Jakyco
-
Compteur de contenus
7 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Jakyco
-
Thanos, merci pour tout. J'aurais été très ennuyé de devoir tout réinstaller .
-
Hello ! Le PC fonctionne bien. Voici le fichier log de otmoveit : Error: Unable to interpret <:first> in the current context! ========== FILES ========== C:\WINDOWS\PSEXESVC.EXE moved successfully. C:\WINDOWS\zip.exe moved successfully. C:\WINDOWS\VFIND.exe moved successfully. C:\WINDOWS\SWXCACLS.exe moved successfully. C:\WINDOWS\SWSC.exe moved successfully. C:\WINDOWS\SWREG.exe moved successfully. C:\WINDOWS\sed.exe moved successfully. C:\WINDOWS\NIRCMD.exe moved successfully. C:\WINDOWS\grep.exe moved successfully. C:\WINDOWS\fdsv.exe moved successfully. C:\WINDOWS\system32\CF8168.exe moved successfully. C:\WINDOWS\system32\tmp.txt moved successfully. C:\rapport.txt moved successfully. C:\VundoFix.txt moved successfully. C:\FindyKill.txt moved successfully. C:\WINDOWS\ERDNT\subs moved successfully. C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004 moved successfully. C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003 moved successfully. C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002 moved successfully. C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001 moved successfully. C:\WINDOWS\ERDNT\Hiv-backup\Users moved successfully. C:\WINDOWS\ERDNT\Hiv-backup moved successfully. C:\WINDOWS\ERDNT moved successfully. C:\ComboFix\N_ moved successfully. C:\ComboFix moved successfully. C:\Qoobox\TestC moved successfully. C:\Qoobox\Test moved successfully. C:\Qoobox\Quarantine\Registry_backups moved successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully. C:\Qoobox\Quarantine\C\WINDOWS moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\All Users moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings moved successfully. C:\Qoobox\Quarantine\C moved successfully. C:\Qoobox\Quarantine moved successfully. C:\Qoobox\LastRun moved successfully. C:\Qoobox\BackEnv moved successfully. C:\Qoobox moved successfully. C:\VundoFix Backups moved successfully. C:\rsit moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Moi\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Moi\LOCALS~1\Temp\Perflib_Perfdata_1038.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Moi\LOCALS~1\Temp\Perflib_Perfdata_988.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\884GKQ94\ban_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\884GKQ94\rectangle_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\01[2] scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\AKE51FOCA9G15Y8CA6UJUGXCA50O6BDCAGTTPXHCA2Y8Q0QCA02IPH3CA579W4WCAS3H2YACATD 9N2ICA7GCZD5CAQWO0YVCAHLLNN8CAEYU3HQCA1N3PI1CAUVWS32CAY5CN2XCAIXK1LOCA7Y090CCARHW QUP.htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\infection-t161482[4].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\1083A6BI\Generic[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\1083A6BI\hp[1].htm scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\mcafee_CyTfIOXTRYGeUpy scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_bSaZWjLCQTH6pA9 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_HI5DaOP0AR6YHGs scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_itVVo1zBhMVCbpm scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_PTx6on6Ywxe9AQQ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2a8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_7kjrMrOselkRFSo scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_IgR7zRdIV0YnD9F scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_lsVnbRNHpkhNmHi scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_Mqsm2wYZ80QuIgc scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_p4HeCa9yYdfJ99s scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_PadObin17v6C899 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_W9YtSV1ns2uu8Yi scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04092009_191921 Files moved on Reboot... DllUnregisterServer procedure not found in C:\DOCUME~1\Moi\LOCALS~1\Temp\IadHide5.dll C:\DOCUME~1\Moi\LOCALS~1\Temp\IadHide5.dll NOT unregistered. C:\DOCUME~1\Moi\LOCALS~1\Temp\IadHide5.dll moved successfully. File C:\DOCUME~1\Moi\LOCALS~1\Temp\Perflib_Perfdata_1038.dat not found! File C:\DOCUME~1\Moi\LOCALS~1\Temp\Perflib_Perfdata_988.dat not found! C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\884GKQ94\ban_728x90[1].htm moved successfully. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\884GKQ94\rectangle_300x250[1].htm moved successfully. File C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\01[2] not found! C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\AKE51FOCA9G15Y8CA6UJUGXCA50O6BDCAGTTPXHCA2Y8Q0QCA02IPH3CA579W4WCAS3H2YACATD 9N2ICA7GCZD5CAQWO0YVCAHLLNN8CAEYU3HQCA1N3PI1CAUVWS32CAY5CN2XCAIXK1LOCA7Y090CCARHW QUP.htm moved successfully. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\iframe[1].htm moved successfully. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\61DMGND7\infection-t161482[4].htm moved successfully. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\1083A6BI\Generic[1].htm moved successfully. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\1083A6BI\hp[1].htm moved successfully. C:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully. File C:\WINDOWS\temp\mcafee_CyTfIOXTRYGeUpy not found! File C:\WINDOWS\temp\mcmsc_bSaZWjLCQTH6pA9 not found! File C:\WINDOWS\temp\mcmsc_HI5DaOP0AR6YHGs not found! File C:\WINDOWS\temp\mcmsc_itVVo1zBhMVCbpm not found! File C:\WINDOWS\temp\mcmsc_PTx6on6Ywxe9AQQ not found! File C:\WINDOWS\temp\Perflib_Perfdata_2a8.dat not found! C:\WINDOWS\temp\sqlite_7kjrMrOselkRFSo moved successfully. File C:\WINDOWS\temp\sqlite_IgR7zRdIV0YnD9F not found! File C:\WINDOWS\temp\sqlite_lsVnbRNHpkhNmHi not found! C:\WINDOWS\temp\sqlite_Mqsm2wYZ80QuIgc moved successfully. File C:\WINDOWS\temp\sqlite_p4HeCa9yYdfJ99s not found! File C:\WINDOWS\temp\sqlite_PadObin17v6C899 not found! C:\WINDOWS\temp\sqlite_W9YtSV1ns2uu8Yi moved successfully. Tout n est pas "successfull". J espere que ca partira au reboot. Dis moi quand meme s il faut refaire la manip otmoveit. Je vais aussi faire les mise a jour Merci encore Salut
-
Bonjour, Rapport gmer : GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-08 20:33:17 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF219944A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF21994E1] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF21993F8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF219940C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF21994F5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF2199521] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF219958F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF2199579] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF219948A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF21995BB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF21994CD] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF21993D0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF21993E4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF219945E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF21995F7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF2199563] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF219954D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF219950B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF21995E3] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF21995CF] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF2199436] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF2199422] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF2199537] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF21994B9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF21995A5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF21994A0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF2199474] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP