Aller au contenu

Tsarinka

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Tsarinka

  1. Tsarinka
    Voici l'analyse de sysprot... SysProt AntiRootkit v1.0.1.0 by swatkat ******************************************************************************** ********** ******************************************************************************** ********** No Hidden Processes found ******************************************************************************** ********** ******************************************************************************** ********** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: B588F000 Module End: B58A7000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: BA5E4000 Module End: BA5E6000 Hidden: Yes ******************************************************************************** ********** ******************************************************************************** ********** SSDT: Function Name: ZwCreateKey Address: BA78EC5E Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwCreateThread Address: BA78EC54 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteKey Address: BA78EC63 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwDeleteValueKey Address: BA78EC6D Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwLoadKey Address: BA78EC72 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenProcess Address: BA78EC40 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwOpenThread Address: BA78EC45 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwReplaceKey Address: BA78EC7C Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwRestoreKey Address: BA78EC77 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwSetValueKey Address: BA78EC68 Driver Base: 0 Driver End: 0 Driver Name: _unknown_ Function Name: ZwTerminateProcess Address: BA78EC4F Driver Base: 0 Driver End: 0 Driver Name: _unknown_ ******************************************************************************** ********** ******************************************************************************** ********** Kernel Hooks: Hooked Function: ZwYieldExecution At Address: 80504ABC Jump To: B59A47C7 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwUnmapViewOfSection At Address: 805B1C4C Jump To: B59A47F3 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwUnloadKey At Address: 80620F32 Jump To: B59A4906 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwSetInformationProcess At Address: 805CCBAA Jump To: B59A4775 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwSetContextThread At Address: 805D0456 Jump To: B59A4789 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwRenameKey At Address: 80621FE4 Jump To: B59A4866 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwQueryValueKey At Address: 80620664 Jump To: B59A48AE Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwQueryMultipleValueKey At Address: 8062178C Jump To: B59A48C4 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwQueryKey At Address: 80623CA0 Jump To: B59A4962 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwProtectVirtualMemory At Address: 805B7222 Jump To: B59A47B1 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwOpenKey At Address: 80623960 Jump To: B59A4820 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwNotifyChangeKey At Address: 806242E0 Jump To: B59A491C Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwMapViewOfSection At Address: 805B0E3E Jump To: B59A47DD Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwEnumerateValueKey At Address: 80623074 Jump To: B59A48DA Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwEnumerateKey At Address: 80622E0A Jump To: B59A48F0 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwCreateProcessEx At Address: 805CFE96 Jump To: B59A475F Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwCreateProcess At Address: 805CFF4C Jump To: B59A474B Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwCreateFile At Address: 80577F76 Jump To: B59A479D Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: PsCreateSystemThread At Address: 805CFE96 Jump To: B59A475F Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: PsCreateSystemProcess At Address: 805CFF4C Jump To: B59A474B Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys ******************************************************************************** ********** ******************************************************************************** ********** No IRP Hooks found ******************************************************************************** ********** ******************************************************************************** ********** Ports: Local Address: DB8FC83J:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: DB8FC83J:27015 Remote Address: LOCALHOST:1043 Type: TCP Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe State: ESTABLISHED Local Address: DB8FC83J:27015 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe State: LISTENING Local Address: DB8FC83J:5354 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: LISTENING Local Address: DB8FC83J:4664 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe State: LISTENING Local Address: DB8FC83J:1043 Remote Address: LOCALHOST:27015 Type: TCP Process: C:\Program Files\iTunes\iTunesHelper.exe State: ESTABLISHED Local Address: DB8FC83J:1034 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: DB8FC83J:7002 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe State: LISTENING Local Address: DB8FC83J:7001 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe State: LISTENING Local Address: DB8FC83J:6646 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe State: LISTENING Local Address: DB8FC83J:6002 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe State: LISTENING Local Address: DB8FC83J:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: DB8FC83J:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: DB8FC83J:6646 Remote Address: NA Type: UDP Process: C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe State: NA Local Address: DB8FC83J:6001 Remote Address: NA Type: UDP Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe State: NA Local Address: DB8FC83J:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: DB8FC83J:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DB8FC83J:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: DB8FC83J:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: DB8FC83J:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DB8FC83J:6001 Remote Address: NA Type: UDP Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe State: NA Local Address: DB8FC83J:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DB8FC83J:1042 Remote Address: NA Type: UDP Process: C:\Program Files\Dell Support Center\bin\sprtcmd.exe State: NA Local Address: DB8FC83J:1040 Remote Address: NA Type: UDP Process: C:\Program Files\RiseFly\BestSync 2009\BestSyncApp.exe State: NA Local Address: DB8FC83J:1030 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DB8FC83J:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: DB8FC83J:7001 Remote Address: NA Type: UDP Process: C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe State: NA Local Address: DB8FC83J:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: DB8FC83J:1025 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: DB8FC83J:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: DB8FC83J:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ******************************************************************************** ********** ******************************************************************************** ********** Hidden files/folders: Object: C:\Documents and Settings\Morgane\Local Settings\Application Data\Microsoft\Messenger\missmorganelaura@hotmail.com\SharingMetadata\hakimb_06@hotmail.com\DFSR\Staging\CS{9D3C4947-CE16-7FF6-2AE2-54E7553A384B}\01\11-{9D3C4947-CE16-7FF6-2AE2-54E7553A384B}-v1- Status: Hidden Object: C:\Documents and Settings\Morgane\Local Settings\Application Data\Microsoft\Messenger\missmorganelaura@hotmail.com\SharingMetadata\hakimb_06@hotmail.com\DFSR\Staging\CS{9D3C4947-CE16-7FF6-2AE2-54E7553A384B}\11\76-{6BFE343A-10FA-4043-9F8D-9BE49F2A494D}-v11 Status: Hidden Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{22D99DAC-2107-4F2B-B868-9D4FC8CD04DE} Status: Access denied Object: C:\System Volume Information\_restore{5F4C7F14-6F8F-4BD9-A14E-521C9B5B15CA} Status: Access denied
  2. Tsarinka
    "J'arrive à présent à aller sur l'ordi depuis le 2ème syst d'exploitation " Pardon... je voulais dire : j'arrive à aller sur internet depuis le 2ème syst d'exploitation!
  3. Tsarinka
    Bonjour, voici l'analyse de whocrashed... Analysis -------------------------------------------------------------------------------- Crash dump directory: C:\WINDOWS\Minidump Crash dumps are enabled on your computer. On Mon 02.02.2009 15:33:04 your computer crashed This was likely caused by the following module: nv4_disp.dll Bugcheck code: 0xEA (0x89C2FAA0, 0x8999CD80, 0x89B7B008, 0x1) Error: THREAD_STUCK_IN_DEVICE_DRIVER Dump file: C:\WINDOWS\Minidump\Mini020209-01.dmp file path: C:\WINDOWS\system32\nv4_disp.dll product: NVIDIA Compatible Windows 2000 Display driver, Version 158.28 company: NVIDIA Corporation description: NVIDIA Compatible Windows 2000 Display driver, Version 158.28 On Wed 14.11.2007 17:40:57 your computer crashed This was likely caused by the following module: mfehidk.sys Bugcheck code: 0x1000000A (0x0, 0x1C, 0x1, 0x804F8A8C) Error: Unknown Dump file: C:\WINDOWS\Minidump\Mini111407-01.dmp file path: C:\WINDOWS\system32\drivers\mfehidk.sys product: SYSCORE.14.0.0.351.x86 company: McAfee, Inc. description: Host Intrusion Detection Link Driver -------------------------------------------------------------------------------- Conclusion -------------------------------------------------------------------------------- 2 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further. /////////////////////////////////////// Et voici celle de RootRepeal..... ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/05/10 09:23 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB588F000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA5E4000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB259D000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0xba78ec5e #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xba78ec54 #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0xba78ec63 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0xba78ec6d #: 098 Function Name: NtLoadKey Status: Hooked by "<unknown>" at address 0xba78ec72 #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xba78ec40 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xba78ec45 #: 193 Function Name: NtReplaceKey Status: Hooked by "<unknown>" at address 0xba78ec7c #: 204 Function Name: NtRestoreKey Status: Hooked by "<unknown>" at address 0xba78ec77 #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0xba78ec68 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0xba78ec4f ==EOF== Voici encore quelques précisions car nous sommes 2 personnes à utiliser cet ordinateur et je n'avais pas toutes les infos en ma possession. Les voici : Lorsque nous avons rencontré des problemes/virus avec l'ordi, décision a été prise de tout formater.... Dans cet ordi, il y a 2 disques durs avec 2 systemes d'exploitation, le 1er syst d'exploitation contient le virus et le 2ème disque dur est une ancienne sauvegarde. Le 2ème systeme fonctionne mais j'aimerais récupérer les données du 1er. Si je passe par le 2ème syst d'exploitation pour prendre les données du 1er, je n'y arrive pas."accès refusé, n'est pas accessible". (a cause du virus?) J'ai essayé de changer des paramètres dans le panneau de config du système 1, mais ca plante. L'idéal serait de reprendre les données et de reformater l'ordi. J'arrive à présent à aller sur l'ordi depuis le 2ème syst d'exploitation J'attends de vos nouvelles et merci encore pour votre précieuse aide.
