> Packard Bell EverSafe 15/02/2004 21:11 <REP> QuarkXPress Passport 24/07/2003 07:01 <REP> QuickTime 24/07/2003 07:02 <REP> Real 08/02/2008 20:42 <REP> Securitoo 30/09/2002 13:00 <REP> Services en ligne 15/03/2004 23:40 <REP> Smart Projects 23/06/2008 19:35 <REP> Spyware Doctor 24/07/2003 06:50 <REP> Synaptics 03/06/2008 21:09 <REP> Trend Micro 13/04/2008 17:19 <REP> TuneUp Utilities 2007 15/02/2004 20:50 <REP> UnzipThemAll 24/07/2003 06:49 <REP> VIA 07/09/2003 17:24 <REP> Viewpoint 24/07/2003 07:06 <REP> Virtual CD v4 SDK 03/06/2008 20:13 <REP> Virus 23/06/2008 21:22 <REP> Wanadoo 11/03/2008 19:55 <REP> Windows Live 21/02/2008 21:40 <REP> Windows Media Player 21/02/2008 21:34 <REP> Windows NT 24/02/2005 18:33 <REP> WinRAR 30/09/2002 13:05 <REP> xerox 0 fichier(s) 0 octets 50 Rép(s) 18 140 262 400 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est B8B4-3CE7 Répertoire de C:\Program Files\fichiers communs 28/04/2008 17:36 <REP> . 28/04/2008 17:36 <REP> .. 15/02/2008 16:00 <REP> Adobe 24/07/2003 07:04 <REP> Designer 24/07/2003 07:00 <REP> InstallShield 14/02/2008 21:06 <REP> Java 11/03/2008 19:57 <REP> Microsoft Shared 30/09/2002 13:02 <REP> MSSoap 30/09/2002 12:55 <REP> ODBC 24/07/2003 07:02 <REP> Real 30/09/2002 13:02 <REP> Services 30/09/2002 12:55 <REP> SpeechEngines 29/02/2008 14:11 <REP> System 24/07/2003 07:00 <REP> TVNavigTechnologies Shared 30/10/2003 14:59 <REP> Vbox 13/04/2008 17:19 <REP> Wise Installation Wizard 24/07/2003 07:02 <REP> xing shared 0 fichier(s) 0 octets 17 Rép(s) 18 140 262 400 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est B8B4-3CE7 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24/07/2003 07:04 <REP> . 24/07/2003 07:04 <REP> .. 24/07/2003 07:04 <REP> 1033 24/07/2003 07:04 <REP> 1036 15/02/2001 05:45 1 318 912 MSONSEXT.DLL 13/02/2001 08:23 58 784 MSOSV.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 06/08/2000 09:04 401 462 MSVCP60.DLL 22/01/2001 03:25 69 632 PKMAXCTL.DLL 22/01/2001 03:25 872 448 PKMCDO.DLL 22/01/2001 03:25 159 744 PKMCORE.DLL 07/02/2001 09:59 106 496 PKMFORMS.DLL 12/02/2001 04:03 684 032 PKMRES.DLL 22/01/2001 03:25 28 672 PKMSSTLB.DLL 22/01/2001 03:25 40 960 PKMTEMPL.DLL 22/01/2001 03:25 24 576 PKMTRACE.DLL 22/01/2001 03:25 86 016 PKMWS.DLL 22/01/2001 03:25 237 568 PROMDEMO.DLL 22/01/2001 03:25 184 320 SECMGR.DLL 22/01/2001 03:25 323 584 VAIDDMGR.DLL 22/01/2001 03:25 32 768 VAIMEM.DLL 18 fichier(s) 4 879 944 octets 4 Rép(s) 18 140 258 304 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est B8B4-3CE7 Répertoire de C:\Program Files\common files 14/09/2003 12:48 <REP> . 14/09/2003 12:48 <REP> .. 01/08/2004 20:21 <REP> System 0 fichier(s) 0 octets 3 Rép(s) 18 140 258 304 octets libres Le volume dans le lecteur C s'appelle HDD Le numéro de série du volume est B8B4-3CE7 Répertoire de C:\ 14/04/2008 13:37 22 311 160 antivir_workstation_winu_en_h.exe 31/03/2008 19:42 230 776 aswclear(1).exe 31/03/2008 19:42 230 776 aswclear.exe 07/02/2008 04:25 6 709 608 cleaner5free.exe 09/03/2000 09:06 28 680 FLIPART.EXE 29/08/2002 15:03 6 384 GETDRIVE.EXE 23/05/2008 08:02 812 344 HJTInstall.exe 16/04/2008 17:16 99 383 install_Avira AntiVir Personal_.exe 19/02/2007 15:39 1 410 680 install_flash_player.exe 05/06/2008 22:48 1 608 880 mbam-setup(1).exe 30/05/2008 06:11 1 756 760 mbam-setup.exe 06/06/2008 15:51 571 449 Navilog1(1).exe 04/03/2008 19:36 565 878 Navilog1.exe 12/03/2008 04:45 17 646 136 sdsetup.exe 08/02/2008 17:46 19 858 624 setupfre.exe 27/05/2008 12:05 1 392 354 SmitfraudFix.exe 28/10/2007 05:46 2 402 832 WLinstaller.exe 17 fichier(s) 77 642 704 octets 0 Rép(s) 18 140 258 304 octets libres c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem1920_norton$20internet$20security$20$2d$20autre_1.0_french\adupdate.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem1959_norton$20internet$20security$20$2d$20autre_1.0_french\adupdate.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Emmanuelle\Bureau\DiagHelp\tar.exe c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Emmanuelle\Application Data\Adobe\Acrobat\Whapi\WHA Library.dll c:\Documents and Settings\Emmanuelle\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll ****** Fin du rapport DiagHelp