F2199478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP F219944E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP F219948E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP F21994A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP F2199462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP F21993D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP F21993E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP F2199426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP F2199410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 1 Byte [E9] PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP F21993FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP F219943A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP F21994BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryValueKey 806219CA 7 Bytes JMP F2199551 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP F219953B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnloadKey 80622042 7 Bytes JMP F21995A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 806228E0 7 Bytes JMP F2199567 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP F219950F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP F21994E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP F21994F9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP F2199525 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 7 Bytes JMP F2199593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062423C 7 Bytes JMP F219957D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP F21994D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryKey 80624E8A 7 Bytes JMP F21995FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 8062514A 5 Bytes JMP F21995D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 8062583E 5 Bytes JMP F21995E7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625958 5 Bytes JMP F21995BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010FEF .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010075 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01010064 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010053 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01010036 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010FA8 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010100B2 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01010097 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010100D4 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010100C3 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01010F20 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01010025 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01010FDE .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01010086 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01010014 .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01010FCD .text C:\WINDOWS\System32\svchost.exe[520] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01010F4F .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FF0047 .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FF0FA2 .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FF002C .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FF0011 .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FF0FBD .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FF0000 .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00FF0069 .text C:\WINDOWS\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FF0058 .text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006C0FAB .text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!system 77C293C7 5 Bytes JMP 006C0036 .text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006C0000 .text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006C0FE3 .text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006C001B .text C:\WINDOWS\System32\svchost.exe[520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006C0FD2 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000700A9 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070098 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FCA .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0007007D .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070047 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F7C .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070FA3 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F50 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700E9 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F35 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070062 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007001B .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 000700C4 .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007002C .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FDB .text C:\WINDOWS\system32\services.exe[892] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00070F6B .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060047 .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0006007D .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060036 .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0006001B .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060FC0 .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060000 .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00060FE5 .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [26, 88] .text C:\WINDOWS\system32\services.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060062 .text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0005004E .text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!system 77C293C7 5 Bytes JMP 0005003D .text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FDE .text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050FEF .text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050FCD .text C:\WINDOWS\system32\services.exe[892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00050018 .text C:\WINDOWS\system32\services.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F79 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD006E .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0F94 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0FA5 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FC7 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F5C .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD00A4 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0F15 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0F26 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00FD0F04 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00FD0FB6 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FD0011 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00FD0089 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00FD0033 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00FD0022 .text C:\WINDOWS\system32\lsass.exe[904] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00FD0F41 .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00FC0022 .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00FC0F91 .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00FC0011 .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00FC0000 .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00FC0058 .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00FC0FE5 .