  4. Tsarinka
    Bonjour, Pour GMER, il y a "etc." parce que le fichier est trop volumineux et ca plante si je veux le poster sur Zebulon... si il y a des lignes contenant Hidden? oui par exemple : Adobe Contribute CS4\Configuration\Shared\Google\FreeSearch\Help\wf_hiddenfs.htm Adobe Dreamweaver CS4\configuration\Content\Reference\JavaScript\hidden.html Adobe Dreamweaver CS4\configuration\Content\Reference\JavaScript\InputTypeHidden.html Adobe Dreamweaver CS4\configuration\ExtensionData\MM\Live Objects\Record Edit Form\editOps_hiddenField.xml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\Inspectors\Img\input_hidden.gif D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\Objects\CFForm\CFHiddenField.htm D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\Objects\Forms\Hidden Field.htm D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Js\deleteRecord_hiddenEdit.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Js\editOps_hiddenRecordId.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Js\insertRecord_hiddenEdit.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Js\updateRecord_hiddenEdit.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Vbs\deleteRecord_hiddenEdit.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Vbs\editOps_hiddenRecordId.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Vbs\insertRecord_hiddenEdit.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ASP_Vbs\updateRecord_hiddenEdit.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\ColdFusion\InsertRecord_hidden.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\PHP_MySQL\InsertRecord_hidden.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\ServerBehaviors\PHP_MySQL\UpdateRecord_hidden.edml D:\Program Files\Adobe\Adobe Dreamweaver CS4\configuration\Toolbars\images\MM\T_HiddenChar_Sm_N.png D:\Program Files\Adobe\Adobe Dreamweaver CS4\fr_CA\Configuration\Content\Reference\JavaScript\hidden.html D:\Program Files\Adobe\Adobe Dreamweaver CS4\fr_CA\Configuration\Content\Reference\JavaScript\InputTypeHidden.html D:\Program Files\Adobe\Adobe Encore CS4\Required\HiddenButton.png Merci pour votre réponse, et aussi pour votre patience... je me mets au travail pour who crashed et le reste... A+
  5. Tsarinka
    Alors, j'ai fait le scan GMER... et j'ai fait une copie. Par contre, je pense avoir fait une belle boulette, j'ai fermé le logiciel au lieu de le laisser ouvert. Et à l'instant, l'écran devient bleu et me mets ceci : STOP : d0000144 unknown Hard Error Unknown Hard Error Que se passe t'il et que dois-je faire?????? Pour le scan, rien en rouge, mais beaucoup de lignes de texte. Vous pourriez regarder s'il vous plaît ? GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-05 18:57:15 Windows 5.1.2600 Service Pack 2 Running: gmer.exe; Driver: C:\DOCUME~1\Regine\LOCALS~1\Temp\pxddapob.sys ---- System - GMER 1.0.15 ---- SSDT BA7A238E ZwCreateKey SSDT BA7A2384 ZwCreateThread SSDT BA7A2393 ZwDeleteKey SSDT BA7A239D ZwDeleteValueKey SSDT BA7A23A2 ZwLoadKey SSDT BA7A2370 ZwOpenProcess SSDT BA7A2375 ZwOpenThread SSDT BA7A23AC ZwReplaceKey SSDT BA7A23A7 ZwRestoreKey SSDT BA7A2398 ZwSetValueKey SSDT BA7A237F ZwTerminateProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB59A4799] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB59A4747] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB59A475B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB59A48EC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB59A48D6] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB59A47D9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB59A4918] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB59A481C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB59A47AD] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB59A495E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB59A48C0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB59A48AA] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB59A4862] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB59A4785] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB59A4771] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB59A4902] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB59A47EF] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB59A47C3] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504ABC 7 Bytes JMP B59A47C7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 80577F76 5 Bytes JMP B59A479D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0E3E 7 Bytes JMP B59A47DD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B1C4C 5 Bytes JMP B59A47F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B7222 7 Bytes JMP B59A47B1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805CCBAA 5 Bytes JMP B59A4775 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFE96 7 Bytes JMP B59A475F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805CFF4C 5 Bytes JMP B59A474B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805D0456 5 Bytes JMP B59A4789 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryValueKey 80620664 7 Bytes JMP B59A48AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnloadKey 80620F32 7 Bytes JMP B59A4906 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062178C 7 Bytes JMP B59A48C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 80621FE4 7 Bytes JMP B59A4866 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateKey 80622E0A 7 Bytes JMP B59A48F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80623074 7 Bytes JMP B59A48DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwOpenKey 80623960 5 Bytes JMP B59A4820 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryKey 80623CA0 7 Bytes JMP B59A4962 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806242E0 5 Bytes JMP B59A491C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? blhfv.sys Le fichier spécifié est introuvable. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB93D9380, 0x2F2FD7, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0000 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E0F8A .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E007F .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0FA5 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E0062 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0047 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E00BF .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F79 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E00DA .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E0F41 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008E0F26 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008E0FC0 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008E0011 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008E00A4 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008E0022 .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008E0FDB .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008E0F52 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 008D0022 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 008D007A .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 008D0011 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 008D0FE5 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 008D005F .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 008D0000 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 5 Bytes JMP 008D0044 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 008D0033 .text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 008C0070 .text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!system 77BF93C7 5 Bytes JMP 008C005F .text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 008C0033 .text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_open 77BFF566 5 Bytes JMP 008C0000 .text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 008C0044 .text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 008C0FEF .text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenW 77AAAF6D 5 Bytes JMP 008B0FD4 .text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenA 77AB57BE 5 Bytes JMP 008B0FE5 .text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenUrlA 77AB5A8A 5 Bytes JMP 008B0FB9 .text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenUrlW 77AC5C0F 5 Bytes JMP 008B0FA8 .text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!socket 719F3B91 5 Bytes JMP 008A0FEF .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0007000A .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070079 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070F84 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070FA1 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070FB2 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0007004A .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700AC .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0007009B .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F38 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 000700C7 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 000700EC .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00070FC3 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00070FEF .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 0007008A .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00070039 .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00070FDE .text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070F49 .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00060FCA .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00060F8A .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00060025 .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00060FEF .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00060047 .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00060000 .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 2 Bytes JMP 00060FAF .