Bonsoir, Mon ordinateur est effectivement un portable (un Packard Bell acheté en 2003, serait-il obsolète ?) et le touchpad fonctionne bien (mais j'utilise plutôt la souris). Les applications mettent toujours bcp de temps à s'ouvrir, c'est pénible !!! Il y a de quoi le passer par la fenêtre... Le dernier rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:43:42, on 12/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Packard Bell EverSafe\TrayControl.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Accelerator\NetTransport 2\NTIEHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\GetFlash.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Accelerator\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Accelerator\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7720 bytes ______________________________________ Merci

Bonsoir, Le rapport Navilog après nettoyage : Clean Navipromo version 3.5.8 commencé le 11/06/2008 à 19:50:41,10 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Emmanuelle" Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * C:\WINDOWS\prefetch\oghphipi*.pf trouvé ! Copie C:\WINDOWS\prefetch\oghphipi*.pf réalisée avec succès ! C:\WINDOWS\prefetch\oghphipi*.pf supprimé ! * Suppression dans "C:\Documents and Settings\Emmanuelle\locals~1\applic~1" * oghphipi.exe trouvé ! Copie oghphipi.exe réalisée avec succès ! oghphipi.exe supprimé ! oghphipi.dat trouvé ! Copie oghphipi.dat réalisée avec succès ! oghphipi.dat supprimé ! oghphipi_nav.dat trouvé ! Copie oghphipi_nav.dat réalisée avec succès ! oghphipi_nav.dat supprimé ! oghphipi_navps.dat trouvé ! Copie oghphipi_navps.dat réalisée avec succès ! oghphipi_navps.dat supprimé ! *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Emmanuelle\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Emmanuelle\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Emmanuelle\menudm~1\progra~1" *** *** Suppression fichiers *** C:\WINDOWS\system32\nvs2.inf supprimé ! C:\WINDOWS\prefetch\WEBMEDIAPLAYER.EXE-216E8E59.pf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Emmanuelle\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Emmanuelle\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 11/06/2008 à 20:00:45,43 *** ____________________________________________ A signaler : l''ordinateur a redémarré normalement pendant que Navilog travaillait... Tu parlais de réduire le nombre d'applications qui s'ouvrent en même temps que windows afin d'augmenter sa vitesse ?

Bonjour, Un vrai cas d'école pour le Dr House ! J'ai effectivement installé "Webmediaplayer" dimanche dernier (et désintallé le jour même). Je n'ai utilisé qu'une fois Malwarebyte selon tes directives. Depuis, il y a eu bien sûr un scan et un nettoyage avec Antivir (il me semble que c'était à la suite de ton message du 3 juin). Je suis seule à chasser le virus sur cet ordinateur. Peut-être est-ce dû au simple fait d'aller sur "Google" !? Car je ne fait aucun téléchargement ! Voici le rapport de Navilog : Search Navipromo version 3.5.8 commencé le 10/06/2008 à 11:40:00,45 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Emmanuelle" Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** Favorit *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Emmanuelle\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Emmanuelle\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Emmanuelle\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Emmanuelle\locals~1\applic~1" * Fichiers trouvés : oghphipi.exe trouvé ! oghphipi.dat trouvé ! oghphipi_nav.dat trouvé ! oghphipi_navps.dat trouvé ! *** Recherche fichiers *** C:\WINDOWS\system32\nvs2.inf trouvé ! C:\WINDOWS\prefetch\WEBMEDIAPLAYER.EXE-216E8E59.pf trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Emmanuelle\locals~1\applic~1" : oghphipi.dat trouvé ! oghphipi_nav.dat trouvé ! oghphipi_navps.dat trouvé ! 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 10/06/2008 à 11:47:58,60 ***

C'est encore moi, Je n'ai pas trouvé My Web Search, My Way Speedbar, ... dans ajout/suppression de programmes Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:55:41, on 09/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\documents and settings\emmanuelle\local settings\application data\oghphipi.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Packard Bell EverSafe\TrayControl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Accelerator\NetTransport 2\NTIEHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [oghphipi] c:\documents and settings\emmanuelle\local settings\application data\oghphipi.exe oghphipi O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Accelerator\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Accelerator\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 7763 bytes ________________________ Merci encore pour tout ce temps passé à m'aider !!!