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00FC0FAC .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [1C, 89] {SBB AL, 0x89} .text C:\WINDOWS\system32\lsass.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00FC0033 .text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB0042 .text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0031 .text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0016 .text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0FEF .text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB0FC1 .text C:\WINDOWS\system32\lsass.exe[904] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0FDE .text C:\WINDOWS\system32\lsass.exe[904] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0FEF .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02430000 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02430FB7 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02430FC8 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 024300A2 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02430091 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0243005B .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02430F75 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02430F92 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02430F46 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 024300DF .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 024300FA .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02430080 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0243001B .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 024300BD .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02430FEF .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02430040 .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024300CE .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 0242002C .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0242007D .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02420FE5 .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0242001B .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02420062 .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0242000A .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02420FC0 .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [62, 8A] .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02420047 .text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0241001B .text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!system 77C293C7 5 Bytes JMP 0241000A .text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02410FAB .text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02410FE3 .text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02410F90 .text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02410FD2 .text C:\WINDOWS\system32\svchost.exe[1092] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EE0FEF .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EE009B .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EE0FA6 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EE0FC3 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EE0080 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EE004A .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EE00D8 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EE00C7 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EE00FD .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EE0F5A .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EE010E .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EE0065 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EE0FDE .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EE00AC .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EE0025 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EE0014 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EE0F75 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00ED002C .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00ED0062 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00ED0FE5 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00ED001B .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00ED0FAF .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00ED0000 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00ED0051 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00ED0FCA .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EC005D .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EC0FC8 .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EC001D .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EC0FEF .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EC002E .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EC0000 .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EB0000 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02AF0FEF .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02AF0F94 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02AF0FA5 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AF0073 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02AF0062 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02AF0FC0 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02AF0F5C .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02AF00A4 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AF00DD .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02AF0F3A .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02AF0F1F .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02AF0047 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02AF000A .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02AF0F83 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02AF0036 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02AF0025 .text C:\WINDOWS\Explorer.EXE[1232] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02AF0F4B .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02440FAF .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02440051 .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02440000 .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02440FD4 .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02440036 .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02440FE5 .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02440F94 .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [64, 8A] .text C:\WINDOWS\Explorer.EXE[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0244001B .text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0243007A .text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 02430055 .text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02430029 .text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02430000 .text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02430044 .text C:\WINDOWS\Explorer.EXE[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02430FEF .text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02450000 .text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02450FE5 .text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02450025 .text C:\WINDOWS\Explorer.EXE[1232] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02450036 .text C:\WINDOWS\Explorer.EXE[1232] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01A4000A .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02EC000A .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02EC00A2 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02EC0FA3 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02EC007D .