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA40 2 Bytes [29, 88] .text C:\WINDOWS\system32\services.exe[1204] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00060036 .text C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00050F7A .text C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00050F95 .text C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00050FB7 .text C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00050FEF .text C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00050FA6 .text C:\WINDOWS\system32\services.exe[1204] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00050FD2 .text C:\WINDOWS\system32\services.exe[1204] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00040000 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E70000 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E70F55 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E7004A .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E70F66 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E70F83 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E70FA8 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E70082 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E70065 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E70EFD .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E70F18 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E70EE2 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E70025 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E70FE5 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E70F3A .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E70FB9 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E70FD4 .text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E70F29 .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00E60FB9 .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00E60F72 .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00E60FCA .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00E60000 .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00E60F97 .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00E60FEF .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 2 Bytes JMP 00E60FA8 .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA40 2 Bytes [09, 89] .text C:\WINDOWS\system32\lsass.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00E6002F .text C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00E50F9A .text C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00E50FAB .text C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00E5001B .text C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00E50000 .text C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00E50FC6 .text C:\WINDOWS\system32\lsass.exe[1216] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00E50FD7 .text C:\WINDOWS\system32\lsass.exe[1216] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00E30FE5 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E20000 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E20F94 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E20089 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E20FAF .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E20FCA .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E20062 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E200DC .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E200CB .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E20101 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E20F68 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00E20F4D .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00E20FDB .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00E2001B .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00E200AE .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00E20051 .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00E2002C .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00E20F79 .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00E1001B .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00E1003D .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00E10FCA .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00E1000A .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00E10F80 .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00E10FEF .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 5 Bytes JMP 00E1002C .text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00E10FA5 .text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00E00038 .text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00E00027 .text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00E00016 .text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00E00FE3 .text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00E00FB7 .text C:\WINDOWS\system32\svchost.exe[1444] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00E00FD2 .text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00DF000A .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A90FEF .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A90073 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A90058 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A90F8A .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A90047 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A90FAF .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A90F37 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A90F48 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A90F01 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A90F1C .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A900B5 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A90036 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A90000 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A90F59 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A90FC0 .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A9001B .text C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A9009A .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00A80047 .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00A8007D .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00A8002C .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00A8001B .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00A80FC0 .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00A80000 .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 5 Bytes JMP 00A80058 .text C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00A80FD1 .text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00A70FD4 .text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00A70055 .text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00A70044 .text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00A7000C .text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00A70FE5 .text C:\WINDOWS\system32\svchost.exe[1516] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00A70029 .text C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00A6000A .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 024F0000 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 024F0F30 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 024F0F41 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 024F0F5C .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 024F0F79 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 024F0FB9 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 024F004A .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 024F0F02 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 024F0EC2 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 024F0ED3 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 024F0076 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 024F0F9E .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 024F0FE5 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 024F0F1F .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 024F001B .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 024F0FD4 .text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 024F005B .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 022F0FCA .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 022F0F97 .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 022F001B .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 022F0FE5 .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 022F0FA8 .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 022F0000 .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 2 Bytes JMP 022F0FB9 .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA40 2 Bytes [52, 8A] .text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 022F0040 .text C:\WINDOWS\System32\svchost.exe[1624] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 022E0FAB .text C:\WINDOWS\System32\svchost.exe[1624] msvcrt.dll!system 77BF93C7 5 Bytes JMP 022E0036 .text C:\WINDOWS\System32\svchost.exe[1624] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 022E0FC6 .text C:\WINDOWS\System32\svchost.exe[1624] msvcrt.dll!_open 77BFF566 5 Bytes JMP 022E0000 .text C:\WINDOWS\System32\svchost.exe[1624] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 022E001B .text C:\WINDOWS\System32\svchost.exe[1624] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 022E0FD7 .text C:\WINDOWS\System32\svchost.exe[1624] WS2_32.dll!socket 719F3B91 5 Bytes JMP 022C0FE5 .text C:\WINDOWS\System32\svchost.exe[1624] WININET.dll!InternetOpenW 77AAAF6D 5 Bytes JMP 022D0FCA .text C:\WINDOWS\System32\svchost.exe[1624] WININET.dll!InternetOpenA 77AB57BE 5 Bytes JMP 022D0FEF .text C:\WINDOWS\System32\svchost.exe[1624] WININET.dll!InternetOpenUrlA 77AB5A8A 5 Bytes JMP 022D0FB9 .text C:\WINDOWS\System32\svchost.exe[1624] WININET.dll!InternetOpenUrlW 77AC5C0F 5 Bytes JMP 022D0FA8 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00740000 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007400AB .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00740090 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00740073 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00740FC0 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0074003D .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00740F74 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007400BC .