Bonjour, Voici le rapport émis sur "virustotal" : Fichier STDSB.exe reçu le 2008.06.09 13:15:53 (CET) Situation actuelle: terminé Résultat: 0/32 (0%) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.5.30.1 2008.06.09 - AntiVir 7.8.0.55 2008.06.09 - Authentium 5.1.0.4 2008.06.08 - Avast 4.8.1195.0 2008.06.09 - AVG 7.5.0.516 2008.06.09 - BitDefender 7.2 2008.06.09 - CAT-QuickHeal 9.50 2008.06.07 - ClamAV 0.92.1 2008.06.09 - DrWeb 4.44.0.09170 2008.06.09 - eSafe 7.0.15.0 2008.06.05 - eTrust-Vet 31.6.5858 2008.06.08 - Ewido 4.0 2008.06.09 - F-Prot 4.4.4.56 2008.06.08 - F-Secure 6.70.13260.0 2008.06.09 - Fortinet 3.14.0.0 2008.06.09 - GData 2.0.7306.1023 2008.06.09 - Ikarus T3.1.1.26.0 2008.06.09 - Kaspersky 7.0.0.125 2008.06.09 - McAfee 5312 2008.06.06 - Microsoft 1.3604 2008.06.09 - NOD32v2 3167 2008.06.09 - Norman 5.80.02 2008.06.06 - Panda 9.0.0.4 2008.06.08 - Prevx1 V2 2008.06.09 - Rising 20.47.42.00 2008.06.06 - Sophos 4.30.0 2008.06.09 - Sunbelt 3.0.1145.1 2008.06.05 - Symantec 10 2008.06.09 - TheHacker 6.2.92.339 2008.06.07 - VBA32 3.12.6.7 2008.06.08 - VirusBuster 4.3.26:9 2008.06.08 - Webwasher-Gateway 6.6.2 2008.06.09 - Information additionnelle File size: 28672 bytes MD5...: 4b4bc60544bf9c656d54e5b2a122da90 SHA1..: 1183fca4934c31b194ac851efb3760d52b456bc0 SHA256: 2fd77cdc012651e031313c5221b985e8eeb98477962d0583d67a27108e655d12 SHA512: 760c79a39c1ba0bc4ef187a954b8f18637e3ee38d2eada2322509b6a6d481666 ca834010f14f8fe813034be6ca05863a836634700d0778073af50aa728757d1d PEiD..: Armadillo v1.71 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401f22 timedatestamp.....: 0x3c7cb55f (Wed Feb 27 10:30:55 2002) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x379e 0x4000 5.95 c01d9425ae87f081abdde1c37ab4fa03 .rdata 0x5000 0xa28 0x1000 3.88 70aa7cfebf1c50fdcca7a2bf5cce133a .data 0x6000 0xcfc 0x1000 1.37 b747d552331bc3c52257f2a517797b22 ( 4 imports ) > KERNEL32.dll: GetVersion, lstrcmpiA, ExitProcess, TerminateProcess, GetCommandLineA, GetProcAddress, lstrcmpA, HeapReAlloc, VirtualAlloc, GetOEMCP, GetACP, HeapAlloc, WriteFile, RtlUnwind, GetCPInfo, VirtualFree, HeapCreate, HeapFree, GetFileType, GetStdHandle, HeapDestroy, GetEnvironmentStringsW, GetEnvironmentStrings, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, UnhandledExceptionFilter, SetHandleCount, FreeEnvironmentStringsW, GetCurrentProcess, FreeEnvironmentStringsA, GetModuleFileNameA, WideCharToMultiByte > USER32.dll: GetMessageA, TranslateMessage, GetClassNameA, GetCursorPos, WindowFromPoint, GetParent, GetWindowLongA, PostMessageA, SendMessageA, GetWindow, GetWindowRect, KillTimer, SetTimer, DefWindowProcA, LoadCursorA, PostQuitMessage, LoadIconA, ShowWindow, RegisterClassA, CreateWindowExA, DispatchMessageA > mxkeybd.dll: MXK_Exit, MXK_Initialize, MXK_SetHookScanCode > WINMM.dll: mixerClose ( 0 exports )