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02EC0FC0 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02EC0051 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02EC00E1 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02EC00C4 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02EC0117 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02EC00FC .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02EC0F63 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02EC006C .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02EC001B .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02EC00B3 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02EC0FE5 .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02EC002C .text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02EC0F7E .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02BA0036 .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02BA0065 .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02BA0FE5 .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02BA0011 .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02BA0FA8 .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02BA0000 .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02BA0FB9 .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [DA, 8A] .text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02BA0FCA .text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0251005D .text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes JMP 0251004C .text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02510016 .text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02510FEF .text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02510031 .text C:\WINDOWS\System32\svchost.exe[1324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02510FD2 .text C:\WINDOWS\System32\svchost.exe[1324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02230000 .text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02CB0000 .text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02CB0FE5 .text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02CB001B .text C:\WINDOWS\System32\svchost.exe[1324] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02CB002C .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650031 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F46 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F57 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F68 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F97 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650058 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F10 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650EE4 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650EF5 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00650EC9 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650014 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650FD4 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F21 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650FB2 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00650FC3 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00650069 .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640047 .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00640091 .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0064002C .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0064001B .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00640FCA .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640000 .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0064006C .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640FE5 .text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FCA .text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FDB .text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0063003A .text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0063000C .text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063004B .text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063001D .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C2000A .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F94 .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20FAF .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20093 .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20076 .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20040 .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C200BF .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C200AE .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200FC .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200EB .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C20117 .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C2005B .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C2001B .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F83 .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FD4 .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C20FEF .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C200D0 .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C10025 .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C1005B .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C10FD4 .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C1000A .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C1004A .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C10FEF .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C10F9E .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a} .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C10FB9 .text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00FBC .text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00047 .text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C0001B .text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FEF .text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C0002C .text C:\WINDOWS\system32\svchost.exe[1500] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00000 .text C:\WINDOWS\system32\svchost.exe[1500] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0000 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB004C .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F61 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB003B .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0F72 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0F94 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0093 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0078 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB00C6 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB00B5 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB00EB .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB0F83 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB0FE5 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0067 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0FB9 .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB0FCA .text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB00A4 .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DA0FAF .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DA0040 .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DA0FD4 .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DA0FE5 .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DA0F79 .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DA000A .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DA0025 .text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DA0F9E .text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D90FA8 .text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D9003D .text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90FCD .text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90FEF .text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D90022 .text C:\WINDOWS\system32\svchost.exe[1524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D90FDE .text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60FEF .