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00740F45 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007400E8 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00740F34 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00740062 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00740011 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00740F91 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00740022 .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00740FDB .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007400CD .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00730FC0 .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00730047 .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00730FDB .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00730011 .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00730F8A .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00730000 .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 2 Bytes JMP 00730FA5 .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA40 2 Bytes [96, 88] .text C:\WINDOWS\system32\svchost.exe[1668] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00730022 .text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 0072005F .text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00720044 .text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00720029 .text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00720FEF .text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00720FD4 .text C:\WINDOWS\system32\svchost.exe[1668] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00720018 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EC0000 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EC0F63 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EC0058 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EC0047 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EC0F8A .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EC0FCA .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EC00AB .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EC008E .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EC00D7 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EC00C6 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00EC0F23 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00EC0FAF .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00EC001B .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00EC007D .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00EC0036 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00EC0FE5 .text C:\Program Files\Messenger\msmsgs.exe[1700] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00EC0F48 .text C:\Program Files\Messenger\msmsgs.exe[1700] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00EA0055 .text C:\Program Files\Messenger\msmsgs.exe[1700] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00EA0FCA .text C:\Program Files\Messenger\msmsgs.exe[1700] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00EA0029 .text C:\Program Files\Messenger\msmsgs.exe[1700] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00EA0000 .text C:\Program Files\Messenger\msmsgs.exe[1700] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00EA003A .text C:\Program Files\Messenger\msmsgs.exe[1700] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00EA0FEF .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00EB0FC0 .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00EB0062 .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00EB0011 .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00EB0FDB .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00EB0FA5 .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00EB0000 .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 5 Bytes JMP 00EB0051 .text C:\Program Files\Messenger\msmsgs.exe[1700] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00EB002C .text C:\Program Files\Messenger\msmsgs.exe[1700] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00D40FEF .text C:\Program Files\Messenger\msmsgs.exe[1700] WININET.dll!InternetOpenW 77AAAF6D 5 Bytes JMP 00E90011 .text C:\Program Files\Messenger\msmsgs.exe[1700] WININET.dll!InternetOpenA 77AB57BE 5 Bytes JMP 00E90000 .text C:\Program Files\Messenger\msmsgs.exe[1700] WININET.dll!InternetOpenUrlA 77AB5A8A 5 Bytes JMP 00E90FDB .text C:\Program Files\Messenger\msmsgs.exe[1700] WININET.dll!InternetOpenUrlW 77AC5C0F 5 Bytes JMP 00E90038 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0000 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A0F5E .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A0F6F .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0F80 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A003D .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A0022 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F0B .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A0F26 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A007F .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0EE6 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008A0090 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008A0F9B .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008A0FDB .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 008A0F43 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 008A0FB6 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 008A0011 .text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008A006E .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00890FC3 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00890065 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00890FD4 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 0089000A .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00890054 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00890FEF .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 5 Bytes JMP 00890039 .text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00890FB2 .text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00880FCF .text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0088005A .text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00880038 .text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00880000 .text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00880049 .text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0088001D .text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00870000 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A70FEF .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A70F1C .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A70F2D .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A70F54 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A70F65 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A70F94 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A70EFA .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A70042 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A70ED5 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A7006E .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00A70093 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00A70011 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00A70FD4 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 00A70F0B .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 00A70000 .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 00A70FAF .text C:\WINDOWS\system32\svchost.exe[1904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00A70053 .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00A60025 .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00A60F9E .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00A60FD4 .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00A60FEF .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 00A6005B .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00A60000 .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 2 Bytes JMP 00A60FB9 .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA40 2 Bytes [C9, 88] .text C:\WINDOWS\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00A60040 .text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00A50064 .text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00A50049 .text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00A5001D .text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00A50FE3 .text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00A50038 .text C:\WINDOWS\system32\svchost.exe[1904] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00A50000 .text C:\WINDOWS\system32\svchost.exe[1904] WS2_32.dll!socket 719F3B91 5 Bytes JMP 00A40FE5 .text c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe[2404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe[2404] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F9E .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0093 .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0FB9 .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0076 .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A004A .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F52 .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F6D .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F1F .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F30 .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001A0F0E .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001A005B .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001A000A .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001A00A4 .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001A0FDE .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001A0025 .text C:\WINDOWS\explorer.exe[4544] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001A0F41 .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00280FE5 .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00280087 .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00280036 .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 0028001B .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 0028006C .