Bonjour ! Voilà le rapport après scan : Avira AntiVir Personal Report file date: jeudi 5 juin 2008 14:22 Scanning for 1310153 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: Emmanuelle Computer name: EMMA Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 16:41:18 ANTIVIR3.VDF : 7.0.4.143 92672 Bytes 04/06/2008 16:41:19 Engineversion : 8.1.0.51 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.37 270715 Bytes 04/06/2008 16:41:29 AESCN.DLL : 8.1.0.20 119157 Bytes 04/06/2008 16:41:28 AERDL.DLL : 8.1.0.20 418165 Bytes 04/06/2008 16:41:28 AEPACK.DLL : 8.1.1.5 364918 Bytes 04/06/2008 16:41:27 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 04/06/2008 16:41:26 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 04/06/2008 16:41:25 AEHELP.DLL : 8.1.0.15 115063 Bytes 04/06/2008 16:41:23 AEGEN.DLL : 8.1.0.25 307573 Bytes 04/06/2008 16:41:23 AEEMU.DLL : 8.1.0.6 430451 Bytes 04/06/2008 16:41:21 AECORE.DLL : 8.1.0.30 168311 Bytes 04/06/2008 16:41:20 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 5 juin 2008 14:22 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'vcssecs.exe' - '1' Module(s) have been scanned Scan process 'slserv.exe' - '1' Module(s) have been scanned Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned Scan process 'TrayControl.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned Scan process 'pctsTray.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'StartMessager.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 46 processes with 46 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] In the drive 'D:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '48' files ). Starting the file scan: Begin scan in 'C:\' <HDD> C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\QuarkXPress Passport\Setup\install.exe [DETECTION] Is the Trojan horse TR/FlashKiller.C [NOTE] The file was deleted! C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP468\A0148257.exe [DETECTION] Is the Trojan horse TR/FlashKiller.C [NOTE] The file was deleted! C:\WINDOWS\NsUpdate.exe [DETECTION] Contains detection pattern of the dial-up program DIAL/Generic [NOTE] The file was moved to '489ce0fb.qua'! Begin scan in 'D:\' Search path D:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: jeudi 5 juin 2008 15:12 Used time: 50:14 min The scan has been done completely. 4000 Scanning directories 238617 Files were scanned 3 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 2 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 238614 Files not concerned 6365 Archives were scanned 2 Warnings 3 Notes _______________________________ J'ai éliminé les 2 chevaux de Troie (TR/FlashKiller.C) et mis en quarantaine le programme "DIAL/Generic" A suivre...

Bonsoir Desh, Un grand merci pour tes précieux "tuyaux" J'ai suivi à la lettre tes instructions. Mon ordinateur plante encore systématiquement au redémarrrage (le mode "sans échec" échoue...) Est-ce que le fait d'avoir le logiciel SpywareDoctor en parallèle induit des lenteurs ? Je constate que, de toute façon, la capacité de mon portable est faible (seulement 662 MHz en puissance et 224 Mo de RAM) par rapport à ce qui est requis notamment pour un bon usage d'Antivir. j'ai bien sûr désinstallé Avast. Voici le dernier rapport (en date de ce jour) : Malwarebytes' Anti-Malware 1.14 Version de la base de données: 818 19:55:01 04/06/2008 mbam-log-6-4-2008 (19-55-01).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 78620 Temps écoulé: 1 hour(s), 5 minute(s), 59 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ___________________ Apparemment tout a été nettoyé !

Bonjour à tous ! Sur les conseils éclairés de "Kewlcat" me voici sur ce forum : mon ordinateur portable "rame" terriblement que je sois connectée ou non à internet (adsl 6 méga.) !!! I need HELP ! voici le descriptif de mon portable : Packard Bell - mobile AMD Athlon XP-M 2400+ 662 MHz, 224 Mo de RAM OS Windows XP v. 2002 Et le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:45:31, on 02/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\STDSB.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Packard Bell EverSafe\TrayControl.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Accelerator\NetTransport 2\NetTransport.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\EMMANU~1\LOCALS~1\Temp\Rar$EX04.930\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Accelerator\NetTransport 2\NTIEHelper.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\System32\STDSB.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm024 O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Accelerator\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Accelerator\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe -- End of file - 8167 bytes _______________________ Un grand merci à celui ou celle qui prendra le temps de se pencher sur mon cas (douloureux) ! Un site sympa pour écouter de la musique en continu : deezer.com SALUT !

Merci pour l'interprétation du rapport. "mm" pour mégamax (dixit mon contrat "Orange") ?! Je suppose que si mon ordinateur pédale dans la semoule c'est qu'il doit avoir pris qq virus... je pensais désinstaller et réinstaller Windows.