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20FE5 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20F72 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20071 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20060 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20039 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20FA8 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D200A7 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D2008C .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D200C9 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F3A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D20F15 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D20F97 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D20FCA .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D20F61 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D20FB9 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D20000 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D200B8 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00036 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D00F9E .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00025 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D0000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00FAF .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D00FEF .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D00FC0 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [F0, 88] .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00047 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0049 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0FC8 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0FE3 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF0000 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0038 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF001D .text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0000 .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D1000A .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D1001B .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D10FE5 .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D10036 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B70FEF .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B70F46 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B70F57 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B70F68 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B70025 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B70014 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B70F0E .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B70F35 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B7008C .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B70EF3 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B700A7 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B70F83 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B70FDE .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B70056 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B70FA8 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B70FB9 .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B70071 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B60025 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B60F72 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B60FD4 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B60000 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B60F83 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B60FE5 .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B60F9E .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [D6, 88] .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B60FB9 .text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B50FBE .text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B50FD9 .text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B5002E .text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B50000 .text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B5003F .text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B5001D .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C500DA .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C500BF .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C500A4 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50FDB .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50062 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50101 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50FB9 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50F83 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50112 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C50F68 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C5007D .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C50011 .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C50FCA .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C5003D .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C5002C .text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C50F94 .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C40FB2 .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C4004A .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C40FC3 .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C40FD4 .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C40039 .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C40FE5 .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C40F8D .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [E4, 88] {IN AL, 0x88} .text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C40014 .text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30F92 .text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FB7 .text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30FD2 .text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF .text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C3001D .text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2180] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710FEF .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00710F90 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710085 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710FA1 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710FB2 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00710043 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007100B6 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00710F6E .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007100D8 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007100C7 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007100E9 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00710054 .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0071000A .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00710F7F .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00710FCD .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00710FDE .text C:\WINDOWS\System32\svchost.exe[3672] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00710F49 .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00700FE5 .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00700FAF .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0070002C .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00700011 .