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 00280000 .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 5 Bytes JMP 00280051 .text C:\WINDOWS\explorer.exe[4544] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 00280FCA .text C:\WINDOWS\explorer.exe[4544] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00290042 .text C:\WINDOWS\explorer.exe[4544] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00290FB7 .text C:\WINDOWS\explorer.exe[4544] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00290FE3 .text C:\WINDOWS\explorer.exe[4544] msvcrt.dll!_open 77BFF566 5 Bytes JMP 0029000C .text C:\WINDOWS\explorer.exe[4544] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00290FC8 .text C:\WINDOWS\explorer.exe[4544] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0029001D .text C:\WINDOWS\explorer.exe[4544] WININET.dll!InternetOpenW 77AAAF6D 5 Bytes JMP 002B0FDE .text C:\WINDOWS\explorer.exe[4544] WININET.dll!InternetOpenA 77AB57BE 5 Bytes JMP 002B0FEF .text C:\WINDOWS\explorer.exe[4544] WININET.dll!InternetOpenUrlA 77AB5A8A 5 Bytes JMP 002B0FC3 .text C:\WINDOWS\explorer.exe[4544] WININET.dll!InternetOpenUrlW 77AC5C0F 5 Bytes JMP 002B0016 .text C:\WINDOWS\explorer.exe[4544] WS2_32.dll!socket 719F3B91 5 Bytes JMP 01450FEF .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F69 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0054 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0F7A .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0039 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FB2 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F3B .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0083 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0F05 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B009E .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 001B0EF4 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 001B0FA1 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 001B0FE5 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!CreatePipe 7C81E0D7 5 Bytes JMP 001B0F58 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!CreateNamedPipeW 7C82F0EF 5 Bytes JMP 001B0FC3 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!CreateNamedPipeA 7C85FE94 5 Bytes JMP 001B0FD4 .text C:\WINDOWS\system32\wuauclt.exe[5824] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 001B0F2A .text C:\WINDOWS\system32\wuauclt.exe[5824] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00290FC8 .text C:\WINDOWS\system32\wuauclt.exe[5824] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00290049 .text C:\WINDOWS\system32\wuauclt.exe[5824] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0029002E .text C:\WINDOWS\system32\wuauclt.exe[5824] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00290000 .text C:\WINDOWS\system32\wuauclt.exe[5824] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00290FD9 .text C:\WINDOWS\system32\wuauclt.exe[5824] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00290011 .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 002A0036 .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 002A0F94 .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 002A001B .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 002A000A .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegCreateKeyExA 77DAE9D4 5 Bytes JMP 002A0FAF .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegOpenKeyA 77DAEFA8 5 Bytes JMP 002A0FEF .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegCreateKeyW 77DCBA3D 5 Bytes JMP 002A005B .text C:\WINDOWS\system32\wuauclt.exe[5824] ADVAPI32.dll!RegCreateKeyA 77DCBCDB 5 Bytes JMP 002A0FCA ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device ACPI.sys (Pilote ACPI pour NT/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 67240705 Reg HKLM\SYSTEM\ControlSet003\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 67240705 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 1 ---- Files - GMER 1.0.15 ---- File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\DL.htm 1028 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Abbr.gif 91 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Abbr.htm 1409 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Abbr.js 1783 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Acronym.gif 119 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Acronym.htm 1412 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Acronym.js 1786 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Blockquote.gif 109 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Blockquote.htm 1061 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Bold.gif 86 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Bold.htm 1988 bytes File D:\Program Files\Adobe\Adobe Contribute CS4\Configuration\Objects\Text\Comment.gif etc, etc....
  6. Tsarinka
    Ok... comme je n'ai toujours pas accès à internet, j'ai mis GMER sur une clé USB pour le mettre sur le bureau de l'ordi infecté... c'est quand même ok?
  7. Tsarinka
    Bonjour, merci beaucoup pour votre réponse! J'ai donc fait une recherche Avira intivirus et auss anti Malware dont voici les rapports. Pourriez-vous me dire ce que je dois faire à présent? merci encore pour votre aide. Avira AntiVir Personal Date de création du fichier de rapport : mardi, 4. mai 2010 12:04 La recherche porte sur 1265407 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Mode sans échec Identifiant : Administrateur Nom de l'ordinateur : CASA-EF33C257E5 Informations de version : BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 09:25:46 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 08:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 08:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 05:35:52 VBASE001.VDF : 7.10.0.1 2048 Bytes 06/11/2009 05:35:56 VBASE002.VDF : 7.10.0.2 2048 Bytes 06/11/2009 05:35:58 VBASE003.VDF : 7.10.0.3 2048 Bytes 06/11/2009 05:36:02 VBASE004.VDF : 7.10.0.4 2048 Bytes 06/11/2009 05:36:04 VBASE005.VDF : 7.10.0.5 2048 Bytes 06/11/2009 05:36:08 VBASE006.VDF : 7.10.0.6 2048 Bytes 06/11/2009 05:36:12 VBASE007.VDF : 7.10.0.7 2048 Bytes 06/11/2009 05:36:16 VBASE008.VDF : 7.10.0.8 2048 Bytes 06/11/2009 05:36:18 VBASE009.VDF : 7.10.0.9 2048 Bytes 06/11/2009 05:36:22 VBASE010.VDF : 7.10.0.10 2048 Bytes 06/11/2009 05:36:30 VBASE011.VDF : 7.10.0.11 2048 Bytes 06/11/2009 05:36:34 VBASE012.VDF : 7.10.0.12 2048 Bytes 06/11/2009 05:36:38 VBASE013.VDF : 7.10.0.13 2048 Bytes 06/11/2009 05:36:40 VBASE014.VDF : 7.10.0.14 2048 Bytes 06/11/2009 05:36:44 VBASE015.VDF : 7.10.0.15 2048 Bytes 06/11/2009 05:36:46 VBASE016.VDF : 7.10.0.16 2048 Bytes 06/11/2009 05:36:48 VBASE017.VDF : 7.10.0.17 2048 Bytes 06/11/2009 05:36:50 VBASE018.VDF : 7.10.0.18 2048 Bytes 06/11/2009 05:36:54 VBASE019.VDF : 7.10.0.19 2048 Bytes 06/11/2009 05:36:56 VBASE020.VDF : 7.10.0.20 2048 Bytes 06/11/2009 05:36:58 VBASE021.VDF : 7.10.0.21 2048 Bytes 06/11/2009 05:37:00 VBASE022.VDF : 7.10.0.22 2048 Bytes 06/11/2009 05:37:04 VBASE023.VDF : 7.10.0.23 2048 Bytes 06/11/2009 05:37:06 VBASE024.VDF : 7.10.0.24 2048 Bytes 06/11/2009 05:37:10 VBASE025.VDF : 7.10.0.25 2048 Bytes 06/11/2009 05:37:12 VBASE026.VDF : 7.10.0.26 2048 Bytes 06/11/2009 05:37:14 VBASE027.VDF : 7.10.0.27 2048 Bytes 06/11/2009 05:37:16 VBASE028.VDF : 7.10.0.28 2048 Bytes 06/11/2009 05:37:18 VBASE029.VDF : 7.10.0.29 2048 Bytes 06/11/2009 05:37:20 VBASE030.VDF : 7.10.0.30 2048 Bytes 06/11/2009 05:37:22 VBASE031.VDF : 7.10.0.33 2048 Bytes 06/11/2009 05:37:24 Version du moteur : 8.2.1.59 AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 05:38:52 AESCRIPT.DLL : 8.1.2.43 528764 Bytes 08/11/2009 05:38:48 AESCN.DLL : 8.1.2.5 127346 Bytes 08/11/2009 05:38:46 AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 05:38:44 AERDL.DLL : 8.1.3.2 479604 Bytes 08/11/2009 05:38:42 AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 05:38:40 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 05:38:38 AEHEUR.DLL : 8.1.0.178 2093431 Bytes 08/11/2009 05:38:34 AEHELP.DLL : 8.1.7.0 237940 Bytes 08/11/2009 05:38:30 AEGEN.DLL : 8.1.1.71 364916 Bytes 08/11/2009 05:38:28 AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 05:38:26 AECORE.DLL : 8.1.8.2 184694 Bytes 08/11/2009 05:38:24 AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 05:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 13:13:31 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 13:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 13:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 13:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 11:44:26 RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 14:58:32 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: D:\Program Files\Avira\AntiVir Desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : mardi, 4. mai 2010 12:04 La recherche d'objets cachés commence. Impossible d'initialiser le pilote. /////////////////////////////////////////////////////// Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 05.05.2010 13:18:44 mbam-log-2010-05-05 (13-18-44).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Elément(s) analysé(s): 560377 Temps écoulé: 21 heure(s), 27 minute(s), 47 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\Adobe\Illustrator CS Version d'évaluation\Modules\Filtres Photoshop\Accentuation.8bf (Trojan.Spambot) -> Quarantined and deleted successfully. D:\Documents and Settings\Bibi\Mes documents\LOGICIELS\ADOBE CS4 Master -OK\MAZUKi\adobe-master-cs4pre-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
  8. Tsarinka