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0070006C .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00700000 .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00700FCA .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [90, 88] .text C:\WINDOWS\System32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00700051 .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F005F .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F004E .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0022 .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F0000 .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F003D .text C:\WINDOWS\System32\svchost.exe[3672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0011 .text C:\WINDOWS\System32\svchost.exe[3672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E000A .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30FEF .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30F83 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E30F94 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E30FA5 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30062 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E30036 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E30093 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E30F57 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E300BF .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E30F30 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E30F0B .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E30047 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E3000A .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E30F72 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E30025 .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E30FCA .text C:\WINDOWS\system32\dllhost.exe[3720] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E300AE .text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E10064 .text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E10053 .text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E1002E .text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10000 .text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10FE3 .text C:\WINDOWS\system32\dllhost.exe[3720] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E1001D .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E2001B .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E20F9B .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E2000A .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E20FD4 .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E2004E .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E20FEF .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E2003D .text C:\WINDOWS\system32\dllhost.exe[3720] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E2002C .text C:\WINDOWS\system32\dllhost.exe[3720] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0000 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710000 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0071006C .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710F77 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710F88 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710051 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0071002C .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00710098 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00710087 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007100CE .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00710F2B .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00710F10 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00710FAF .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00710011 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00710F5C .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00710FC0 .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00710FDB .text C:\WINDOWS\System32\svchost.exe[3972] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007100A9 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00700FAF .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00700F79 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00700000 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00700FCA .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00700036 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00700FEF .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00700025 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00700F9E .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006F003D .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!system 77C293C7 5 Bytes JMP 006F0FB2 .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006F0FD4 .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006F000C .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006F0FC3 .text C:\WINDOWS\System32\svchost.exe[3972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006F0FEF .text C:\WINDOWS\System32\svchost.exe[3972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006E0000 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A52DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A52C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01A52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A52C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\Moi\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[4804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\eHome\ehmsas.exe[5520] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[6116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \FileSystem\Fastfat \Fat EDC71D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl (size mismatch) 8192/4096 bytes ---- EOF - GMER 1.0.15 ---- et le rapport combofix : (mais j ai eu l impression qu il ne marchait pas) ComboFix 09-04-01.01 - Administrator 2009-04-05 11:51:12.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.674 [GMT 2:00] Running from: E:\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . Merci
-
Salut Le bureau est retabli. Combofix ne m avait pas donne de rapport la premire fois et refuse de fonctionner maintenant. Il lance la petite barre de defilmeemt t s arrete. Pour les deux rapports virustotal, je te mets les dux liens. http://www.virustotal.com/analisis/1d2b34a...546afce0a70c23d http://www.virustotal.com/analisis/475c52e...2f4555791791293 A +
-
Bonsoir Voila le rapport Kasprsky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, April 6, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, April 06, 2009 18:44:06 Records in database: 2018604 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 96634 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:24:53 File name / Threat name / Threats count E:\mtimd.zip Infected: Trojan-Downloader.Win32.Small.ddp 1 The selected area was scanned. Voila le rapport Smitfraud SmitFraudFix v2.406 Scan done at 17:55:17.67, Sun 04/05/2009 Run from C:\Documents and Settings\Moi\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ... »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport DNS Server Search Order: 192.168.2.1 Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport DNS Server Search Order: 212.27.40.241 DNS Server Search Order: 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B5AA2CE4-81BF-4347-A760-540ED76B6826}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B5AA2CE4-81BF-4347-A760-540ED76B6826}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\..\{843246AD-E85D-4D4C-9AEA-26A68B24D8D2}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{B5AA2CE4-81BF-4347-A760-540ED76B6826}: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Le rapport Combofix n est jamais sorti. Apres toutes cs analyses, j spere que ls nouvelles seront bonnes sauf pour le truc de la cle USB (lecteur E), mais ca, ce n est pas grave. Merci encore
-
Et bien je dois dire qu j etais sacrement affole (en plus, , j ecris avec un clavier anglais dont la touche e est cassee) et j ai essaye plusieurs antivirus dont crtains se prenaient pour des virus. Dans la confusion, j ai fait malwarebytes, smitfraud et un autre specialise pour vundo, dans le desordre et plusieurs fois de suite pour crtains. Le resultat de MBAM a l air propre mais j ai peur qu il reste un truc qui se relance sans arret. Ci dessous les trois rapports demamdes. Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1940 Windows 5.1.2600 Service Pack 3 4/5/2009 9:45:24 PM mbam-log-2009-04-05 (21-45-24).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 169519 Temps écoulé: 1 hour(s), 2 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of random's system information tool 1.06 (written by random/random) Run by Moi at 2009-04-05 22:20:39 Microsoft Windows XP Professional Service Pack 3 System drive C: has 34 GB (49%) free of 69 GB Total RAM: 1022 MB (40% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:21:05, on 4/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AccSys\accsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\WINDOWS\ehome\ehtray.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Moi\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Moi.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=en&client=dell-row&channel=fr&ibd=6070118 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2abf3f9e998d4388ba8a5366cbe8346f O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2abf3f9e998d4388ba8a5366cbe8346f O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: bw+0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\accsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 27967 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2007-12-17 56360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-08 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}] Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2008-12-18 144688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-25 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-25 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-08 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-08 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-25 251504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-08 136600] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-25 282624] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-08-03 1032192] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182] "CTSVolFE.exe"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344] "PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-05-02 184320] "Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2006-08-14 462336] "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-09-07 434176] "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-09-07 73728] "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144] "LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE [2002-03-08 900096] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-09-01 221184] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] "fssui"=C:\Program Files\Windows Live\Family Safety\fssui.exe [2007-12-17 243240] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-26 32768] "LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-01-18 196608] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-01 68856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program" "C:\Program Files\WLAN Quick-Starter\WLAN Quick-Starter.exe"="C:\Program Files\WLAN Quick-Starter\WLAN Quick-Starter.exe:*:Enabled:WLAN Quick-Starter 4.5" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger" "D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf30d9b1-88a3-11dc-a2ad-0019b951c30e}] shell\AutoRun\command - E:\DTE_Privacy_launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c408c642-cc24-11dd-a57a-0019b951c30e}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8766aca-985c-11dd-a4f3-0019b951c30e}] shell\AutoRun\command - E:\DTE_Privacy_launcher.exe ======List of files/folders created in the last 1 months====== 2009-04-05 22:20:39 ----D---- C:\rsit 2009-04-05 18:02:49 ----SHD---- C:\RECYCLER 2009-04-05 11:53:17 ----A---- C:\WINDOWS\PSEXESVC.EXE 2009-04-05 11:49:12 ----A---- C:\WINDOWS\zip.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\VFIND.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\SWSC.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\SWREG.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\sed.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\NIRCMD.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\grep.exe 2009-04-05 11:49:12 ----A---- C:\WINDOWS\fdsv.exe 2009-04-05 11:49:08 ----D---- C:\WINDOWS\ERDNT 2009-04-05 11:49:08 ----D---- C:\ComboFix 2009-04-05 11:49:07 ----A---- C:\WINDOWS\system32\CF8168.exe 2009-04-05 11:39:12 ----A---- C:\WINDOWS\system32\tmp.txt 2009-04-05 11:39:00 ----A---- C:\rapport.txt 2009-04-05 10:55:29 ----D---- C:\Program Files\Enigma Software Group 2009-04-05 10:23:49 ----A---- C:\WINDOWS\system32\MRT.exe 2009-04-04 21:10:35 ----D---- C:\Program Files\Trend Micro 2009-04-04 20:17:07 ----D---- C:\Qoobox 2009-04-04 12:09:30 ----D---- C:\VundoFix Backups 2009-04-04 12:09:30 ----A---- C:\VundoFix.txt 2009-04-04 00:21:16 ----A---- C:\FindyKill.txt 2009-04-04 00:01:45 ----D---- C:\Program Files\CCleaner 2009-04-03 22:53:51 ----D---- C:\Documents and Settings\Moi\Application Data\Malwarebytes 2009-04-03 22:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-04-03 22:21:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-16 09:31:41 ----D---- C:\Documents and Settings\Moi\Application Data\McAfee 2009-03-15 16:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-15 16:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-03-15 16:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-15 16:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-11 12:27:58 ----A---- C:\hpm.exe 2009-03-11 09:11:28 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-11 09:11:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ======List of files/folders modified in the last 1 months====== 2009-04-05 22:20:43 ----D---- C:\WINDOWS\Temp 2009-04-05 22:20:40 ----D---- C:\WINDOWS\Prefetch 2009-04-05 22:01:14 ----D---- C:\WINDOWS 2009-04-05 22:00:34 ----D---- C:\MDT 2009-04-05 22:00:20 ----D---- C:\WINDOWS\Registration 2009-04-05 21:59:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-04-05 21:59:38 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt 2009-04-05 21:58:56 ----D---- C:\WINDOWS\system32 2009-04-05 21:46:18 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-04-05 18:03:45 ----D---- C:\WINDOWS\Debug 2009-04-05 16:56:16 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-05 16:09:21 ----D---- C:\Documents and Settings\Moi\Application Data\skypePM 2009-04-05 11:56:57 ----D---- C:\WINDOWS\system32\drivers 2009-04-05 11:55:29 ----D---- C:\WINDOWS\system32\config 2009-04-05 11:52:22 ----D---- C:\WINDOWS\AppPatch 2009-04-05 11:52:19 ----D---- C:\Program Files\Common Files 2009-04-05 10:55:29 ----RD---- C:\Program Files 2009-04-05 10:31:39 ----HD---- C:\WINDOWS\inf 2009-04-04 00:28:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-04 00:24:25 ----D---- C:\Program Files\McAfee 2009-04-04 00:10:48 ----D---- C:\WINDOWS\Minidump 2009-03-30 18:36:53 ----SHD---- C:\WINDOWS\CSC 2009-03-26 20:33:18 ----D---- C:\Documents and Settings\Moi\Application Data\Skype 2009-03-24 10:38:16 ----D---- C:\WINDOWS\network