    Bonjour, Alors voila... je vous écris bien entendu depuis un autre ordi... j'ai un gros problème, je n'ai plus accès à internet et je ne peux plus copier ni coller mes dossier. Donc aucune sauvegarde possible de mon travail, car c'est mon ordi de travail... J'ai fait un rapport via ZHP Diag, mais suis incapable de le lire ! Je vous serais très reconnaissante si vous pouviez me donner un coup de main Voici le fameux rapport : ---\\ Web Browser MSIE: Internet Explorer v6.0.2900.2180 MFIE: Mozilla Firefox (3.6) ---\\ System Information Platform : Microsoft Windows XP (5.1.2600) Service Pack 2 Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046.1 MB (66% free) System drive C: has 115 GB (39%) free of 295 GB ---\\ Logged in mode Computer Name: DB8FC83J User Name: Regine Unselected Option: O1,O45,O61,O65 Logged in as Administrator ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 115 Go of 295 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 194 Go of 295 Go) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK ---\\ Processus lancés [MD5.5F0B1F12FC09C8A678E17B00B9056FAE] - (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll [8429568] [MD5.836DC47E6CAD975304D1D3EB2F516A1C] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [144784] [MD5.9ABF687071C649609BF7E177062A9008] - (.Macrovision Corporation - Macrovision FLEXnet Connect Software Manage.) -- C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [221184] [MD5.FF3BF05021BFECC92DB81B8257EEB026] - (.Macrovision Corporation - Macrovision FLEXnet Connect Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [81920] [MD5.1AAD451CCBECE62987591B35AE8037A8] - (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184] [MD5.BD57A6AFA05DF87BCAE9BB11FB0C4DDE] - (.Roxio - Drag To Disc Application.) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920] [MD5.BF67A8F7CC0E83D226FED8B4E27F8C33] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784] [MD5.267B3A856E9F4DB1CABD4E6DB71E07D2] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384] [MD5.6628FADD926644B57F1BD574C65D7789] - (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144] [MD5.D6B7814AA0D1412F0EA77845C0AF7B51] - (.Pas de propriétaire - Pas de description.) -- C:\Dell\E-Center\EULALauncher.exe [17920] [MD5.45268019C5FBFB0203AA86F062C77AF8] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe [286720] [MD5.29ABA5DBAF0ADBFF426E7229412D6411] - (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe [267048] [MD5.B265AD2A5791B25C65F8F401764C53A9] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [142104] [MD5.DB28088CDADA0BE4A2896024393EFA93] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [162584] [MD5.C591E7DB162689C9A73A3BC9E5050F8E] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [138008] [MD5.3FFCDF2171D026AA3D2A0FA776605B89] - (.InterVideo Digital Technology Corporation - Ulead VideoStudio.) -- C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [341488] [MD5.8B9145D229D4E89D15ACB820D4A3A90F] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792] [MD5.796AD8EBEA1CBC334D07FCBE152E6167] - (.McAfee, Inc. - McAfee Integrated Security Platform.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe [1218008] [MD5.00D1FB0073B4A8BD2989EA8FF4CC792B] - (.SupportSoft, Inc. - Dell Support Center Updates.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064] [MD5.E5A2F64D94E622BC6DFF494D544D2432] - (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5140360] [MD5.3EBAD6FC9E07DDBF6D60EB94116A3434] - (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [362088] [MD5.B75FDBF14073D72C50624CC8338DD534] - (.Gteko Ltd. - Dell Support.) -- C:\Program Files\DellSupport\DSAgnt.exe [460784] [MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856] [MD5.18B4B12358EFCF68D76812058A26181F] - (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883856] [MD5.74E6E96C6F0E2ECA4EDBB7F7A468F259] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1694208] [MD5.65AF3AF12C10887A996ACA6CD7AD64D5] - (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210192] [MD5.AC441A9A6D7D83A3C08B8313BEB6DF98] - (.RiseFly Software - BestSync 2009.) -- C:\Program Files\RiseFly\BestSync 2009\BestSyncApp.exe [2322432] [MD5.D6F5CC2A76C2A9BFA9E8AED419872848] - (.SlySoft, Inc. - AnyDVD Application.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [3267520] [MD5.5584247B568C2E53934873F4B655FE6A] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe [15360] [MD5.9D5C6AB48536E29407A6EE0EDCA76A2F] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [661128] [MD5.B8C03E224E49E0F9726CDDEF872237EB] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe [2480048] [MD5.69DA2BB73AC426CDEEBDACC68438BA3D] - (.Apple, Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592] [MD5.1BD6C2F707A275CB7C16FD99FE0F31CA] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe [14336] [MD5.EE684C735B6D1D07498A1EC2EA1AE483] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [49152] [MD5.8EEBF27EE2EF343BEC9B3474A8F55538] - (.RiseFly Software - BestSync 2009 Service.) -- C:\Program Files\RiseFly\BestSync 2009\BestSyncSvc.exe [561152] [MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [229376] [MD5.9BDBDA21D3BA8E374FD06A405BE10215] - (.Macrovision - Macrovision RTS Service.) -- C:\WINDOWS\system32\drivers\CDAC11BA.exe [54784] [MD5.1778EBA872274C1226D869CD9486847E] - (.InterVideo Inc. - Capture Device Service.) -- C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [198168] [MD5.51A24094F076961A7FF73E5F7E991D68] - (.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\WINDOWS\system32\services.exe [111104] [MD5.312AD40E462BD61763B1166D6D8C1642] - (.Microsoft Corporation - Service de télécopie.) -- C:\WINDOWS\system32\fxssvc.exe [268800] [MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104] [MD5.0FC36E77D779F8D021D338BDC7368181] - (.McAfee, Inc. - McAfee Services.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [865832] [MD5.2988E515570E4F8B9D9B256137F8E8F4] - (.McAfee, Inc. - McAfee Network Agent.) -- c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe [2482848] [MD5.C85968D24449E37653B891B03188140C] - (.McAfee, Inc. - McAfee Proxy Service Module.) -- c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [359952] [MD5.D075DF11C65F1D370FCC5D3B976E6E72] - (.McAfee, Inc. - On-Access Scanner service.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144704] [MD5.DB4D0DFE069E995B3F45CE4623ABFDD9] - (.McAfee, Inc. - McAfee Personal Firewall Service.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe [895696] [MD5.CF3C267356F458BE85C5034BFC382022] - (.McAfee, Inc. - McAfee Anti-Spam Server.) -- C:\Program Files\McAfee\MSK\MskSrver.exe [26640] [MD5.E2FCBF957405AC17668C7DACCE537F1E] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 158.2.) -- C:\WINDOWS\system32\nvsvc32.exe [163908] [MD5.9F3744A5C6F49291A7A685040A013399] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe [13312] [MD5.AB2B1DE1C8F31EFCE2384B14B3DC4260] - (.Sonic Solutions - RoxSniffer9 Module.) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744] [MD5.E0C6D9AB57BCCE3AD8160FDB9DD5402E] - (.SafeNet, Inc. - Pas de description.) -- C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992] [MD5.44AC13BE1B9F19537D928C110FAF010C] - (.SafeNet, Inc - Pas de description.) -- C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400] [MD5.DA81EC57ACD4CDC3D4C51CF3D409AF9F] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe [57856] [MD5.777115C9CC675BD98127660712D2F784] - (.SupportSoft, Inc. - SupportSoft Agent Service.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968] [MD5.1F2F6F2D30D103CCCF30B592CACD4190] - (.Wacom Technology, Corp. - WacomService.) -- C:\WINDOWS\system32\Tablet.exe [1189424] [MD5.4BD2C322118A2470B450492A0C3302F9] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [67056] ---\\ Internet Explorer URLSearchHook (R3) ---\\ Browser Helper Objects de navigateur (O2) [MD5.037BBDEC9EDBDEB01A5D8FDDDB3BE1B3] - (.TechSmith Corporation - Snagit Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [68936] [MD5.C11F6A1F61481E24BE3FDC06EA6F7D2A] - (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [62080] [MD5.7B54980334E33FC209B5C56D80BF5A60] - (.Pas de propriétaire - Pas de description.) -- c:\PROGRA~1\mcafee\msk\mskapbho.dll [246800] [MD5.5B42CB6A121256465B251840FDB1B2FE] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [509328] [MD5.2F2D790D560CE6B8C7BC4DD6CA766A0E] - (.McAfee, Inc. - VSCore Script Scanner.) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll [62784] [MD5.B7899C3E21B299D7A3C0DA96CAE340BD] - (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [408448] [MD5.CE18BAFCF08340AC9A31044B86FA5FED] - (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [279664] [MD5.A414F9F0E60B3AB385E56586D4EEAAF3] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [812528] [MD5.1A4F60EF6DA38621F1091B0CB0FA2C09] - (.Dell Inc. - BAE.dll.) -- C:\Program Files\Dell\BAE\BAE.dll [98304] ---\\ Internet Explorer Toolbars (O3) [MD5.5C20F74DF30F9A5D0118055820B5612E] - (.TechSmith Corporation - Snagit Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [211272] [MD5.CE18BAFCF08340AC9A31044B86FA5FED] - (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [279664] ---\\ Applications démarrées automatiquement par le registre (O4) [MD5.5CD0CD0EC4DC5DF459B3AC016764F5AA] - (.Adobe Systems, Inc. - Adobe Gamma Loader.) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [110592] [MD5.9CB52A6D74A34179FE8913601D093E04] - (.C-Channel AG, 6331 Hünenberg ZG - PeOnlineUpdate.) -- C:\Program Files\C-CHANNEL\OnlineUpdate\PeOnlineUpdate.exe [993096] [MD5.F8C9445978A4076C342D7F47F0ED94A1] - (.TechSmith Corporation - Snagit.) -- C:\Program Files\TechSmith\Snagit 9\Snagit32.exe [7226696] ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) [MD5.9C626E135B52F704B9934774E37DDE4A] - (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [848896] ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) ---\\ Winsock hijacker (Layered Service Provider) (O10) [MD5.8A52DE10680A40ECD04FA2C0FBC34190] - (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Micro.) -- C:\WINDOWS\system32\mswsock.dll [247808] [MD5.04E770B68D5FB8767E94F7EDDDC02E96] - (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll [16896] [MD5.8A52DE10680A40ECD04FA2C0FBC34190] - (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Micro.) -- C:\WINDOWS\system32\mswsock.dll [247808] [MD5.1F5A570AD942DFCFE4500326ABDD72B2] - (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll [94208] ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) [MD5.11D2EAAF3EB3FE282B38E9EC8E4BB206] - (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\System32\igfxdev.dll [204800] ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) [MD5.5C8629FB46EF85CC9479EE472776B8B2] - (.Google - Google Desktop.) -- C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.dll [143360] ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) [MD5.E30049EF26ED773449B2E9D6AED87E26] - (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll [8517120] [MD5.E30049EF26ED773449B2E9D6AED87E26] - (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll [8517120] [MD5.85F7D0705A6781F9B07D6AA6341EBE75] - (.Microsoft Corporation - Contrôleur de site Web.) -- C:\WINDOWS\system32\webcheck.dll [281600] [MD5.ABCED4A936C93BEFF92F4B2C4650074E] - (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll [122368] [MD5.045E228F71C31901084B64BE59093499] - (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll [133632] ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) [MD5.53C37BA327E227098C069184176B7D20] - (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll [1024512] ---\\ Liste des services NT non Microsoft et non désactivés (O23) [MD5.9D5C6AB48536E29407A6EE0EDCA76A2F] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [661128] [MD5.B8C03E224E49E0F9726CDDEF872237EB] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe [2480048] [MD5.69DA2BB73AC426CDEEBDACC68438BA3D] - (.Apple, Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592] [MD5.EE684C735B6D1D07498A1EC2EA1AE483] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [49152] [MD5.8EEBF27EE2EF343BEC9B3474A8F55538] - (.RiseFly Software - BestSync 2009 Service.) -- C:\Program Files\RiseFly\BestSync 2009\BestSyncSvc.exe [561152] [MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [229376] [MD5.9BDBDA21D3BA8E374FD06A405BE10215] - (.Macrovision - Macrovision RTS Service.) -- C:\WINDOWS\system32\drivers\CDAC11BA.exe [54784] [MD5.1778EBA872274C1226D869CD9486847E] - (.InterVideo Inc. - Capture Device Service.) -- C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [198168] [MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104] [MD5.0FC36E77D779F8D021D338BDC7368181] - (.McAfee, Inc. - McAfee Services.) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [865832] [MD5.2988E515570E4F8B9D9B256137F8E8F4] - (.McAfee, Inc. - McAfee Network Agent.) -- c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe [2482848] [MD5.C85968D24449E37653B891B03188140C] - (.McAfee, Inc. - McAfee Proxy Service Module.) -- c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [359952] [MD5.D075DF11C65F1D370FCC5D3B976E6E72] - (.McAfee, Inc. - On-Access Scanner service.) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144704] [MD5.DB4D0DFE069E995B3F45CE4623ABFDD9] - (.McAfee, Inc. - McAfee Personal Firewall Service.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe [895696] [MD5.CF3C267356F458BE85C5034BFC382022] - (.McAfee, Inc. - McAfee Anti-Spam Server.) -- C:\Program Files\McAfee\MSK\MskSrver.exe [26640] [MD5.E2FCBF957405AC17668C7DACCE537F1E] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 158.2.) -- C:\WINDOWS\system32\nvsvc32.exe [163908] [MD5.AB2B1DE1C8F31EFCE2384B14B3DC4260] - (.Sonic Solutions - RoxSniffer9 Module.) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744] [MD5.E0C6D9AB57BCCE3AD8160FDB9DD5402E] - (.SafeNet, Inc. - Pas de description.) -- C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [316992] [MD5.44AC13BE1B9F19537D928C110FAF010C] - (.SafeNet, Inc - Pas de description.) -- C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400] [MD5.777115C9CC675BD98127660712D2F784] - (.SupportSoft, Inc. - SupportSoft Agent Service.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968] [MD5.1F2F6F2D30D103CCCF30B592CACD4190] - (.Wacom Technology, Corp. - WacomService.) -- C:\WINDOWS\system32\Tablet.exe [1189424] [MD5.4BD2C322118A2470B450492A0C3302F9] - (.Ulead Systems, Inc. - ULCDRSvr.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [67056] ---\\ Tâches planifiées en automatique (O39) [MD5.43ECE6976CFDCC73659F75BBED4AA1EB] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [284] [MD5.04B98FA2D542F78DA944E5D36C376370] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [1050] [MD5.1F825AD7F3E9343EABD8E0D1F6CC9F7C] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [1054] [MD5.50F6E8ED01EC0F52C0B8348BD3127391] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Tasks\McDefragTask.job [380] [MD5.DC32ACD15D51C3A885A4F7E38A5A1A21] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\Tasks\McQcTask.job [370] ---\\ Composants installés (ActiveSetup Installed Components) (O40) [MD5.B9470E48ECD2DDB235135539E784D095] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf [92736] [MD5.A28A81753225A498B1B68F020D37282D] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msmsgs.inf [103834] [MD5.7D16F9B3B5F18D2B96313DA181618CEE] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf [57762] [MD5.651378C5FEC80B4CBE4EA23C03C1BE1F] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fxsocm.inf [102280] [MD5.48FDF435B8595604E54125B321924510] - (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r124.) -- C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [2991488] ---\\ Pilotes lancés au démarrage (O41) ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.00000000000000000000000000000000] - 03.05.2010 - 12:58:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1339157] O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 03.05.2010 - 12:51:54 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\QTFont.qfn [54156] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 03.05.2010 - 12:50:32 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 03.05.2010 - 12:49:16 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.00000000000000000000000000000000] - 02.05.2010 - 23:07:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\SchedLgU.Txt [32606] O44 - LFC:[MD5.0A1FF91F63DC1B0066094547AB8465CB] - 02.05.2010 - 23:07:12 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\Config.MPF [28037] O44 - LFC:[MD5.07B518F01107C6246CBF2B63DB813461] - 02.05.2010 - 21:29:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\setupapi.log [250445] O44 - LFC:[MD5.48F48FB39925946597FCA6984F2DC08E] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\FaxSetup.log [1171758] O44 - LFC:[MD5.5B89969F5F691F4A8A6925C8E6DA2F2E] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB981350.log [16224] O44 - LFC:[MD5.454D2E3B29A330793A7E7104E7DE68B5] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MedCtrOC.log [80480] O44 - LFC:[MD5.973708852ED46B009A34BE1B9CC9FB80] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\comsetup.log [398187] O44 - LFC:[MD5.7186B5CDA99B5BB1602FCBCA5252BCB5] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\iis6.log [1314732] O44 - LFC:[MD5.7BFAF3A50CA61A25F1635FA04DC0021E] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.log [1355] O44 - LFC:[MD5.6BEFA1CCD169475734E2713276BA162F] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\msgsocm.log [58295] O44 - LFC:[MD5.D1C65D3FAE779AC2E39374C9F0BD26F2] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\netfxocm.log [203140] O44 - LFC:[MD5.05C05344157B72ED0E1E16355DB670C9] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ntdtcsetup.log [240294] O44 - LFC:[MD5.4F7DEF9BF397499211D3E9370E5246AA] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocgen.log [562698] O44 - LFC:[MD5.6F1CA5E55CA649D7D5EB42F8A9D258F2] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\ocmsn.log [64356] O44 - LFC:[MD5.36D670A47B74CC8475267D81D635FD3F] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\tabletoc.log [58518] O44 - LFC:[MD5.FFCD8CA4AD70309E8B8411D8667F4472] - 02.05.2010 - 02:01:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\tsoc.log [536460] O44 - LFC:[MD5.195530E63EE4BA63E4387D94A34A59D5] - 02.05.2010 - 02:01:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\msmqinst.log [369460] O44 - LFC:[MD5.54BA71C48F6A265752E9819C83821A6E] - 02.05.2010 - 02:01:16 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\updspapi.log [104934] O44 - LFC:[MD5.3DBBFF6642A63BB25379B0EB1B76D86F] - 02.05.2010 - 02:01:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB978338.log [17398] O44 - LFC:[MD5.B6CCAC18904CA24C03C96C8CF85480EC] - 02.05.2010 - 02:01:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\imsins.BAK [1355] O44 - LFC:[MD5.D284E2219771C78864922313CA6B5718] - 02.05.2010 - 02:00:59 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB977816.log [16473] O44 - LFC:[MD5.C7BA73557147ECBDA250967069BBE3AF] - 01.05.2010 - 18:43:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\spupdsvc.log [9590] O44 - LFC:[MD5.110015802ACCE4400973D1E77CFFD02E] - 01.05.2010 - 16:28:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB979683.log [15331] O44 - LFC:[MD5.27722F7F8024A29EF04048CC222C0247] - 01.05.2010 - 16:26:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB980232.log [9664] O44 - LFC:[MD5.F1DC6DB2C9C389BF671776091EDED1CF] - 01.05.2010 - 16:22:49 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB978601.log [15548] O44 - LFC:[MD5.3752C2329479F78FD8466C302F5CCC08] - 01.05.2010 - 16:22:33 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB979309.log [14514] O44 - LFC:[MD5.97D85F65FF277A327FC6D73C953B4669] - 01.05.2010 - 16:20:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB979402.log [4694] O44 - LFC:[MD5.0DF8C6D161B7D97AD1B3E252B9C40C93] - 01.05.2010 - 16:20:48 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\wmsetup.log [49660] O44 - LFC:[MD5.685FC597FE3C09604BBA564B78559F83] - 01.05.2010 - 16:14:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\wpa.dbl [2206] O44 - LFC:[MD5.7B7EA5BA809732EF8ABC0903E306E8B7] - 26.04.2010 - 14:42:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\KB980182.log [44323] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) ---\\ Image File Execution Options (IFEO) (O50) ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.2F7F3E8DA380325866E566F5D5EC23D5] - 20.10.2008 - 21:14:58 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys O58 - SDL:[MD5.EF1AFA9752E468013584585666A3B119] - 13.03.2010 - 14:12:21 ---A- . (.Acronis - File Level CDP Kernel Helper.) -- C:\WINDOWS\system32\drivers\afcdp.sys O58 - SDL:[MD5.1140AB9938809700B46BB88E46D72A96] - 17.08.2001 - 22:51:56 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\WINDOWS\system32\drivers\aliide.sys O58 - SDL:[MD5.675C16A3C1F8482F85EE4A97FC0DDE3D] - 04.08.2004 - 00:07:44 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS O58 - SDL:[MD5.C2C6BF17393AE131C76EE348ED5FF84F] - 24.01.2010 - 23:43:29 ---A- . (.SlySoft, Inc. - AnyDVD Filter Driver.