diagnostic 2009-03-20 19:01:29 ----D---- C:\WINDOWS\system32\Restore 2009-03-20 12:50:59 ----SHD---- C:\System Volume Information 2009-03-20 08:41:30 ----HD---- C:\Config.Msi 2009-03-19 19:21:53 ----SHD---- C:\WINDOWS\Installer 2009-03-19 10:48:04 ----D---- C:\WINDOWS\system32\dllcache 2009-03-16 11:53:10 ----A---- C:\WINDOWS\wininit.ini 2009-03-15 16:17:12 ----D---- C:\WINDOWS\WinSxS 2009-03-11 08:57:23 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-01-29 5632] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-18 21275] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-25 44544] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-25 1156648] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-11-04 43552] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952] S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-09-01 14080] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568] S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys [] S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-09-01 22528] S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-09-01 1081856] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 accsvc;AccSys WiFi Component; C:\Program Files\Common Files\AccSys\accsvc.exe [2006-01-11 147456] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753] R2 fsssvc;Windows Live OneCare Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816] R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-08-27 111912] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-08 152984] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-03-08 300544] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-09-01 81920] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-25 137200] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-04-05 22:21:08 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A} Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645} Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" DeepBurner v1.9.0.228-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" -u Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716} Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413} Dictionnaire Le Littré 1.0-->"C:\Program Files\Dictionnaire Le Littré\unins000.exe" Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel docXConverter 3.1.1-->"C:\Program Files\docXConverter3\unins000.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG FindyKill-->E:\FindyKill\Uninstal.exe GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe" GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7} HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB} HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Jeune Styliste 2-->MsiExec.exe /I{6F08069F-FB2C-42F4-91B1-4003E07B03F8} Lexmark Supplies Monitor-->C:\WINDOWS\system32\LXSMUNIN.EXE Lexmark Z23-Z33-->C:\WINDOWS\system32\spool\drivers\w32x86\3\lxaiUN5C.EXE -dLexmark Z23-Z33 Logitech Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0409 Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}\setup.exe" -l0x9 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7} OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe" OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8} QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4 QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962} Tunebite-->MsiExec.exe /I{089152E5-F9B6-4D84-8825-5F5395A17D41} Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live OneCare Family Safety-->MsiExec.exe /X{3403CB31-D7C1-43F4-9D2F-579758C0CF09} Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE} Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00} Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WLAN Quick-Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E40268F4-7E9F-4E07-B773-7FF64971F42E}\setup.exe" -l0x7 =====HijackThis Backups===== O4 - HKUS\S-1-5-20\..\Run: [rahufetubo] Rundll32.exe "C:\WINDOWS\system32\mozuvagi.dll",s (User 'NETWORK SERVICE') [2009-04-04] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: McAfee VirusScan FW: McAfee Personal Firewall ======System event log====== Computer Name: DJV63Q2J Event Code: 10005 Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Record Number: 51943 Source Name: DCOM Time Written: 20090311114919.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: DJV63Q2J Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip WS2IFSL Record Number: 51942 Source Name: Service Control Manager Time Written: 20090311114859.000000+060 Event Type: error User: Computer Name: DJV63Q2J Event Code: 7001 Message: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. Record Number: 51941 Source Name: Service Control Manager Time Written: 20090311114859.000000+060 Event Type: error User: Computer Name: DJV63Q2J Event Code: 7001 Message: The Windows Live OneCare Family Safety service depends on the fssfltr service which failed to start because of the following error: The dependency service or group failed to start. Record Number: 51940 Source Name: Service Control Manager Time Written: 20090311114859.000000+060 Event Type: error User: Computer Name: DJV63Q2J Event Code: 7001 Message: The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start. Record Number: 51939 Source Name: Service Control Manager Time Written: 20090311114859.000000+060 Event Type: error User: =====Application event log===== Computer Name: DJV63Q2J Event Code: 1002 Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 37540 Source Name: Application Hang Time Written: 20090207181053.000000+060 Event Type: error User: Computer Name: DJV63Q2J Event Code: 1517 Message: Windows saved user DJV63Q2J\Moi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 37531 Source Name: Userenv Time Written: 20090207171100.000000+060 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: DJV63Q2J Event Code: 12001 Message: Record Number: 37514 Source Name: usnjsvc Time Written: 20090207121930.000000+060 Event Type: User: Computer Name: DJV63Q2J Event Code: 12001 Message: Record Number: 37499 Source Name: usnjsvc Time Written: 20090206094247.000000+060 Event Type: User: Computer Name: DJV63Q2J Event Code: 1002 Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 37482 Source Name: Application Hang Time Written: 20090205193448.000000+060 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3 "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip -----------------EOF----------------- Mon bureau a encor change d aspect et j ai peur qu il reste une cochonneri queelque part qui regenere l infction. Merci d avance de me conseiller la bonne methode.
-
Bonjour, Je me bats depuis des jours avec vundo et zlob et je croyais en avoir fini, mais il y a encore des bizarreries. Pourriez vous regarder ce rapport hijackthis et me dire si je me bats contre des fantomes SVP Merci d avance de votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:57:54 PM, on 4/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AccSys\accsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Windows Live\Family Safety\fssui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig/dell?hl=en&cli...amp;ibd=6070118 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=en&client=dell-row&channel=fr&ibd=6070118 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2abf3f9e998d4388ba8a5366cbe8346f O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2abf3f9e998d4388ba8a5366cbe8346f O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: bw+0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F0507800-6BF6-4F98-9007-E13B0FC03402} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Program Files\Common Files\AccSys\accsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 28607 bytes