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 17.08.2001 - 22:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\drivers\asc.sys O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 17.08.2001 - 22:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\drivers\asc3550.sys O58 - SDL:[MD5.F76CB7259AA575CC53F3996BC6B68C18] - 14.11.2007 - 14:18:00 ---A- . (.Macrovision Europe Ltd - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS O58 - SDL:[MD5.BF79E659C506674C0497CC9C61F1A165] - 24.07.2006 - 04:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys O58 - SDL:[MD5.2C41CD49D82D5FD85C72D57B6CA25471] - 24.07.2006 - 04:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\drivers\cdralw2k.sys O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05.08.2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys O58 - SDL:[MD5.E3726AD522D0BDAE090671048C991AB3] - 23.08.2001 - 18:04:44 ---A- . (.CMD Technology, Inc. - Pilote de bus PCI IDE CMD.) -- C:\WINDOWS\system32\drivers\cmdide.sys O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05.08.2004 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys O58 - SDL:[MD5.E550E7418984B65A78299D248F0A7F36] - 17.08.2001 - 22:52:16 ---A- . (.Mylex Corporation - Mylex Disk Array Controller Driver.) -- C:\WINDOWS\system32\drivers\dac2w2k.sys O58 - SDL:[MD5.76167B5EB2DFFC729EDC36386876B40B] - 11.08.2006 - 11:35:18 ---A- . (.Roxio - Shared Driver Component.) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS O58 - SDL:[MD5.91886FED52A3F9966207BCE46CFD794F] - 11.08.2006 - 11:35:16 ---A- . (.Roxio - Shared Driver Component.) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS O58 - SDL:[MD5.C00440385CF9F3D142917C63F989E244] - 21.07.2006 - 12:21:26 ---A- . (.Sonic Solutions - Device Driver.) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS O58 - SDL:[MD5.6E6AB29D3C06E64CE81FEACDA85394B5] - 11.08.2006 - 12:05:58 ---A- . (.Roxio - Device Driver Manager.) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS O58 - SDL:[MD5.DFEABB7CFFFADEA4A912AB95BDC3177A] - 25.02.2007 - 13:10:48 -S-A- . (.Gteko Ltd. - GUniDriver.) -- C:\WINDOWS\system32\drivers\dsunidrv.sys O58 - SDL:[MD5.1961F8B618E3C20DF54C146B294EFD2A] - 23.08.2001 - 18:12:50 ---A- . (.Intel Corporation - Pilote NDIS 5.) -- C:\WINDOWS\system32\drivers\e100b325.sys O58 - SDL:[MD5.34AAA3B298A852B3663E6E0D94D12945] - 20.07.2007 - 23:10:10 ---A- . (.Intel Corporation - Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver.) -- C:\WINDOWS\system32\drivers\e1e5132.sys O58 - SDL:[MD5.309AC30471A0F1C3A89DEE1C81230576] - 01.01.2010 - 18:20:34 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys O58 - SDL:[MD5.4AC51459805264AFFD5F6FDFB9D9235F] - 31.07.2007 - 17:09:44 ---A- . (.GEAR Software Inc. - CD/DVD Class Filter Driver.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys O58 - SDL:[MD5.086BD3C02ED41BD26E6BB2E74179AE0E] - 04.05.2006 - 15:53:44 ---A- . (.Walter Oney Software - Generic WDM Support Driver.) -- C:\WINDOWS\system32\drivers\grmngen.sys O58 - SDL:[MD5.CD007D03A9284BFE67D49C01213132BF] - 04.05.2006 - 15:53:44 ---A- . (.GARMIN Corp. - grmnusb.sys.) -- C:\WINDOWS\system32\drivers\grmnusb.sys O58 - SDL:[MD5.997E8F5939F2D12CD9F2E6B395724C16] - 19.07.2007 - 19:26:24 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\WINDOWS\system32\drivers\iastor.sys O58 - SDL:[MD5.28423512370705AEDA6A652FEDB25468] - 16.07.2007 - 20:45:26 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys O58 - SDL:[MD5.BAFDD5E28BAEA99D7F4772AF2F5EC7EE] - 16.09.2009 - 09:22:48 ---A- . (.McAfee, Inc. - Anti-Virus File System Filter Driver.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys O58 - SDL:[MD5.1D003E3056A43D881597D6763E83B943] - 16.09.2009 - 09:22:48 ---A- . (.McAfee, Inc. - Buffer Overflow Protection Driver.) -- C:\WINDOWS\system32\drivers\mfebopk.sys O58 - SDL:[MD5.3F138A1C8A0659F329F242D1E389B2CF] - 16.09.2009 - 09:22:48 ---A- . (.McAfee, Inc. - Host Intrusion Detection Link Driver.) -- C:\WINDOWS\system32\drivers\mfehidk.sys O58 - SDL:[MD5.41FE2F288E05A6C8AB85DD56770FFBAD] - 16.09.2009 - 09:22:14 ---A- . (.McAfee, Inc. - VSCore Code Analysis Driver.) -- C:\WINDOWS\system32\drivers\mferkdk.sys O58 - SDL:[MD5.096B52EA918AA909BA5903D79E129005] - 16.09.2009 - 09:22:48 ---A- . (.McAfee, Inc. - System Monitor Filter Driver.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys O58 - SDL:[MD5.136157E79849B9E5316BA4008D6075A8] - 16.07.2009 - 11:32:26 ---A- . (.McAfee, Inc. - McAfee Personal Firewall Plus Driver.) -- C:\WINDOWS\system32\drivers\Mpfp.sys O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 17.08.2001 - 22:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\drivers\mraid35x.sys O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05.08.2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys O58 - SDL:[MD5.B702BE0AA72EA2E1D644BAEF9123A4CE] - 27.05.2007 - 15:21:18 ---A- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 158.28.) -- C:\WINDOWS\system32\drivers\nv4_mini.sys O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05.08.2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys O58 - SDL:[MD5.0A63FB54039EB5662433CABA3B26DBA7] - 17.08.2001 - 22:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1080.sys O58 - SDL:[MD5.156ED0EF20C15114CA097A34A30D8A01] - 17.08.2001 - 22:52:20 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql12160.sys O58 - SDL:[MD5.907F0AEEA6BC451011611E732BD31FCF] - 17.08.2001 - 22:52:18 ---A- . (.QLogic Corporation - Miniport Driver for QLogic ISP PCI Adapters.) -- C:\WINDOWS\system32\drivers\ql1280.sys O58 - SDL:[MD5.E205C313417DA6FA7AFE85912A310A65] - 16.02.2007 - 01:56:49 ---A- . (.Elaborate Bytes AG - Elby Delay Lower Filter Driver.) -- C:\WINDOWS\system32\drivers\RegKill.sys O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05.08.2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05.08.2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys O58 - SDL:[MD5.BF4709C002D632170DC15A282813D6B3] - 02.08.2005 - 22:00:36 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\WINDOWS\system32\drivers\rt73.sys O58 - SDL:[MD5.17BBBABB21F86B650B2626045A9D016C] - 16.07.2007 - 20:48:54 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13.11.2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys O58 - SDL:[MD5.4B926F60CCCE0C410591C66446675496] - 21.12.2006 - 06:30:02 ---A- . (.SafeNet, Inc. - Sentinel System Driver (NT Parallel driver).) -- C:\WINDOWS\system32\drivers\sentinel.sys O58 - SDL:[MD5.732D859B286DA692119F286B21A2A114] - 04.08.2004 - 00:07:44 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\drivers\SISAGP.SYS O58 - SDL:[MD5.5BCEB1B306878035DACBA6DD18366EDA] - 13.03.2010 - 14:12:09 ---A- . (.Acronis - Acronis Snapshot API.) -- C:\WINDOWS\system32\drivers\snapman.sys O58 - SDL:[MD5.1475A9533649935A048EA5E27F8C3B37] - 21.12.2006 - 06:30:02 ---A- . (.SafeNet, Inc. - Sentinel USB Security Device Driver.) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS O58 - SDL:[MD5.83C0F71F86D3BDAF915685F3D568B20E] - 18.08.2001 - 23:07:44 ---A- . (.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) -- C:\WINDOWS\system32\drivers\sparrow.sys O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 18.08.2001 - 23:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc810.sys O58 - SDL:[MD5.070E001D95CF725186EF8B20335F933C] - 18.08.2001 - 23:07:36 ---A- . (.LSI Logic - Symbios 8XX SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\symc8xx.sys O58 - SDL:[MD5.444AA6193BEDE64143047392EA50EF74] - 10.01.2008 - 03:30:22 ---A- . (.StorageCraft - StorageCraft Volume Snap-Shot.) -- C:\WINDOWS\system32\drivers\symsnap.sys O58 - SDL:[MD5.80AC1C4ABBE2DF3B738BF15517A51F2C] - 18.08.2001 - 23:07:40 ---A- . (.LSI Logic - Symbios Hi-Perf SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_hi.sys O58 - SDL:[MD5.BF4FAB949A382A8E105F46EBB4937058] - 18.08.2001 - 23:07:42 ---A- . (.LSI Logic - Symbios Ultra3 SCSI Miniport Driver.) -- C:\WINDOWS\system32\drivers\sym_u3.sys O58 - SDL:[MD5.8DE3E45000BA8C9EBB16737D3F83E216] - 13.03.2010 - 14:12:16 ---A- . (.Acronis - Acronis Try&Decide Volume Filter Driver.) -- C:\WINDOWS\system32\drivers\tdrpm258.sys O58 - SDL:[MD5.3E06987FEDBCDFBFF8E85EF8108565F9] - 13.03.2010 - 14:12:15 ---A- . (.Acronis - Acronis Backup Archive Explorer.) -- C:\WINDOWS\system32\drivers\timntr.sys O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05.08.2004 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 17.08.2001 - 22:52:22 ---A- . (.Promise Technology, Inc. - Gestionnaire de miniport ULTRA66 de Promise.) -- C:\WINDOWS\system32\drivers\ultra.sys O58 - SDL:[MD5.16662738E1AB857FB91ED2D4065440B0] - 28.03.2007 - 20:29:10 ---A- . (.Symantec Corporation - V2iMount.sys - Image Mounting Device Driver.) -- C:\WINDOWS\system32\drivers\v2imount.sys O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05.08.2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys O58 - SDL:[MD5.E14B7AE35BE1E97830D42EC191D0DEA2] - 31.07.2007 - 17:22:16 ---A- . (.Symantec Corporation - VProEventMonitor.Sys - Event Monitoring driver.) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys O58 - SDL:[MD5.427A8BC96F16C40DF81C2D2F4EDD32DD] - 16.02.2007 - 11:12:36 ---A- . (.Wacom Technology - Wacom Mouse Filter Driver.) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys O58 - SDL:[MD5.73E6F16A1F187D71FB26AF308551E54A] - 16.02.2007 - 10:30:12 ---A- . (.Wacom Technology - Virtual Hid Device.) -- C:\WINDOWS\system32\drivers\wacomvhid.sys O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys O58 - SDL:[MD5.FC80052194D5708254A346568F0E77C0] - 25.09.2003 - 21:15:32 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\GTNDIS5.sys O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05.08.2004 - 13:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys End of the scan (342 lines in 00mn 21s)
×
×
  • Créer...